X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=src%2Fplugins%2Fnat%2Fout2in.c;h=9549a45c07ebaab1aafcabecf04c9d69e4bde860;hb=9654a37fac7fe2b425576eb0237b8d24ae44e1b1;hp=347d41a2d46b307893003d81645ff696022f1e1f;hpb=e69e423743630b52e13db58c3f0229df8a46c07f;p=vpp.git diff --git a/src/plugins/nat/out2in.c b/src/plugins/nat/out2in.c index 347d41a2d46..9549a45c07e 100755 --- a/src/plugins/nat/out2in.c +++ b/src/plugins/nat/out2in.c @@ -30,6 +30,7 @@ #include #include #include +#include #include #include @@ -128,7 +129,7 @@ nat44_o2i_is_idle_session_cb (clib_bihash_kv_8_8_t * kv, void *arg) { s_kv.key = s->in2out.as_u64; if (clib_bihash_add_del_8_8 (&tsm->in2out, &s_kv, 0)) - nat_log_warn ("out2in key del failed"); + nat_elog_warn ("out2in key del failed"); snat_ipfix_logging_nat44_ses_delete (ctx->thread_index, s->in2out.addr.as_u32, @@ -143,6 +144,10 @@ nat44_o2i_is_idle_session_cb (clib_bihash_kv_8_8_t * kv, void *arg) &s->out2in.addr, s->out2in.port, s->in2out.protocol); + nat_ha_sdel (&s->out2in.addr, s->out2in.port, &s->ext_host_addr, + s->ext_host_port, s->out2in.protocol, s->out2in.fib_index, + ctx->thread_index); + if (!snat_is_session_static (s)) snat_free_outside_address_and_port (sm->addresses, ctx->thread_index, &s->out2in); @@ -187,7 +192,7 @@ create_session_for_static_mapping (snat_main_t * sm, if (PREDICT_FALSE (maximum_sessions_exceeded (sm, thread_index))) { b0->error = node->errors[SNAT_OUT2IN_ERROR_MAX_SESSIONS_EXCEEDED]; - nat_log_notice ("maximum sessions exceeded"); + nat_elog_notice ("maximum sessions exceeded"); return 0; } @@ -198,15 +203,15 @@ create_session_for_static_mapping (snat_main_t * sm, nat_user_get_or_create (sm, &in2out.addr, in2out.fib_index, thread_index); if (!u) { - nat_log_warn ("create NAT user failed"); + nat_elog_warn ("create NAT user failed"); return 0; } - s = nat_session_alloc_or_recycle (sm, u, thread_index); + s = nat_session_alloc_or_recycle (sm, u, thread_index, now); if (!s) { nat44_delete_user_with_no_session (sm, u, thread_index); - nat_log_warn ("create NAT session failed"); + nat_elog_warn ("create NAT session failed"); return 0; } @@ -226,14 +231,14 @@ create_session_for_static_mapping (snat_main_t * sm, if (clib_bihash_add_or_overwrite_stale_8_8 (&sm->per_thread_data[thread_index].in2out, &kv0, nat44_i2o_is_idle_session_cb, &ctx0)) - nat_log_notice ("in2out key add failed"); + nat_elog_notice ("in2out key add failed"); kv0.key = s->out2in.as_u64; if (clib_bihash_add_or_overwrite_stale_8_8 (&sm->per_thread_data[thread_index].out2in, &kv0, nat44_o2i_is_idle_session_cb, &ctx0)) - nat_log_notice ("out2in key add failed"); + nat_elog_notice ("out2in key add failed"); /* log NAT event */ snat_ipfix_logging_nat44_ses_create (thread_index, @@ -247,9 +252,16 @@ create_session_for_static_mapping (snat_main_t * sm, &s->in2out.addr, s->in2out.port, &s->out2in.addr, s->out2in.port, s->in2out.protocol); + nat_ha_sadd (&s->in2out.addr, s->in2out.port, &s->out2in.addr, + s->out2in.port, &s->ext_host_addr, s->ext_host_port, + &s->ext_host_nat_addr, s->ext_host_nat_port, + s->in2out.protocol, s->in2out.fib_index, s->flags, + thread_index, 0); + return s; } +#ifndef CLIB_MARCH_VARIANT static_always_inline snat_out2in_error_t icmp_get_key (ip4_header_t * ip0, snat_session_key_t * p_key0) @@ -295,7 +307,6 @@ static_always_inline return -1; /* success */ } -#ifndef CLIB_MARCH_VARIANT /** * Get address and port values to be used for ICMP packet translation * and create session if needed @@ -653,7 +664,7 @@ icmp_out2in_slow_path (snat_main_t * sm, /* Accounting */ nat44_session_update_counters (s0, now, vlib_buffer_length_in_chain - (sm->vlib_main, b0)); + (sm->vlib_main, b0), thread_index); /* Per-user LRU list maintenance */ nat44_session_update_lru (sm, s0, thread_index); } @@ -901,16 +912,27 @@ VLIB_NODE_FN (snat_out2in_node) (vlib_main_t * vm, } else { - old_port0 = udp0->dst_port; - udp0->dst_port = s0->in2out.port; - udp0->checksum = 0; + if (PREDICT_FALSE (udp0->checksum)) + { + old_port0 = udp0->dst_port; + new_port0 = udp0->dst_port = s0->in2out.port; + + sum0 = udp0->checksum; + sum0 = ip_csum_update (sum0, old_addr0, new_addr0, + ip4_header_t, + dst_address /* changed member */ ); + sum0 = ip_csum_update (sum0, old_port0, new_port0, + ip4_header_t /* cheat */ , + length /* changed member */ ); + udp0->checksum = ip_csum_fold (sum0); + } udp_packets++; } /* Accounting */ nat44_session_update_counters (s0, now, - vlib_buffer_length_in_chain (vm, - b0)); + vlib_buffer_length_in_chain (vm, b0), + thread_index); /* Per-user LRU list maintenance */ nat44_session_update_lru (sm, s0, thread_index); trace0: @@ -1067,16 +1089,27 @@ VLIB_NODE_FN (snat_out2in_node) (vlib_main_t * vm, } else { - old_port1 = udp1->dst_port; - udp1->dst_port = s1->in2out.port; - udp1->checksum = 0; + if (PREDICT_FALSE (udp1->checksum)) + { + old_port1 = udp1->dst_port; + new_port1 = udp1->dst_port = s1->in2out.port; + + sum1 = udp1->checksum; + sum1 = ip_csum_update (sum1, old_addr1, new_addr1, + ip4_header_t, + dst_address /* changed member */ ); + sum1 = ip_csum_update (sum1, old_port1, new_port1, + ip4_header_t /* cheat */ , + length /* changed member */ ); + udp1->checksum = ip_csum_fold (sum1); + } udp_packets++; } /* Accounting */ nat44_session_update_counters (s1, now, - vlib_buffer_length_in_chain (vm, - b1)); + vlib_buffer_length_in_chain (vm, b1), + thread_index); /* Per-user LRU list maintenance */ nat44_session_update_lru (sm, s1, thread_index); trace1: @@ -1270,16 +1303,27 @@ VLIB_NODE_FN (snat_out2in_node) (vlib_main_t * vm, } else { - old_port0 = udp0->dst_port; - udp0->dst_port = s0->in2out.port; - udp0->checksum = 0; + if (PREDICT_FALSE (udp0->checksum)) + { + old_port0 = udp0->dst_port; + new_port0 = udp0->dst_port = s0->in2out.port; + + sum0 = udp0->checksum; + sum0 = ip_csum_update (sum0, old_addr0, new_addr0, + ip4_header_t, + dst_address /* changed member */ ); + sum0 = ip_csum_update (sum0, old_port0, new_port0, + ip4_header_t /* cheat */ , + length /* changed member */ ); + udp0->checksum = ip_csum_fold (sum0); + } udp_packets++; } /* Accounting */ nat44_session_update_counters (s0, now, - vlib_buffer_length_in_chain (vm, - b0)); + vlib_buffer_length_in_chain (vm, b0), + thread_index); /* Per-user LRU list maintenance */ nat44_session_update_lru (sm, s0, thread_index); trace00: @@ -1432,7 +1476,7 @@ VLIB_NODE_FN (nat44_out2in_reass_node) (vlib_main_t * vm, { next0 = SNAT_OUT2IN_NEXT_DROP; b0->error = node->errors[SNAT_OUT2IN_ERROR_MAX_REASS]; - nat_log_notice ("maximum reassemblies exceeded"); + nat_elog_notice ("maximum reassemblies exceeded"); goto trace0; } @@ -1537,7 +1581,7 @@ VLIB_NODE_FN (nat44_out2in_reass_node) (vlib_main_t * vm, (thread_index, reass0, bi0, &fragments_to_drop)) { b0->error = node->errors[SNAT_OUT2IN_ERROR_MAX_FRAG]; - nat_log_notice + nat_elog_notice ("maximum fragments per reassembly exceeded"); next0 = SNAT_OUT2IN_NEXT_DROP; goto trace0; @@ -1562,12 +1606,11 @@ VLIB_NODE_FN (nat44_out2in_reass_node) (vlib_main_t * vm, if (PREDICT_FALSE (ip4_is_first_fragment (ip0))) { + old_port0 = udp0->dst_port; + new_port0 = udp0->dst_port = s0->in2out.port; + if (PREDICT_TRUE (proto0 == SNAT_PROTOCOL_TCP)) { - old_port0 = tcp0->dst_port; - tcp0->dst_port = s0->in2out.port; - new_port0 = tcp0->dst_port; - sum0 = tcp0->checksum; sum0 = ip_csum_update (sum0, old_addr0, new_addr0, ip4_header_t, @@ -1578,18 +1621,23 @@ VLIB_NODE_FN (nat44_out2in_reass_node) (vlib_main_t * vm, length /* changed member */ ); tcp0->checksum = ip_csum_fold (sum0); } - else + else if (udp0->checksum) { - old_port0 = udp0->dst_port; - udp0->dst_port = s0->in2out.port; - udp0->checksum = 0; + sum0 = udp0->checksum; + sum0 = ip_csum_update (sum0, old_addr0, new_addr0, + ip4_header_t, + dst_address /* changed member */ ); + sum0 = ip_csum_update (sum0, old_port0, new_port0, + ip4_header_t /* cheat */ , + length /* changed member */ ); + udp0->checksum = ip_csum_fold (sum0); } } /* Accounting */ nat44_session_update_counters (s0, now, - vlib_buffer_length_in_chain (vm, - b0)); + vlib_buffer_length_in_chain (vm, b0), + thread_index); /* Per-user LRU list maintenance */ nat44_session_update_lru (sm, s0, thread_index); @@ -1786,26 +1834,30 @@ VLIB_NODE_FN (snat_out2in_fast_node) (vlib_main_t * vm, if (PREDICT_FALSE (new_port0 != udp0->dst_port)) { + old_port0 = udp0->dst_port; + udp0->dst_port = new_port0; + if (PREDICT_TRUE (proto0 == SNAT_PROTOCOL_TCP)) { - old_port0 = tcp0->dst_port; - tcp0->dst_port = new_port0; - sum0 = tcp0->checksum; sum0 = ip_csum_update (sum0, old_addr0, new_addr0, ip4_header_t, dst_address /* changed member */ ); - sum0 = ip_csum_update (sum0, old_port0, new_port0, ip4_header_t /* cheat */ , length /* changed member */ ); tcp0->checksum = ip_csum_fold (sum0); } - else + else if (udp0->checksum) { - old_port0 = udp0->dst_port; - udp0->dst_port = new_port0; - udp0->checksum = 0; + sum0 = udp0->checksum; + sum0 = ip_csum_update (sum0, old_addr0, new_addr0, + ip4_header_t, + dst_address /* changed member */ ); + sum0 = ip_csum_update (sum0, old_port0, new_port0, + ip4_header_t /* cheat */ , + length /* changed member */ ); + udp0->checksum = ip_csum_fold (sum0); } } else @@ -1816,9 +1868,16 @@ VLIB_NODE_FN (snat_out2in_fast_node) (vlib_main_t * vm, sum0 = ip_csum_update (sum0, old_addr0, new_addr0, ip4_header_t, dst_address /* changed member */ ); - tcp0->checksum = ip_csum_fold (sum0); } + else if (udp0->checksum) + { + sum0 = udp0->checksum; + sum0 = ip_csum_update (sum0, old_addr0, new_addr0, + ip4_header_t, + dst_address /* changed member */ ); + udp0->checksum = ip_csum_fold (sum0); + } } trace00: