X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=src%2Fplugins%2Fnat%2Fout2in_ed.c;h=de3595b4a335bc4dfa70fdcf2ce943c41e28d31c;hb=dd9eae5c29a4379943e60ddf6b7ab96b8e154040;hp=8286e66ffda3e7b2ecc1f00594c8cc06d09c9c2b;hpb=9466e4fed6faaf9c161767e2bc42c9cb0cf2c7ec;p=vpp.git

diff --git a/src/plugins/nat/out2in_ed.c b/src/plugins/nat/out2in_ed.c
index 8286e66ffda..de3595b4a33 100644
--- a/src/plugins/nat/out2in_ed.c
+++ b/src/plugins/nat/out2in_ed.c
@@ -19,14 +19,13 @@
 
 #include <vlib/vlib.h>
 #include <vnet/vnet.h>
-#include <vnet/pg/pg.h>
 #include <vnet/ip/ip.h>
 #include <vnet/ethernet/ethernet.h>
 #include <vnet/fib/ip4_fib.h>
 #include <vnet/udp/udp.h>
 #include <vppinfra/error.h>
 #include <nat/nat.h>
-#include <nat/nat_ipfix_logging.h>
+#include <nat/lib/ipfix_logging.h>
 #include <nat/nat_inlines.h>
 #include <nat/nat44/inlines.h>
 #include <nat/nat_syslog.h>
@@ -138,13 +137,13 @@ nat44_o2i_ed_is_idle_session_cb (clib_bihash_kv_16_8_t * kv, void *arg)
       if (snat_is_unk_proto_session (s))
 	goto delete;
 
-      snat_ipfix_logging_nat44_ses_delete (ctx->thread_index,
-					   s->in2out.addr.as_u32,
-					   s->out2in.addr.as_u32,
-					   s->nat_proto,
-					   s->in2out.port,
-					   s->out2in.port,
-					   s->in2out.fib_index);
+      nat_ipfix_logging_nat44_ses_delete (ctx->thread_index,
+					  s->in2out.addr.as_u32,
+					  s->out2in.addr.as_u32,
+					  s->nat_proto,
+					  s->in2out.port,
+					  s->out2in.port,
+					  s->in2out.fib_index);
 
       nat_syslog_nat44_sdel (s->user_index, s->in2out.fib_index,
 			     &s->in2out.addr, s->in2out.port,
@@ -190,6 +189,52 @@ nat44_o2i_ed_is_idle_session_cb (clib_bihash_kv_16_8_t * kv, void *arg)
 }
 #endif
 
+// allocate exact address based on preference
+static_always_inline int
+nat_alloc_addr_and_port_exact (snat_address_t * a,
+			       u32 thread_index,
+			       nat_protocol_t proto,
+			       ip4_address_t * addr,
+			       u16 * port,
+			       u16 port_per_thread, u32 snat_thread_index)
+{
+  u32 portnum;
+
+  switch (proto)
+    {
+#define _(N, j, n, s) \
+    case NAT_PROTOCOL_##N: \
+      if (a->busy_##n##_ports_per_thread[thread_index] < port_per_thread) \
+        { \
+          while (1) \
+            { \
+              portnum = (port_per_thread * \
+                snat_thread_index) + \
+                snat_random_port(0, port_per_thread - 1) + 1024; \
+              if (a->busy_##n##_port_refcounts[portnum]) \
+                continue; \
+	      --a->busy_##n##_port_refcounts[portnum]; \
+              a->busy_##n##_ports_per_thread[thread_index]++; \
+              a->busy_##n##_ports++; \
+              *addr = a->addr; \
+              *port = clib_host_to_net_u16(portnum); \
+              return 0; \
+            } \
+        } \
+      break;
+      foreach_nat_protocol
+#undef _
+    default:
+      nat_elog_info ("unknown protocol");
+      return 1;
+    }
+
+  /* Totally out of translations to use... */
+  nat_ipfix_logging_addresses_exhausted (thread_index, 0);
+  return 1;
+}
+
+
 static snat_session_t *
 create_session_for_static_mapping_ed (snat_main_t * sm,
 				      vlib_buffer_t * b,
@@ -204,7 +249,8 @@ create_session_for_static_mapping_ed (snat_main_t * sm,
 				      u32 rx_fib_index,
 				      u32 thread_index,
 				      twice_nat_type_t twice_nat,
-				      lb_nat_type_t lb_nat, f64 now)
+				      lb_nat_type_t lb_nat, f64 now,
+				      snat_static_mapping_t * mapping)
 {
   snat_session_t *s;
   ip4_header_t *ip;
@@ -261,13 +307,46 @@ create_session_for_static_mapping_ed (snat_main_t * sm,
   if (twice_nat == TWICE_NAT || (twice_nat == TWICE_NAT_SELF &&
 				 ip->src_address.as_u32 == i2o_addr.as_u32))
     {
-      if (snat_alloc_outside_address_and_port (sm->twice_nat_addresses, 0,
-					       thread_index,
-					       nat_proto,
-					       &s->ext_host_nat_addr,
-					       &s->ext_host_nat_port,
-					       sm->port_per_thread,
-					       tsm->snat_thread_index))
+      int rc = 0;
+      snat_address_t *filter = 0;
+
+      // if exact address is specified use this address
+      if (is_exact_address (mapping))
+	{
+	  snat_address_t *ap;
+	  vec_foreach (ap, sm->twice_nat_addresses)
+	  {
+	    if (mapping->pool_addr.as_u32 == ap->addr.as_u32)
+	      {
+		filter = ap;
+		break;
+	      }
+	  }
+	}
+
+      if (filter)
+	{
+	  rc = nat_alloc_addr_and_port_exact (filter,
+					      thread_index,
+					      nat_proto,
+					      &s->ext_host_nat_addr,
+					      &s->ext_host_nat_port,
+					      sm->port_per_thread,
+					      tsm->snat_thread_index);
+	  s->flags |= SNAT_SESSION_FLAG_EXACT_ADDRESS;
+	}
+      else
+	{
+	  rc =
+	    snat_alloc_outside_address_and_port (sm->twice_nat_addresses, 0,
+						 thread_index, nat_proto,
+						 &s->ext_host_nat_addr,
+						 &s->ext_host_nat_port,
+						 sm->port_per_thread,
+						 tsm->snat_thread_index);
+	}
+
+      if (rc)
 	{
 	  b->error = node->errors[NAT_OUT2IN_ED_ERROR_OUT_OF_PORTS];
 	  nat_ed_session_delete (sm, s, thread_index, 1);
@@ -275,6 +354,7 @@ create_session_for_static_mapping_ed (snat_main_t * sm,
 	    nat_elog_notice ("out2in-ed key del failed");
 	  return 0;
 	}
+
       s->flags |= SNAT_SESSION_FLAG_TWICE_NAT;
       init_ed_kv (&kv, i2o_addr, i2o_port, s->ext_host_nat_addr,
 		  s->ext_host_nat_port, i2o_fib_index, ip->protocol,
@@ -291,12 +371,12 @@ create_session_for_static_mapping_ed (snat_main_t * sm,
 					       &ctx))
     nat_elog_notice ("in2out-ed key add failed");
 
-  snat_ipfix_logging_nat44_ses_create (thread_index,
-				       s->in2out.addr.as_u32,
-				       s->out2in.addr.as_u32,
-				       s->nat_proto,
-				       s->in2out.port,
-				       s->out2in.port, s->in2out.fib_index);
+  nat_ipfix_logging_nat44_ses_create (thread_index,
+				      s->in2out.addr.as_u32,
+				      s->out2in.addr.as_u32,
+				      s->nat_proto,
+				      s->in2out.port,
+				      s->out2in.port, s->in2out.fib_index);
 
   nat_syslog_nat44_sadd (s->user_index, s->in2out.fib_index,
 			 &s->in2out.addr, s->in2out.port,
@@ -310,6 +390,8 @@ create_session_for_static_mapping_ed (snat_main_t * sm,
 	       &s->ext_host_nat_addr, s->ext_host_nat_port,
 	       s->nat_proto, s->in2out.fib_index, s->flags, thread_index, 0);
 
+  per_vrf_sessions_register_session (s, thread_index);
+
   return s;
 }
 
@@ -407,6 +489,8 @@ create_bypass_for_fwd (snat_main_t * sm, vlib_buffer_t * b, ip4_header_t * ip,
       kv.value = s - tsm->sessions;
       if (clib_bihash_add_del_16_8 (&tsm->in2out_ed, &kv, 1))
 	nat_elog_notice ("in2out_ed key add failed");
+
+      per_vrf_sessions_register_session (s, thread_index);
     }
 
   if (ip->protocol == IP_PROTOCOL_TCP)
@@ -455,6 +539,7 @@ icmp_match_out2in_ed (snat_main_t * sm, vlib_node_runtime_t * node,
   u16 sm_port;
   u32 sm_fib_index;
   *dont_translate = 0;
+  snat_static_mapping_t *m;
 
   sw_if_index = vnet_buffer (b)->sw_if_index[VLIB_RX];
   rx_fib_index = ip4_fib_table_get_index_for_sw_if_index (sw_if_index);
@@ -469,12 +554,12 @@ icmp_match_out2in_ed (snat_main_t * sm, vlib_node_runtime_t * node,
 
   if (clib_bihash_search_16_8 (&sm->out2in_ed, &kv, &value))
     {
-      /* Try to match static mapping */
       if (snat_static_mapping_match
 	  (sm, ip->dst_address, l_port, rx_fib_index,
 	   ip_proto_to_nat_proto (ip->protocol), &sm_addr, &sm_port,
-	   &sm_fib_index, 1, &is_addr_only, 0, 0, 0, &identity_nat))
+	   &sm_fib_index, 1, &is_addr_only, 0, 0, 0, &identity_nat, &m))
 	{
+	  // static mapping not matched
 	  if (!sm->forwarding_enabled)
 	    {
 	      /* Don't NAT packet aimed at the intfc address */
@@ -482,11 +567,12 @@ icmp_match_out2in_ed (snat_main_t * sm, vlib_node_runtime_t * node,
 						    ip->dst_address.as_u32)))
 		{
 		  *dont_translate = 1;
-		  goto out;
 		}
-	      b->error = node->errors[NAT_OUT2IN_ED_ERROR_NO_TRANSLATION];
-	      next = NAT_NEXT_DROP;
-	      goto out;
+	      else
+		{
+		  b->error = node->errors[NAT_OUT2IN_ED_ERROR_NO_TRANSLATION];
+		  next = NAT_NEXT_DROP;
+		}
 	    }
 	  else
 	    {
@@ -495,14 +581,17 @@ icmp_match_out2in_ed (snat_main_t * sm, vlib_node_runtime_t * node,
 				thread_index, rx_fib_index))
 		{
 		  next = NAT_NEXT_IN2OUT_ED_FAST_PATH;
-		  goto out;
 		}
-	      if (sm->num_workers > 1)
-		create_bypass_for_fwd_worker (sm, b, ip, rx_fib_index);
 	      else
-		create_bypass_for_fwd (sm, b, ip, rx_fib_index, thread_index);
-	      goto out;
+		{
+		  if (sm->num_workers > 1)
+		    create_bypass_for_fwd_worker (sm, b, ip, rx_fib_index);
+		  else
+		    create_bypass_for_fwd (sm, b, ip, rx_fib_index,
+					   thread_index);
+		}
 	    }
+	  goto out;
 	}
 
       if (PREDICT_FALSE
@@ -529,13 +618,9 @@ icmp_match_out2in_ed (snat_main_t * sm, vlib_node_runtime_t * node,
 					      l_port, rx_fib_index, *proto,
 					      node, rx_fib_index,
 					      thread_index, 0, 0,
-					      vlib_time_now (vm));
-
+					      vlib_time_now (vm), m);
       if (!s)
-	{
-	  next = NAT_NEXT_DROP;
-	  goto out;
-	}
+	next = NAT_NEXT_DROP;
     }
   else
     {
@@ -651,6 +736,8 @@ nat44_ed_out2in_unknown_proto (snat_main_t * sm,
 		  ip->protocol, thread_index, s - tsm->sessions);
       if (clib_bihash_add_del_16_8 (&tsm->in2out_ed, &s_kv, 1))
 	nat_elog_notice ("in2out key add failed");
+
+      per_vrf_sessions_register_session (s, thread_index);
     }
 
   /* Update IP checksum */
@@ -675,15 +762,11 @@ nat44_ed_out2in_fast_path_node_fn_inline (vlib_main_t * vm,
 					  vlib_frame_t * frame,
 					  int is_multi_worker)
 {
-  u32 n_left_from, *from, pkts_processed = 0, stats_node_index;
+  u32 n_left_from, *from;
   snat_main_t *sm = &snat_main;
   f64 now = vlib_time_now (vm);
   u32 thread_index = vm->thread_index;
   snat_main_per_thread_data_t *tsm = &sm->per_thread_data[thread_index];
-  u32 tcp_packets = 0, udp_packets = 0, icmp_packets = 0, other_packets =
-    0, fragments = 0;
-
-  stats_node_index = sm->ed_out2in_node_index;
 
   from = vlib_frame_vector_args (frame);
   n_left_from = frame->n_vectors;
@@ -705,6 +788,20 @@ nat44_ed_out2in_fast_path_node_fn_inline (vlib_main_t * vm,
       ip_csum_t sum0;
 
       b0 = *b;
+      b++;
+
+      /* Prefetch next iteration. */
+      if (PREDICT_TRUE (n_left_from >= 2))
+	{
+	  vlib_buffer_t *p2;
+
+	  p2 = *b;
+
+	  vlib_prefetch_buffer_header (p2, LOAD);
+
+	  CLIB_PREFETCH (p2->data, CLIB_CACHE_LINE_BYTES, LOAD);
+	}
+
       next[0] = vnet_buffer2 (b0)->nat.arc_next;
 
       vnet_buffer (b0)->snat.flags = 0;
@@ -770,8 +867,10 @@ nat44_ed_out2in_fast_path_node_fn_inline (vlib_main_t * vm,
 	    }
 	}
 
+      // lookup for session
       if (clib_bihash_search_16_8 (&sm->out2in_ed, &kv0, &value0))
 	{
+	  // session does not exist go slow path
 	  next[0] = NAT_NEXT_OUT2IN_ED_SLOW_PATH;
 	  goto trace0;
 	}
@@ -781,11 +880,21 @@ nat44_ed_out2in_fast_path_node_fn_inline (vlib_main_t * vm,
 			   ed_value_get_session_index (&value0));
 
     skip_lookup:
+
+      if (PREDICT_FALSE (per_vrf_sessions_is_expired (s0, thread_index)))
+	{
+	  // session is closed, go slow path
+	  nat_free_session_data (sm, s0, thread_index, 0);
+	  nat_ed_session_delete (sm, s0, thread_index, 1);
+	  next[0] = NAT_NEXT_OUT2IN_ED_SLOW_PATH;
+	  goto trace0;
+	}
+
       if (s0->tcp_closed_timestamp)
 	{
 	  if (now >= s0->tcp_closed_timestamp)
 	    {
-	      // session is closed, go slow path
+	      // session is closed, go slow path, freed in slow path
 	      next[0] = NAT_NEXT_OUT2IN_ED_SLOW_PATH;
 	    }
 	  else
@@ -809,7 +918,6 @@ nat44_ed_out2in_fast_path_node_fn_inline (vlib_main_t * vm,
 	  next[0] = NAT_NEXT_OUT2IN_ED_SLOW_PATH;
 	  goto trace0;
 	}
-      //
 
       old_addr0 = ip0->dst_address.as_u32;
       new_addr0 = ip0->dst_address.as_u32 = s0->in2out.addr.as_u32;
@@ -853,10 +961,10 @@ nat44_ed_out2in_fast_path_node_fn_inline (vlib_main_t * vm,
 		}
 	      tcp0->checksum = ip_csum_fold (sum0);
 	    }
-	  tcp_packets++;
+	  vlib_increment_simple_counter (&sm->counters.fastpath.out2in_ed.tcp,
+					 thread_index, sw_if_index0, 1);
 	  if (nat44_set_tcp_session_state_o2i
-	      (sm, now, s0,
-	       vnet_buffer (b0)->ip.reass.icmp_type_or_tcp_flags,
+	      (sm, now, s0, vnet_buffer (b0)->ip.reass.icmp_type_or_tcp_flags,
 	       vnet_buffer (b0)->ip.reass.tcp_ack_number,
 	       vnet_buffer (b0)->ip.reass.tcp_seq_number, thread_index))
 	    goto trace0;
@@ -884,7 +992,8 @@ nat44_ed_out2in_fast_path_node_fn_inline (vlib_main_t * vm,
 	      ip0->src_address.as_u32 = s0->ext_host_nat_addr.as_u32;
 	    }
 	  udp0->checksum = ip_csum_fold (sum0);
-	  udp_packets++;
+	  vlib_increment_simple_counter (&sm->counters.fastpath.out2in_ed.udp,
+					 thread_index, sw_if_index0, 1);
 	}
       else
 	{
@@ -897,7 +1006,8 @@ nat44_ed_out2in_fast_path_node_fn_inline (vlib_main_t * vm,
 		  ip0->src_address.as_u32 = s0->ext_host_nat_addr.as_u32;
 		}
 	    }
-	  udp_packets++;
+	  vlib_increment_simple_counter (&sm->counters.fastpath.out2in_ed.udp,
+					 thread_index, sw_if_index0, 1);
 	}
 
       /* Accounting */
@@ -923,31 +1033,19 @@ nat44_ed_out2in_fast_path_node_fn_inline (vlib_main_t * vm,
 	    t->session_index = ~0;
 	}
 
-      pkts_processed += next[0] == vnet_buffer2 (b0)->nat.arc_next;
+      if (next[0] == NAT_NEXT_DROP)
+	{
+	  vlib_increment_simple_counter (&sm->counters.fastpath.
+					 out2in_ed.drops, thread_index,
+					 sw_if_index0, 1);
+	}
 
       n_left_from--;
       next++;
-      b++;
     }
 
   vlib_buffer_enqueue_to_next (vm, node, from, (u16 *) nexts,
 			       frame->n_vectors);
-
-  vlib_node_increment_counter (vm, stats_node_index,
-			       NAT_OUT2IN_ED_ERROR_OUT2IN_PACKETS,
-			       pkts_processed);
-  vlib_node_increment_counter (vm, stats_node_index,
-			       NAT_OUT2IN_ED_ERROR_TCP_PACKETS, tcp_packets);
-  vlib_node_increment_counter (vm, stats_node_index,
-			       NAT_OUT2IN_ED_ERROR_UDP_PACKETS, udp_packets);
-  vlib_node_increment_counter (vm, stats_node_index,
-			       NAT_OUT2IN_ED_ERROR_ICMP_PACKETS,
-			       icmp_packets);
-  vlib_node_increment_counter (vm, stats_node_index,
-			       NAT_OUT2IN_ED_ERROR_OTHER_PACKETS,
-			       other_packets);
-  vlib_node_increment_counter (vm, stats_node_index,
-			       NAT_OUT2IN_ED_ERROR_FRAGMENTS, fragments);
   return frame->n_vectors;
 }
 
@@ -956,15 +1054,12 @@ nat44_ed_out2in_slow_path_node_fn_inline (vlib_main_t * vm,
 					  vlib_node_runtime_t * node,
 					  vlib_frame_t * frame)
 {
-  u32 n_left_from, *from, pkts_processed = 0, stats_node_index;
+  u32 n_left_from, *from;
   snat_main_t *sm = &snat_main;
   f64 now = vlib_time_now (vm);
   u32 thread_index = vm->thread_index;
   snat_main_per_thread_data_t *tsm = &sm->per_thread_data[thread_index];
-  u32 tcp_packets = 0, udp_packets = 0, icmp_packets = 0, other_packets =
-    0, fragments = 0;
-
-  stats_node_index = sm->ed_out2in_slowpath_node_index;
+  snat_static_mapping_t *m;
 
   from = vlib_frame_vector_args (frame);
   n_left_from = frame->n_vectors;
@@ -1027,7 +1122,9 @@ nat44_ed_out2in_slow_path_node_fn_inline (vlib_main_t * vm,
 	      if (!s0)
 		next[0] = NAT_NEXT_DROP;
 	    }
-	  other_packets++;
+	  vlib_increment_simple_counter (&sm->counters.slowpath.
+					 out2in_ed.other, thread_index,
+					 sw_if_index0, 1);
 	  goto trace0;
 	}
 
@@ -1036,7 +1133,9 @@ nat44_ed_out2in_slow_path_node_fn_inline (vlib_main_t * vm,
 	  next[0] = icmp_out2in_ed_slow_path
 	    (sm, b0, ip0, icmp0, sw_if_index0, rx_fib_index0, node,
 	     next[0], now, thread_index, &s0);
-	  icmp_packets++;
+	  vlib_increment_simple_counter (&sm->counters.slowpath.
+					 out2in_ed.icmp, thread_index,
+					 sw_if_index0, 1);
 	  goto trace0;
 	}
 
@@ -1070,7 +1169,7 @@ nat44_ed_out2in_slow_path_node_fn_inline (vlib_main_t * vm,
 	      (sm, ip0->dst_address,
 	       vnet_buffer (b0)->ip.reass.l4_dst_port, rx_fib_index0,
 	       proto0, &sm_addr, &sm_port, &sm_fib_index, 1, 0,
-	       &twice_nat0, &lb_nat0, &ip0->src_address, &identity_nat0))
+	       &twice_nat0, &lb_nat0, &ip0->src_address, &identity_nat0, &m))
 	    {
 	      /*
 	       * Send DHCP packets to the ipv4 stack, or we won't
@@ -1098,13 +1197,16 @@ nat44_ed_out2in_slow_path_node_fn_inline (vlib_main_t * vm,
 		       thread_index, rx_fib_index0))
 		    {
 		      next[0] = NAT_NEXT_IN2OUT_ED_FAST_PATH;
-		      goto trace0;
 		    }
-		  if (sm->num_workers > 1)
-		    create_bypass_for_fwd_worker (sm, b0, ip0, rx_fib_index0);
 		  else
-		    create_bypass_for_fwd (sm, b0, ip0, rx_fib_index0,
-					   thread_index);
+		    {
+		      if (sm->num_workers > 1)
+			create_bypass_for_fwd_worker (sm, b0, ip0,
+						      rx_fib_index0);
+		      else
+			create_bypass_for_fwd (sm, b0, ip0, rx_fib_index0,
+					       thread_index);
+		    }
 		}
 	      goto trace0;
 	    }
@@ -1131,7 +1233,7 @@ nat44_ed_out2in_slow_path_node_fn_inline (vlib_main_t * vm,
 						     rx_fib_index0, proto0,
 						     node, rx_fib_index0,
 						     thread_index, twice_nat0,
-						     lb_nat0, now);
+						     lb_nat0, now, m);
 	  if (!s0)
 	    {
 	      next[0] = NAT_NEXT_DROP;
@@ -1181,10 +1283,10 @@ nat44_ed_out2in_slow_path_node_fn_inline (vlib_main_t * vm,
 		}
 	      tcp0->checksum = ip_csum_fold (sum0);
 	    }
-	  tcp_packets++;
+	  vlib_increment_simple_counter (&sm->counters.slowpath.out2in_ed.tcp,
+					 thread_index, sw_if_index0, 1);
 	  if (nat44_set_tcp_session_state_o2i
-	      (sm, now, s0,
-	       vnet_buffer (b0)->ip.reass.icmp_type_or_tcp_flags,
+	      (sm, now, s0, vnet_buffer (b0)->ip.reass.icmp_type_or_tcp_flags,
 	       vnet_buffer (b0)->ip.reass.tcp_ack_number,
 	       vnet_buffer (b0)->ip.reass.tcp_seq_number, thread_index))
 	    goto trace0;
@@ -1211,7 +1313,8 @@ nat44_ed_out2in_slow_path_node_fn_inline (vlib_main_t * vm,
 	      ip0->src_address.as_u32 = s0->ext_host_nat_addr.as_u32;
 	    }
 	  udp0->checksum = ip_csum_fold (sum0);
-	  udp_packets++;
+	  vlib_increment_simple_counter (&sm->counters.slowpath.out2in_ed.udp,
+					 thread_index, sw_if_index0, 1);
 	}
       else
 	{
@@ -1224,7 +1327,8 @@ nat44_ed_out2in_slow_path_node_fn_inline (vlib_main_t * vm,
 		  ip0->src_address.as_u32 = s0->ext_host_nat_addr.as_u32;
 		}
 	    }
-	  udp_packets++;
+	  vlib_increment_simple_counter (&sm->counters.slowpath.out2in_ed.udp,
+					 thread_index, sw_if_index0, 1);
 	}
 
       /* Accounting */
@@ -1250,7 +1354,12 @@ nat44_ed_out2in_slow_path_node_fn_inline (vlib_main_t * vm,
 	    t->session_index = ~0;
 	}
 
-      pkts_processed += next[0] == vnet_buffer2 (b0)->nat.arc_next;
+      if (next[0] == NAT_NEXT_DROP)
+	{
+	  vlib_increment_simple_counter (&sm->counters.slowpath.
+					 out2in_ed.drops, thread_index,
+					 sw_if_index0, 1);
+	}
 
       n_left_from--;
       next++;
@@ -1260,21 +1369,6 @@ nat44_ed_out2in_slow_path_node_fn_inline (vlib_main_t * vm,
   vlib_buffer_enqueue_to_next (vm, node, from, (u16 *) nexts,
 			       frame->n_vectors);
 
-  vlib_node_increment_counter (vm, stats_node_index,
-			       NAT_OUT2IN_ED_ERROR_OUT2IN_PACKETS,
-			       pkts_processed);
-  vlib_node_increment_counter (vm, stats_node_index,
-			       NAT_OUT2IN_ED_ERROR_TCP_PACKETS, tcp_packets);
-  vlib_node_increment_counter (vm, stats_node_index,
-			       NAT_OUT2IN_ED_ERROR_UDP_PACKETS, udp_packets);
-  vlib_node_increment_counter (vm, stats_node_index,
-			       NAT_OUT2IN_ED_ERROR_ICMP_PACKETS,
-			       icmp_packets);
-  vlib_node_increment_counter (vm, stats_node_index,
-			       NAT_OUT2IN_ED_ERROR_OTHER_PACKETS,
-			       other_packets);
-  vlib_node_increment_counter (vm, stats_node_index,
-			       NAT_OUT2IN_ED_ERROR_FRAGMENTS, fragments);
   return frame->n_vectors;
 }