X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=src%2Fplugins%2Fnat%2Fout2in.c;h=83c099d1bd263f9935125b428909e81f851f6eb9;hb=0d75f783644a24b219ed79d9f9c17387783f67ca;hp=b743c08c3a7fb7e9962f199bd816157d3bf9138d;hpb=25cfb775e38b1d245e9c2cee75a77086f8f80913;p=vpp.git diff --git a/src/plugins/nat/out2in.c b/src/plugins/nat/out2in.c index b743c08c3a7..83c099d1bd2 100755 --- a/src/plugins/nat/out2in.c +++ b/src/plugins/nat/out2in.c @@ -30,6 +30,7 @@ #include #include #include +#include #include #include @@ -128,7 +129,7 @@ nat44_o2i_is_idle_session_cb (clib_bihash_kv_8_8_t * kv, void *arg) { s_kv.key = s->in2out.as_u64; if (clib_bihash_add_del_8_8 (&tsm->in2out, &s_kv, 0)) - nat_log_warn ("out2in key del failed"); + nat_elog_warn ("out2in key del failed"); snat_ipfix_logging_nat44_ses_delete (ctx->thread_index, s->in2out.addr.as_u32, @@ -143,6 +144,10 @@ nat44_o2i_is_idle_session_cb (clib_bihash_kv_8_8_t * kv, void *arg) &s->out2in.addr, s->out2in.port, s->in2out.protocol); + nat_ha_sdel (&s->out2in.addr, s->out2in.port, &s->ext_host_addr, + s->ext_host_port, s->out2in.protocol, s->out2in.fib_index, + ctx->thread_index); + if (!snat_is_session_static (s)) snat_free_outside_address_and_port (sm->addresses, ctx->thread_index, &s->out2in); @@ -187,7 +192,7 @@ create_session_for_static_mapping (snat_main_t * sm, if (PREDICT_FALSE (maximum_sessions_exceeded (sm, thread_index))) { b0->error = node->errors[SNAT_OUT2IN_ERROR_MAX_SESSIONS_EXCEEDED]; - nat_log_notice ("maximum sessions exceeded"); + nat_elog_notice ("maximum sessions exceeded"); return 0; } @@ -198,15 +203,15 @@ create_session_for_static_mapping (snat_main_t * sm, nat_user_get_or_create (sm, &in2out.addr, in2out.fib_index, thread_index); if (!u) { - nat_log_warn ("create NAT user failed"); + nat_elog_warn ("create NAT user failed"); return 0; } - s = nat_session_alloc_or_recycle (sm, u, thread_index); + s = nat_session_alloc_or_recycle (sm, u, thread_index, now); if (!s) { nat44_delete_user_with_no_session (sm, u, thread_index); - nat_log_warn ("create NAT session failed"); + nat_elog_warn ("create NAT session failed"); return 0; } @@ -226,14 +231,14 @@ create_session_for_static_mapping (snat_main_t * sm, if (clib_bihash_add_or_overwrite_stale_8_8 (&sm->per_thread_data[thread_index].in2out, &kv0, nat44_i2o_is_idle_session_cb, &ctx0)) - nat_log_notice ("in2out key add failed"); + nat_elog_notice ("in2out key add failed"); kv0.key = s->out2in.as_u64; if (clib_bihash_add_or_overwrite_stale_8_8 (&sm->per_thread_data[thread_index].out2in, &kv0, nat44_o2i_is_idle_session_cb, &ctx0)) - nat_log_notice ("out2in key add failed"); + nat_elog_notice ("out2in key add failed"); /* log NAT event */ snat_ipfix_logging_nat44_ses_create (thread_index, @@ -247,6 +252,12 @@ create_session_for_static_mapping (snat_main_t * sm, &s->in2out.addr, s->in2out.port, &s->out2in.addr, s->out2in.port, s->in2out.protocol); + nat_ha_sadd (&s->in2out.addr, s->in2out.port, &s->out2in.addr, + s->out2in.port, &s->ext_host_addr, s->ext_host_port, + &s->ext_host_nat_addr, s->ext_host_nat_port, + s->in2out.protocol, s->in2out.fib_index, s->flags, + thread_index, 0); + return s; } @@ -653,7 +664,7 @@ icmp_out2in_slow_path (snat_main_t * sm, /* Accounting */ nat44_session_update_counters (s0, now, vlib_buffer_length_in_chain - (sm->vlib_main, b0)); + (sm->vlib_main, b0), thread_index); /* Per-user LRU list maintenance */ nat44_session_update_lru (sm, s0, thread_index); } @@ -882,6 +893,9 @@ VLIB_NODE_FN (snat_out2in_node) (vlib_main_t * vm, dst_address /* changed member */ ); ip0->checksum = ip_csum_fold (sum0); + old_port0 = udp0->dst_port; + new_port0 = udp0->dst_port = s0->in2out.port; + if (PREDICT_TRUE (proto0 == SNAT_PROTOCOL_TCP)) { old_port0 = tcp0->dst_port; @@ -901,16 +915,24 @@ VLIB_NODE_FN (snat_out2in_node) (vlib_main_t * vm, } else { - old_port0 = udp0->dst_port; - udp0->dst_port = s0->in2out.port; - udp0->checksum = 0; + if (PREDICT_FALSE (udp0->checksum)) + { + sum0 = udp0->checksum; + sum0 = ip_csum_update (sum0, old_addr0, new_addr0, + ip4_header_t, + dst_address /* changed member */ ); + sum0 = ip_csum_update (sum0, old_port0, new_port0, + ip4_header_t /* cheat */ , + length /* changed member */ ); + udp0->checksum = ip_csum_fold (sum0); + } udp_packets++; } /* Accounting */ nat44_session_update_counters (s0, now, - vlib_buffer_length_in_chain (vm, - b0)); + vlib_buffer_length_in_chain (vm, b0), + thread_index); /* Per-user LRU list maintenance */ nat44_session_update_lru (sm, s0, thread_index); trace0: @@ -1048,12 +1070,11 @@ VLIB_NODE_FN (snat_out2in_node) (vlib_main_t * vm, dst_address /* changed member */ ); ip1->checksum = ip_csum_fold (sum1); + old_port1 = udp1->dst_port; + new_port1 = udp1->dst_port = s1->in2out.port; + if (PREDICT_TRUE (proto1 == SNAT_PROTOCOL_TCP)) { - old_port1 = tcp1->dst_port; - tcp1->dst_port = s1->in2out.port; - new_port1 = tcp1->dst_port; - sum1 = tcp1->checksum; sum1 = ip_csum_update (sum1, old_addr1, new_addr1, ip4_header_t, @@ -1067,16 +1088,24 @@ VLIB_NODE_FN (snat_out2in_node) (vlib_main_t * vm, } else { - old_port1 = udp1->dst_port; - udp1->dst_port = s1->in2out.port; - udp1->checksum = 0; + if (PREDICT_FALSE (udp1->checksum)) + { + sum1 = udp1->checksum; + sum1 = ip_csum_update (sum1, old_addr1, new_addr1, + ip4_header_t, + dst_address /* changed member */ ); + sum1 = ip_csum_update (sum1, old_port1, new_port1, + ip4_header_t /* cheat */ , + length /* changed member */ ); + udp1->checksum = ip_csum_fold (sum1); + } udp_packets++; } /* Accounting */ nat44_session_update_counters (s1, now, - vlib_buffer_length_in_chain (vm, - b1)); + vlib_buffer_length_in_chain (vm, b1), + thread_index); /* Per-user LRU list maintenance */ nat44_session_update_lru (sm, s1, thread_index); trace1: @@ -1251,12 +1280,11 @@ VLIB_NODE_FN (snat_out2in_node) (vlib_main_t * vm, dst_address /* changed member */ ); ip0->checksum = ip_csum_fold (sum0); + old_port0 = udp0->dst_port; + new_port0 = udp0->dst_port = s0->in2out.port; + if (PREDICT_TRUE (proto0 == SNAT_PROTOCOL_TCP)) { - old_port0 = tcp0->dst_port; - tcp0->dst_port = s0->in2out.port; - new_port0 = tcp0->dst_port; - sum0 = tcp0->checksum; sum0 = ip_csum_update (sum0, old_addr0, new_addr0, ip4_header_t, @@ -1270,16 +1298,24 @@ VLIB_NODE_FN (snat_out2in_node) (vlib_main_t * vm, } else { - old_port0 = udp0->dst_port; - udp0->dst_port = s0->in2out.port; - udp0->checksum = 0; + if (PREDICT_FALSE (udp0->checksum)) + { + sum0 = udp0->checksum; + sum0 = ip_csum_update (sum0, old_addr0, new_addr0, + ip4_header_t, + dst_address /* changed member */ ); + sum0 = ip_csum_update (sum0, old_port0, new_port0, + ip4_header_t /* cheat */ , + length /* changed member */ ); + udp0->checksum = ip_csum_fold (sum0); + } udp_packets++; } /* Accounting */ nat44_session_update_counters (s0, now, - vlib_buffer_length_in_chain (vm, - b0)); + vlib_buffer_length_in_chain (vm, b0), + thread_index); /* Per-user LRU list maintenance */ nat44_session_update_lru (sm, s0, thread_index); trace00: @@ -1432,7 +1468,7 @@ VLIB_NODE_FN (nat44_out2in_reass_node) (vlib_main_t * vm, { next0 = SNAT_OUT2IN_NEXT_DROP; b0->error = node->errors[SNAT_OUT2IN_ERROR_MAX_REASS]; - nat_log_notice ("maximum reassemblies exceeded"); + nat_elog_notice ("maximum reassemblies exceeded"); goto trace0; } @@ -1537,7 +1573,7 @@ VLIB_NODE_FN (nat44_out2in_reass_node) (vlib_main_t * vm, (thread_index, reass0, bi0, &fragments_to_drop)) { b0->error = node->errors[SNAT_OUT2IN_ERROR_MAX_FRAG]; - nat_log_notice + nat_elog_notice ("maximum fragments per reassembly exceeded"); next0 = SNAT_OUT2IN_NEXT_DROP; goto trace0; @@ -1562,12 +1598,11 @@ VLIB_NODE_FN (nat44_out2in_reass_node) (vlib_main_t * vm, if (PREDICT_FALSE (ip4_is_first_fragment (ip0))) { + old_port0 = udp0->dst_port; + new_port0 = udp0->dst_port = s0->in2out.port; + if (PREDICT_TRUE (proto0 == SNAT_PROTOCOL_TCP)) { - old_port0 = tcp0->dst_port; - tcp0->dst_port = s0->in2out.port; - new_port0 = tcp0->dst_port; - sum0 = tcp0->checksum; sum0 = ip_csum_update (sum0, old_addr0, new_addr0, ip4_header_t, @@ -1578,18 +1613,23 @@ VLIB_NODE_FN (nat44_out2in_reass_node) (vlib_main_t * vm, length /* changed member */ ); tcp0->checksum = ip_csum_fold (sum0); } - else + else if (udp0->checksum) { - old_port0 = udp0->dst_port; - udp0->dst_port = s0->in2out.port; - udp0->checksum = 0; + sum0 = udp0->checksum; + sum0 = ip_csum_update (sum0, old_addr0, new_addr0, + ip4_header_t, + dst_address /* changed member */ ); + sum0 = ip_csum_update (sum0, old_port0, new_port0, + ip4_header_t /* cheat */ , + length /* changed member */ ); + udp0->checksum = ip_csum_fold (sum0); } } /* Accounting */ nat44_session_update_counters (s0, now, - vlib_buffer_length_in_chain (vm, - b0)); + vlib_buffer_length_in_chain (vm, b0), + thread_index); /* Per-user LRU list maintenance */ nat44_session_update_lru (sm, s0, thread_index); @@ -1786,26 +1826,30 @@ VLIB_NODE_FN (snat_out2in_fast_node) (vlib_main_t * vm, if (PREDICT_FALSE (new_port0 != udp0->dst_port)) { + old_port0 = udp0->dst_port; + udp0->dst_port = new_port0; + if (PREDICT_TRUE (proto0 == SNAT_PROTOCOL_TCP)) { - old_port0 = tcp0->dst_port; - tcp0->dst_port = new_port0; - sum0 = tcp0->checksum; sum0 = ip_csum_update (sum0, old_addr0, new_addr0, ip4_header_t, dst_address /* changed member */ ); - sum0 = ip_csum_update (sum0, old_port0, new_port0, ip4_header_t /* cheat */ , length /* changed member */ ); tcp0->checksum = ip_csum_fold (sum0); } - else + else if (udp0->checksum) { - old_port0 = udp0->dst_port; - udp0->dst_port = new_port0; - udp0->checksum = 0; + sum0 = udp0->checksum; + sum0 = ip_csum_update (sum0, old_addr0, new_addr0, + ip4_header_t, + dst_address /* changed member */ ); + sum0 = ip_csum_update (sum0, old_port0, new_port0, + ip4_header_t /* cheat */ , + length /* changed member */ ); + udp0->checksum = ip_csum_fold (sum0); } } else @@ -1816,9 +1860,16 @@ VLIB_NODE_FN (snat_out2in_fast_node) (vlib_main_t * vm, sum0 = ip_csum_update (sum0, old_addr0, new_addr0, ip4_header_t, dst_address /* changed member */ ); - tcp0->checksum = ip_csum_fold (sum0); } + else if (udp0->checksum) + { + sum0 = udp0->checksum; + sum0 = ip_csum_update (sum0, old_addr0, new_addr0, + ip4_header_t, + dst_address /* changed member */ ); + udp0->checksum = ip_csum_fold (sum0); + } } trace00: