X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=src%2Fplugins%2Fnat%2Fout2in_ed.c;h=c3f05592acce65737f92b9843c2ed9cad4f2ec07;hb=a5e73762d585e9fa405b56ebd9f5c78d12c4d1f9;hp=aa7f7e4011764dd193068ed40dddac14ddab839d;hpb=6c01dceea5c612373453db7f1ccda589a2cd782e;p=vpp.git diff --git a/src/plugins/nat/out2in_ed.c b/src/plugins/nat/out2in_ed.c index aa7f7e40117..c3f05592acc 100644 --- a/src/plugins/nat/out2in_ed.c +++ b/src/plugins/nat/out2in_ed.c @@ -29,18 +29,26 @@ #include #include #include +#include #define foreach_nat_out2in_ed_error \ -_(UNSUPPORTED_PROTOCOL, "Unsupported protocol") \ -_(OUT2IN_PACKETS, "Good out2in packets processed") \ -_(OUT_OF_PORTS, "Out of ports") \ +_(UNSUPPORTED_PROTOCOL, "unsupported protocol") \ +_(OUT2IN_PACKETS, "good out2in packets processed") \ +_(OUT_OF_PORTS, "out of ports") \ _(BAD_ICMP_TYPE, "unsupported ICMP type") \ -_(NO_TRANSLATION, "No translation") \ -_(MAX_SESSIONS_EXCEEDED, "Maximum sessions exceeded") \ -_(DROP_FRAGMENT, "Drop fragment") \ -_(MAX_REASS, "Maximum reassemblies exceeded") \ -_(MAX_FRAG, "Maximum fragments per reassembly exceeded")\ -_(NON_SYN, "non-SYN packet try to create session") +_(NO_TRANSLATION, "no translation") \ +_(MAX_SESSIONS_EXCEEDED, "maximum sessions exceeded") \ +_(DROP_FRAGMENT, "drop fragment") \ +_(MAX_REASS, "maximum reassemblies exceeded") \ +_(MAX_FRAG, "maximum fragments per reassembly exceeded")\ +_(NON_SYN, "non-SYN packet try to create session") \ +_(TCP_PACKETS, "TCP packets") \ +_(UDP_PACKETS, "UDP packets") \ +_(ICMP_PACKETS, "ICMP packets") \ +_(OTHER_PACKETS, "other protocol packets") \ +_(FRAGMENTS, "fragments") \ +_(CACHED_FRAGMENTS, "cached fragments") \ +_(PROCESSED_FRAGMENTS, "processed fragments") typedef enum { @@ -173,6 +181,13 @@ nat44_o2i_ed_is_idle_session_cb (clib_bihash_kv_16_8_t * kv, void *arg) s->out2in.port, s->in2out.fib_index); + nat_syslog_nat44_sdel (s->user_index, s->in2out.fib_index, + &s->in2out.addr, s->in2out.port, + &s->ext_host_nat_addr, s->ext_host_nat_port, + &s->out2in.addr, s->out2in.port, + &s->ext_host_addr, s->ext_host_port, + s->in2out.protocol, is_twice_nat_session (s)); + if (is_twice_nat_session (s)) { for (i = 0; i < vec_len (sm->twice_nat_addresses); i++) @@ -303,6 +318,19 @@ create_session_for_static_mapping_ed (snat_main_t * sm, &ctx)) nat_log_notice ("in2out-ed key add failed"); + snat_ipfix_logging_nat44_ses_create (s->in2out.addr.as_u32, + s->out2in.addr.as_u32, + s->in2out.protocol, + s->in2out.port, + s->out2in.port, s->in2out.fib_index); + + nat_syslog_nat44_sdel (s->user_index, s->in2out.fib_index, + &s->in2out.addr, s->in2out.port, + &s->ext_host_nat_addr, s->ext_host_nat_port, + &s->out2in.addr, s->out2in.port, + &s->ext_host_addr, s->ext_host_port, + s->in2out.protocol, is_twice_nat_session (s)); + return s; } @@ -691,6 +719,8 @@ nat44_ed_out2in_node_fn_inline (vlib_main_t * vm, f64 now = vlib_time_now (vm); u32 thread_index = vm->thread_index; snat_main_per_thread_data_t *tsm = &sm->per_thread_data[thread_index]; + u32 tcp_packets = 0, udp_packets = 0, icmp_packets = 0, other_packets = + 0, fragments = 0; stats_node_index = is_slow_path ? nat44_ed_out2in_slowpath_node.index : nat44_ed_out2in_node.index; @@ -783,6 +813,7 @@ nat44_ed_out2in_node_fn_inline (vlib_main_t * vm, nat44_ed_out2in_unknown_proto (sm, b0, ip0, rx_fib_index0, thread_index, now, vm, node); + other_packets++; if (!sm->forwarding_enabled) { if (!s0) @@ -796,6 +827,7 @@ nat44_ed_out2in_node_fn_inline (vlib_main_t * vm, next0 = icmp_out2in_ed_slow_path (sm, b0, ip0, icmp0, sw_if_index0, rx_fib_index0, node, next0, now, thread_index, &s0); + icmp_packets++; goto trace00; } } @@ -810,6 +842,7 @@ nat44_ed_out2in_node_fn_inline (vlib_main_t * vm, if (ip4_is_fragment (ip0)) { next0 = NAT44_ED_OUT2IN_NEXT_REASS; + fragments++; goto trace00; } @@ -942,6 +975,7 @@ nat44_ed_out2in_node_fn_inline (vlib_main_t * vm, ip0->src_address.as_u32 = s0->ext_host_nat_addr.as_u32; } tcp0->checksum = ip_csum_fold (sum0); + tcp_packets++; if (nat44_set_tcp_session_state_o2i (sm, s0, tcp0, thread_index)) goto trace00; @@ -955,6 +989,7 @@ nat44_ed_out2in_node_fn_inline (vlib_main_t * vm, ip0->src_address.as_u32 = s0->ext_host_nat_addr.as_u32; } udp0->checksum = 0; + udp_packets++; } /* Accounting */ @@ -978,7 +1013,7 @@ nat44_ed_out2in_node_fn_inline (vlib_main_t * vm, t->session_index = s0 - tsm->sessions; } - pkts_processed += next0 != NAT44_ED_OUT2IN_NEXT_DROP; + pkts_processed += next0 == NAT44_ED_OUT2IN_NEXT_LOOKUP; next1 = NAT44_ED_OUT2IN_NEXT_LOOKUP; vnet_buffer (b1)->snat.flags = 0; @@ -1012,6 +1047,7 @@ nat44_ed_out2in_node_fn_inline (vlib_main_t * vm, nat44_ed_out2in_unknown_proto (sm, b1, ip1, rx_fib_index1, thread_index, now, vm, node); + other_packets++; if (!sm->forwarding_enabled) { if (!s1) @@ -1025,6 +1061,7 @@ nat44_ed_out2in_node_fn_inline (vlib_main_t * vm, next1 = icmp_out2in_ed_slow_path (sm, b1, ip1, icmp1, sw_if_index1, rx_fib_index1, node, next1, now, thread_index, &s1); + icmp_packets++; goto trace01; } } @@ -1039,6 +1076,7 @@ nat44_ed_out2in_node_fn_inline (vlib_main_t * vm, if (ip4_is_fragment (ip1)) { next1 = NAT44_ED_OUT2IN_NEXT_REASS; + fragments++; goto trace01; } @@ -1171,6 +1209,7 @@ nat44_ed_out2in_node_fn_inline (vlib_main_t * vm, ip1->src_address.as_u32 = s1->ext_host_nat_addr.as_u32; } tcp1->checksum = ip_csum_fold (sum1); + tcp_packets++; if (nat44_set_tcp_session_state_o2i (sm, s1, tcp1, thread_index)) goto trace01; @@ -1184,6 +1223,7 @@ nat44_ed_out2in_node_fn_inline (vlib_main_t * vm, ip1->src_address.as_u32 = s1->ext_host_nat_addr.as_u32; } udp1->checksum = 0; + udp_packets++; } /* Accounting */ @@ -1207,7 +1247,7 @@ nat44_ed_out2in_node_fn_inline (vlib_main_t * vm, t->session_index = s1 - tsm->sessions; } - pkts_processed += next1 != NAT44_ED_OUT2IN_NEXT_DROP; + pkts_processed += next1 == NAT44_ED_OUT2IN_NEXT_LOOKUP; /* verify speculative enqueues, maybe switch current next frame */ vlib_validate_buffer_enqueue_x2 (vm, node, next_index, @@ -1275,6 +1315,7 @@ nat44_ed_out2in_node_fn_inline (vlib_main_t * vm, nat44_ed_out2in_unknown_proto (sm, b0, ip0, rx_fib_index0, thread_index, now, vm, node); + other_packets++; if (!sm->forwarding_enabled) { if (!s0) @@ -1288,6 +1329,7 @@ nat44_ed_out2in_node_fn_inline (vlib_main_t * vm, next0 = icmp_out2in_ed_slow_path (sm, b0, ip0, icmp0, sw_if_index0, rx_fib_index0, node, next0, now, thread_index, &s0); + icmp_packets++; goto trace0; } } @@ -1302,6 +1344,7 @@ nat44_ed_out2in_node_fn_inline (vlib_main_t * vm, if (ip4_is_fragment (ip0)) { next0 = NAT44_ED_OUT2IN_NEXT_REASS; + fragments++; goto trace0; } @@ -1434,6 +1477,7 @@ nat44_ed_out2in_node_fn_inline (vlib_main_t * vm, ip0->src_address.as_u32 = s0->ext_host_nat_addr.as_u32; } tcp0->checksum = ip_csum_fold (sum0); + tcp_packets++; if (nat44_set_tcp_session_state_o2i (sm, s0, tcp0, thread_index)) goto trace0; @@ -1447,6 +1491,7 @@ nat44_ed_out2in_node_fn_inline (vlib_main_t * vm, ip0->src_address.as_u32 = s0->ext_host_nat_addr.as_u32; } udp0->checksum = 0; + udp_packets++; } /* Accounting */ @@ -1470,7 +1515,7 @@ nat44_ed_out2in_node_fn_inline (vlib_main_t * vm, t->session_index = s0 - tsm->sessions; } - pkts_processed += next0 != NAT44_ED_OUT2IN_NEXT_DROP; + pkts_processed += next0 == NAT44_ED_OUT2IN_NEXT_LOOKUP; /* verify speculative enqueue, maybe switch current next frame */ vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next, n_left_to_next, @@ -1483,6 +1528,18 @@ nat44_ed_out2in_node_fn_inline (vlib_main_t * vm, vlib_node_increment_counter (vm, stats_node_index, NAT_OUT2IN_ED_ERROR_OUT2IN_PACKETS, pkts_processed); + vlib_node_increment_counter (vm, stats_node_index, + NAT_OUT2IN_ED_ERROR_TCP_PACKETS, tcp_packets); + vlib_node_increment_counter (vm, stats_node_index, + NAT_OUT2IN_ED_ERROR_UDP_PACKETS, udp_packets); + vlib_node_increment_counter (vm, stats_node_index, + NAT_OUT2IN_ED_ERROR_ICMP_PACKETS, + icmp_packets); + vlib_node_increment_counter (vm, stats_node_index, + NAT_OUT2IN_ED_ERROR_OTHER_PACKETS, + other_packets); + vlib_node_increment_counter (vm, stats_node_index, + NAT_OUT2IN_ED_ERROR_FRAGMENTS, fragments); return frame->n_vectors; }