X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=src%2Fplugins%2Fnat%2Fout2in.c;h=c7eece8897c3158317ba020ca5282fcf018b6e14;hb=70a26ac05f2ab9d4cc0669599b09f654de580f36;hp=637a07341e0b06edc756b64f734a220245225911;hpb=36ed73acb16c54d556ffd2bba10f0be05cc66ffb;p=vpp.git

diff --git a/src/plugins/nat/out2in.c b/src/plugins/nat/out2in.c
index 637a07341e0..c7eece8897c 100755
--- a/src/plugins/nat/out2in.c
+++ b/src/plugins/nat/out2in.c
@@ -342,6 +342,7 @@ create_bypass_for_fwd(snat_main_t * sm, ip4_header_t * ip, u32 rx_fib_index,
   snat_user_t *u;
   snat_session_t *s = 0;
   snat_main_per_thread_data_t *tsm = &sm->per_thread_data[thread_index];
+  f64 now = vlib_time_now (sm->vlib_main);
 
   if (ip->protocol == IP_PROTOCOL_ICMP)
     {
@@ -407,10 +408,19 @@ create_bypass_for_fwd(snat_main_t * sm, ip4_header_t * ip, u32 rx_fib_index,
         clib_warning ("in2out_ed key add failed");
     }
 
+  if (ip->protocol == IP_PROTOCOL_TCP)
+    {
+      tcp_header_t *tcp = ip4_next_header(ip);
+      if (nat44_set_tcp_session_state_o2i (sm, s, tcp, thread_index))
+        return;
+    }
   /* Per-user LRU list maintenance */
   clib_dlist_remove (tsm->list_pool, s->per_user_index);
   clib_dlist_addtail (tsm->list_pool, s->per_user_list_head_index,
                       s->per_user_index);
+  /* Accounting */
+  s->last_heard = now;
+  s->total_pkts++;
 }
 
 /**
@@ -871,6 +881,7 @@ snat_out2in_unknown_proto (snat_main_t *sm,
       s->ext_host_addr.as_u32 = ip->src_address.as_u32;
       s->flags |= SNAT_SESSION_FLAG_UNKNOWN_PROTO;
       s->flags |= SNAT_SESSION_FLAG_STATIC_MAPPING;
+      s->flags |= SNAT_SESSION_FLAG_ENDPOINT_DEPENDENT;
       s->outside_address_index = ~0;
       s->out2in.addr.as_u32 = old_addr;
       s->out2in.fib_index = rx_fib_index;
@@ -935,7 +946,8 @@ snat_out2in_lb (snat_main_t *sm,
   snat_user_t *u;
   u32 address_index;
   snat_session_key_t eh_key;
-  u8 twice_nat, lb;
+  twice_nat_type_t twice_nat;
+  u8 lb;
 
   old_addr = ip->dst_address.as_u32;
 
@@ -987,6 +999,7 @@ snat_out2in_lb (snat_main_t *sm,
       s->flags |= SNAT_SESSION_FLAG_STATIC_MAPPING;
       if (lb)
         s->flags |= SNAT_SESSION_FLAG_LOAD_BALANCING;
+      s->flags |= SNAT_SESSION_FLAG_ENDPOINT_DEPENDENT;
       s->outside_address_index = ~0;
       s->out2in = e_key;
       s->in2out = l_key;
@@ -997,7 +1010,9 @@ snat_out2in_lb (snat_main_t *sm,
       if (clib_bihash_add_del_16_8 (&sm->out2in_ed, &s_kv, 1))
         clib_warning ("out2in-ed key add failed");
 
-      if (twice_nat)
+      if (twice_nat == TWICE_NAT ||
+          (twice_nat == TWICE_NAT_SELF &&
+           ip->src_address.as_u32 == l_key.addr.as_u32))
         {
           eh_key.protocol = proto;
           if (snat_alloc_outside_address_and_port (sm->twice_nat_addresses, 0,
@@ -1033,6 +1048,8 @@ snat_out2in_lb (snat_main_t *sm,
                           src_address);
   ip->checksum = ip_csum_fold (sum);
 
+  vnet_buffer(b)->sw_if_index[VLIB_TX] = s->in2out.fib_index;
+
   if (PREDICT_TRUE(proto == SNAT_PROTOCOL_TCP))
     {
       old_port = tcp->dst_port;
@@ -1053,6 +1070,8 @@ snat_out2in_lb (snat_main_t *sm,
           ip->src_address.as_u32 = s->ext_host_nat_addr.as_u32;
         }
       tcp->checksum = ip_csum_fold(sum);
+      if (nat44_set_tcp_session_state_o2i (sm, s, tcp, thread_index))
+        return s;
     }
   else
     {
@@ -1065,8 +1084,6 @@ snat_out2in_lb (snat_main_t *sm,
       udp->checksum = 0;
     }
 
-  vnet_buffer(b)->sw_if_index[VLIB_TX] = s->in2out.fib_index;
-
   /* Accounting */
   s->last_heard = now;
   s->total_pkts++;