summary |
shortlog |
log |
commit | commitdiff |
review |
tree
raw |
patch |
inline | side by side (from parent 1:
e6f3b46)
Change-Id: Ibcd2cf22348ae5a72770a8f8ad25cbe8df7fd390
Signed-off-by: Matus Fabian <matfabia@cisco.com>
u32 address_index = ~0;
u32 outside_fib_index;
uword * p;
u32 address_index = ~0;
u32 outside_fib_index;
uword * p;
- snat_worker_key_t worker_by_out_key;
p = hash_get (sm->ip4_main->fib_index_by_table_id, sm->outside_vrf_id);
if (! p)
p = hash_get (sm->ip4_main->fib_index_by_table_id, sm->outside_vrf_id);
if (! p)
1 /* is_add */))
clib_warning ("out2in key add failed");
1 /* is_add */))
clib_warning ("out2in key add failed");
- /* Add to translated packets worker lookup */
- worker_by_out_key.addr = s->out2in.addr;
- worker_by_out_key.port = s->out2in.port;
- worker_by_out_key.fib_index = s->out2in.fib_index;
- kv0.key = worker_by_out_key.as_u64;
- kv0.value = thread_index;
- clib_bihash_add_del_8_8 (&sm->worker_by_out, &kv0, 1);
-
/* log NAT event */
snat_ipfix_logging_nat44_ses_create(s->in2out.addr.as_u32,
s->out2in.addr.as_u32,
/* log NAT event */
snat_ipfix_logging_nat44_ses_create(s->in2out.addr.as_u32,
s->out2in.addr.as_u32,
u32 proto0)
{
snat_session_key_t key0, sm0;
u32 proto0)
{
snat_session_key_t key0, sm0;
snat_session_t * s0;
clib_bihash_kv_8_8_t kv0, value0;
ip_csum_t sum0;
snat_session_t * s0;
clib_bihash_kv_8_8_t kv0, value0;
ip_csum_t sum0;
key0.fib_index = sm->outside_fib_index;
kv0.key = key0.as_u64;
key0.fib_index = sm->outside_fib_index;
kv0.key = key0.as_u64;
- if (sm->num_workers > 1)
+ /* Check if destination is static mappings */
+ if (!snat_static_mapping_match(sm, key0, &sm0, 1, 0))
- k0.addr = ip0->dst_address;
- k0.port = udp0->dst_port;
- k0.fib_index = sm->outside_fib_index;
- kv0.key = k0.as_u64;
- if (clib_bihash_search_8_8 (&sm->worker_by_out, &kv0, &value0))
- return;
- else
- ti = value0.value;
+ new_dst_addr0 = sm0.addr.as_u32;
+ new_dst_port0 = sm0.port;
+ vnet_buffer(b0)->sw_if_index[VLIB_TX] = sm0.fib_index;
+ /* or active session */
- ti = sm->num_workers;
-
- /* Check if destination is in active sessions */
- if (clib_bihash_search_8_8 (&sm->per_thread_data[ti].out2in, &kv0, &value0))
- /* or static mappings */
- if (!snat_static_mapping_match(sm, key0, &sm0, 1, 0))
+ if (sm->num_workers > 1)
+ ti = (clib_net_to_host_u16 (udp0->dst_port) - 1024) / sm->port_per_thread;
+ else
+ ti = sm->num_workers;
+
+ if (!clib_bihash_search_8_8 (&sm->per_thread_data[ti].out2in, &kv0, &value0))
- new_dst_addr0 = sm0.addr.as_u32;
- new_dst_port0 = sm0.port;
- vnet_buffer(b0)->sw_if_index[VLIB_TX] = sm0.fib_index;
- }
- }
- else
- {
- si = value0.value;
- s0 = pool_elt_at_index (sm->per_thread_data[ti].sessions, si);
- new_dst_addr0 = s0->in2out.addr.as_u32;
- new_dst_port0 = s0->in2out.port;
- vnet_buffer(b0)->sw_if_index[VLIB_TX] = s0->in2out.fib_index;
+ s0 = pool_elt_at_index (sm->per_thread_data[ti].sessions, si);
+ new_dst_addr0 = s0->in2out.addr.as_u32;
+ new_dst_port0 = s0->in2out.port;
+ vnet_buffer(b0)->sw_if_index[VLIB_TX] = s0->in2out.fib_index;
+ }
}
/* Destination is behind the same NAT, use internal address and port */
}
/* Destination is behind the same NAT, use internal address and port */
{
snat_session_key_t key0, sm0;
clib_bihash_kv_8_8_t kv0, value0;
{
snat_session_key_t key0, sm0;
clib_bihash_kv_8_8_t kv0, value0;
u32 new_dst_addr0 = 0, old_dst_addr0, si, ti = 0;
ip_csum_t sum0;
snat_session_t *s0;
u32 new_dst_addr0 = 0, old_dst_addr0, si, ti = 0;
ip_csum_t sum0;
snat_session_t *s0;
kv0.key = key0.as_u64;
if (sm->num_workers > 1)
kv0.key = key0.as_u64;
if (sm->num_workers > 1)
- {
- k0.addr = ip0->dst_address;
- k0.port = icmp_id0;
- k0.fib_index = sm->outside_fib_index;
- kv0.key = k0.as_u64;
- if (clib_bihash_search_8_8 (&sm->worker_by_out, &kv0, &value0))
- return;
- else
- ti = value0.value;
- }
+ ti = (clib_net_to_host_u16 (icmp_id0) - 1024) / sm->port_per_thread;
else
ti = sm->num_workers;
else
ti = sm->num_workers;
clib_bihash_kv_16_8_t s_kv, s_value;
nat_ed_ses_key_t key;
snat_session_key_t m_key;
clib_bihash_kv_16_8_t s_kv, s_value;
nat_ed_ses_key_t key;
snat_session_key_t m_key;
- snat_worker_key_t w_key;
snat_static_mapping_t *m;
ip_csum_t sum;
snat_session_t *s;
snat_static_mapping_t *m;
ip_csum_t sum;
snat_session_t *s;
else
{
if (sm->num_workers > 1)
else
{
if (sm->num_workers > 1)
- {
- w_key.addr = ip->dst_address;
- w_key.port = 0;
- w_key.fib_index = sm->outside_fib_index;
- kv.key = w_key.as_u64;
- if (clib_bihash_search_8_8 (&sm->worker_by_out, &kv, &value))
- return;
- else
- ti = value.value;
- }
+ ti = sm->worker_out2in_cb (ip, sm->outside_fib_index);
else
ti = sm->num_workers;
else
ti = sm->num_workers;
if (e_port > 1024) \
{ \
a->busy_##n##_ports++; \
if (e_port > 1024) \
{ \
a->busy_##n##_ports++; \
- a->busy_##n##_ports_per_thread[e_port / sm->port_per_thread]++; \
+ a->busy_##n##_ports_per_thread[(e_port - 1024) / sm->port_per_thread]++; \
} \
break;
foreach_snat_protocol
} \
break;
foreach_snat_protocol
if (sm->workers)
{
snat_user_key_t w_key0;
if (sm->workers)
{
snat_user_key_t w_key0;
- snat_worker_key_t w_key1;
w_key0.addr = m->local_addr;
w_key0.fib_index = m->fib_index;
w_key0.addr = m->local_addr;
w_key0.fib_index = m->fib_index;
kv.value = value.value;
}
kv.value = value.value;
}
- w_key1.addr = m->external_addr;
- w_key1.port = clib_host_to_net_u16 (m->external_port);
- w_key1.fib_index = sm->outside_fib_index;
- kv.key = w_key1.as_u64;
- clib_bihash_add_del_8_8 (&sm->worker_by_out, &kv, 1);
+ m->worker_index = kv.value;
if (e_port > 1024) \
{ \
a->busy_##n##_ports--; \
if (e_port > 1024) \
{ \
a->busy_##n##_ports--; \
- a->busy_##n##_ports_per_thread[e_port / sm->port_per_thread]--; \
+ a->busy_##n##_ports_per_thread[(e_port - 1024) / sm->port_per_thread]--; \
} \
break;
foreach_snat_protocol
} \
break;
foreach_snat_protocol
int i;
nat44_lb_addr_port_t *local;
snat_user_key_t w_key0;
int i;
nat44_lb_addr_port_t *local;
snat_user_key_t w_key0;
- snat_worker_key_t w_key1;
u32 worker_index = 0;
snat_main_per_thread_data_t *tsm;
u32 worker_index = 0;
snat_main_per_thread_data_t *tsm;
if (e_port > 1024) \
{ \
a->busy_##n##_ports++; \
if (e_port > 1024) \
{ \
a->busy_##n##_ports++; \
- a->busy_##n##_ports_per_thread[e_port / sm->port_per_thread]++; \
+ a->busy_##n##_ports_per_thread[(e_port - 1024) / sm->port_per_thread]++; \
} \
break;
foreach_snat_protocol
} \
break;
foreach_snat_protocol
else
worker_index = value.value;
else
worker_index = value.value;
- w_key1.addr = m->external_addr;
- w_key1.port = clib_host_to_net_u16 (m->external_port);
- w_key1.fib_index = sm->outside_fib_index;
- kv.key = w_key1.as_u64;
- kv.value = worker_index;
- if (clib_bihash_add_del_8_8 (&sm->worker_by_out, &kv, 1))
- {
- clib_warning ("worker-by-out add key failed");
- return VNET_API_ERROR_UNSPECIFIED;
- }
tsm = vec_elt_at_index (sm->per_thread_data, worker_index);
tsm = vec_elt_at_index (sm->per_thread_data, worker_index);
+ m->worker_index = worker_index;
}
else
tsm = vec_elt_at_index (sm->per_thread_data, sm->num_workers);
}
else
tsm = vec_elt_at_index (sm->per_thread_data, sm->num_workers);
if (e_port > 1024) \
{ \
a->busy_##n##_ports--; \
if (e_port > 1024) \
{ \
a->busy_##n##_ports--; \
- a->busy_##n##_ports_per_thread[e_port / sm->port_per_thread]--; \
+ a->busy_##n##_ports_per_thread[(e_port - 1024) / sm->port_per_thread]--; \
} \
break;
foreach_snat_protocol
} \
break;
foreach_snat_protocol
- w_key1.addr = m->external_addr;
- w_key1.port = clib_host_to_net_u16 (m->external_port);
- w_key1.fib_index = sm->outside_fib_index;
- kv.key = w_key1.as_u64;
- if (!clib_bihash_search_8_8 (&sm->worker_by_out, &kv, &value))
- tsm = vec_elt_at_index (sm->per_thread_data, value.value);
- else
- tsm = vec_elt_at_index (sm->per_thread_data, sm->num_workers);
-
+ tsm = vec_elt_at_index (sm->per_thread_data, m->worker_index);
m_key.addr = m->external_addr;
m_key.port = m->external_port;
m_key.protocol = m->proto;
m_key.addr = m->external_addr;
m_key.port = m->external_port;
m_key.protocol = m->proto;
snat_get_worker_out2in_cb (ip4_header_t * ip0, u32 rx_fib_index0)
{
snat_main_t *sm = &snat_main;
snat_get_worker_out2in_cb (ip4_header_t * ip0, u32 rx_fib_index0)
{
snat_main_t *sm = &snat_main;
- snat_worker_key_t key0;
- clib_bihash_kv_8_8_t kv0, value0;
- udp_header_t * udp0;
- u32 next_worker_index = 0;
-
- udp0 = ip4_next_header (ip0);
-
- key0.addr = ip0->dst_address;
- key0.port = udp0->dst_port;
- key0.fib_index = rx_fib_index0;
+ udp_header_t *udp;
+ u16 port;
+ snat_session_key_t m_key;
+ clib_bihash_kv_8_8_t kv, value;
+ snat_static_mapping_t *m;
+ nat_ed_ses_key_t key;
+ clib_bihash_kv_16_8_t s_kv, s_value;
+ snat_main_per_thread_data_t *tsm;
+ snat_session_t *s;
+ int i;
+ u32 proto;
- if (PREDICT_FALSE(ip0->protocol == IP_PROTOCOL_ICMP))
+ /* first try static mappings without port */
+ if (PREDICT_FALSE (pool_elts (sm->static_mappings)))
- icmp46_header_t * icmp0 = (icmp46_header_t *) udp0;
- icmp_echo_header_t *echo0 = (icmp_echo_header_t *)(icmp0+1);
- key0.port = echo0->identifier;
+ m_key.addr = ip0->dst_address;
+ m_key.port = 0;
+ m_key.protocol = 0;
+ m_key.fib_index = rx_fib_index0;
+ kv.key = m_key.as_u64;
+ if (!clib_bihash_search_8_8 (&sm->static_mapping_by_external, &kv, &value))
+ {
+ m = pool_elt_at_index (sm->static_mappings, value.value);
+ return m->worker_index;
+ }
+ proto = ip_proto_to_snat_proto (ip0->protocol);
+ udp = ip4_next_header (ip0);
+ port = udp->dst_port;
- /* Ever heard of of the "user" before? */
- if (clib_bihash_search_8_8 (&sm->worker_by_out, &kv0, &value0))
+ /* unknown protocol */
+ if (PREDICT_FALSE (proto == ~0))
- key0.port = 0;
- kv0.key = key0.as_u64;
+ key.l_addr = ip0->dst_address;
+ key.r_addr = ip0->src_address;
+ key.fib_index = rx_fib_index0;
+ key.proto = ip0->protocol;
+ key.rsvd = 0;
+ key.l_port = 0;
+ s_kv.key[0] = key.as_u64[0];
+ s_kv.key[1] = key.as_u64[1];
- if (clib_bihash_search_8_8 (&sm->worker_by_out, &kv0, &value0))
+ if (!clib_bihash_search_16_8 (&sm->out2in_ed, &s_kv, &s_value))
- /* No, assign next available worker (RR) */
- next_worker_index = sm->first_worker_index;
- if (vec_len (sm->workers))
+ for (i = 0; i < _vec_len (sm->per_thread_data); i++)
- next_worker_index +=
- sm->workers[sm->next_worker++ % _vec_len (sm->workers)];
+ tsm = vec_elt_at_index (sm->per_thread_data, i);
+ if (!pool_is_free_index(tsm->sessions, s_value.value))
+ {
+ s = pool_elt_at_index (tsm->sessions, s_value.value);
+ if (s->out2in.addr.as_u32 == ip0->dst_address.as_u32 &&
+ s->out2in.port == ip0->protocol &&
+ snat_is_unk_proto_session (s))
+ return i;
+ }
+ }
+
+ /* if no session use current thread */
+ return vlib_get_thread_index ();
+ }
+
+ if (PREDICT_FALSE (ip0->protocol == IP_PROTOCOL_ICMP))
+ {
+ icmp46_header_t * icmp = (icmp46_header_t *) udp;
+ icmp_echo_header_t *echo = (icmp_echo_header_t *)(icmp + 1);
+ if (!icmp_is_error_message (icmp))
+ port = echo->identifier;
- /* Static mapping without port */
- next_worker_index = value0.value;
+ ip4_header_t *inner_ip = (ip4_header_t *)(echo + 1);
+ proto = ip_proto_to_snat_proto (inner_ip->protocol);
+ void *l4_header = ip4_next_header (inner_ip);
+ switch (proto)
+ {
+ case SNAT_PROTOCOL_ICMP:
+ icmp = (icmp46_header_t*)l4_header;
+ echo = (icmp_echo_header_t *)(icmp + 1);
+ port = echo->identifier;
+ break;
+ case SNAT_PROTOCOL_UDP:
+ case SNAT_PROTOCOL_TCP:
+ port = ((tcp_udp_header_t*)l4_header)->src_port;
+ break;
+ default:
+ return vlib_get_thread_index ();
+ }
- /* Add to translated packets worker lookup */
- key0.port = udp0->dst_port;
- kv0.key = key0.as_u64;
- kv0.value = next_worker_index;
- clib_bihash_add_del_8_8 (&sm->worker_by_out, &kv0, 1);
+ /* try static mappings with port */
+ if (PREDICT_FALSE (pool_elts (sm->static_mappings)))
+ {
+ m_key.addr = ip0->dst_address;
+ m_key.port = clib_net_to_host_u16 (port);
+ m_key.protocol = proto;
+ m_key.fib_index = rx_fib_index0;
+ kv.key = m_key.as_u64;
+ if (!clib_bihash_search_8_8 (&sm->static_mapping_by_external, &kv, &value))
+ {
+ m = pool_elt_at_index (sm->static_mappings, value.value);
+ return m->worker_index;
+ }
- else
- next_worker_index = value0.value;
- return next_worker_index;
+ /* worker by outside port */
+ return (u32) ((clib_net_to_host_u16 (port) - 1024) / sm->port_per_thread);
clib_bihash_init_8_8 (&sm->worker_by_in, "worker-by-in", user_buckets,
user_memory_size);
clib_bihash_init_8_8 (&sm->worker_by_in, "worker-by-in", user_buckets,
user_memory_size);
- clib_bihash_init_8_8 (&sm->worker_by_out, "worker-by-out",
- translation_buckets, translation_memory_size);
-
clib_bihash_init_16_8 (&sm->in2out_ed, "in2out-ed",
translation_buckets, translation_memory_size);
clib_bihash_init_16_8 (&sm->in2out_ed, "in2out-ed",
translation_buckets, translation_memory_size);
verbose - 1);
vlib_cli_output (vm, "%U", format_bihash_8_8, &sm->worker_by_in,
verbose - 1);
verbose - 1);
vlib_cli_output (vm, "%U", format_bihash_8_8, &sm->worker_by_in,
verbose - 1);
- vlib_cli_output (vm, "%U", format_bihash_8_8, &sm->worker_by_out,
- verbose - 1);
vec_foreach_index (j, sm->per_thread_data)
{
tsm = vec_elt_at_index (sm->per_thread_data, j);
vec_foreach_index (j, sm->per_thread_data)
{
tsm = vec_elt_at_index (sm->per_thread_data, j);
u32 vrf_id;
u32 fib_index;
snat_protocol_t proto;
u32 vrf_id;
u32 fib_index;
snat_protocol_t proto;
nat44_lb_addr_port_t *locals;
} snat_static_mapping_t;
nat44_lb_addr_port_t *locals;
} snat_static_mapping_t;
/* Non-translated packets worker lookup => src address + VRF */
clib_bihash_8_8_t worker_by_in;
/* Non-translated packets worker lookup => src address + VRF */
clib_bihash_8_8_t worker_by_in;
- /* Translated packets worker lookup => IP address + port number */
- clib_bihash_8_8_t worker_by_out;
-
snat_icmp_match_function_t * icmp_match_in2out_cb;
snat_icmp_match_function_t * icmp_match_out2in_cb;
snat_icmp_match_function_t * icmp_match_in2out_cb;
snat_icmp_match_function_t * icmp_match_out2in_cb;