Use correct ports from SVR. Perform lookup of existing session for all
cases to pick any created bypasses and derive correct thread indexes.
Type: fix
Change-Id: I1e3814c9e13cd4d9b8d65f514f7e9ab42df3c22e
Signed-off-by: Klement Sekera <ksekera@cisco.com>
nat44_ed_get_worker_out2in_cb (vlib_buffer_t * b, ip4_header_t * ip,
u32 rx_fib_index, u8 is_output);
nat44_ed_get_worker_out2in_cb (vlib_buffer_t * b, ip4_header_t * ip,
u32 rx_fib_index, u8 is_output);
-static u32
-nat44_ed_get_worker_in2out_cb (ip4_header_t * ip, u32 rx_fib_index,
- u8 is_output);
+static u32 nat44_ed_get_worker_in2out_cb (vlib_buffer_t *b, ip4_header_t *ip,
+ u32 rx_fib_index, u8 is_output);
u32 nat_calc_bihash_buckets (u32 n_elts);
u32 nat_calc_bihash_buckets (u32 n_elts);
ip4_header_t ip = {
.src_address = m->local_addr,
};
ip4_header_t ip = {
.src_address = m->local_addr,
};
- vec_add1 (m->workers, sm->worker_in2out_cb (&ip, m->fib_index, 0));
+ vec_add1 (m->workers,
+ sm->worker_in2out_cb (0, &ip, m->fib_index, 0));
tsm = vec_elt_at_index (sm->per_thread_data, m->workers[0]);
}
else
tsm = vec_elt_at_index (sm->per_thread_data, m->workers[0]);
}
else
ip4_header_t ip = {
.src_address = locals[i].addr,
};
ip4_header_t ip = {
.src_address = locals[i].addr,
};
- bitmap =
- clib_bitmap_set (bitmap,
- sm->worker_in2out_cb (&ip, m->fib_index, 0),
- 1);
+ bitmap = clib_bitmap_set (
+ bitmap, sm->worker_in2out_cb (0, &ip, m->fib_index, 0), 1);
sm->fib_src_low);
if (!out2in_only)
{
sm->fib_src_low);
if (!out2in_only)
{
-init_nat_k(& kv, local->addr, local->port, local->fib_index, m->proto);
- if (clib_bihash_add_del_8_8(&sm->static_mapping_by_local, &kv, 0))
- {
+ init_nat_k (&kv, local->addr, local->port, local->fib_index,
+ m->proto);
+ if (clib_bihash_add_del_8_8 (&sm->static_mapping_by_local, &kv,
+ 0))
+ {
nat_elog_err (sm, "static_mapping_by_local key del failed");
return VNET_API_ERROR_UNSPECIFIED;
}
nat_elog_err (sm, "static_mapping_by_local key del failed");
return VNET_API_ERROR_UNSPECIFIED;
}
ip4_header_t ip = {
.src_address = local->addr,
};
ip4_header_t ip = {
.src_address = local->addr,
};
- tsm =
- vec_elt_at_index (sm->per_thread_data,
- sm->worker_in2out_cb (&ip, m->fib_index, 0));
+ tsm = vec_elt_at_index (
+ sm->per_thread_data,
+ sm->worker_in2out_cb (0, &ip, m->fib_index, 0));
}
else
tsm = vec_elt_at_index (sm->per_thread_data, sm->num_workers);
}
else
tsm = vec_elt_at_index (sm->per_thread_data, sm->num_workers);
ip4_header_t ip = {
.src_address = local->addr,
};
ip4_header_t ip = {
.src_address = local->addr,
};
- tsm = vec_elt_at_index (sm->per_thread_data,
- sm->worker_in2out_cb (&ip, m->fib_index,
- 0));
+ tsm =
+ vec_elt_at_index (sm->per_thread_data,
+ sm->worker_in2out_cb (0, &ip, m->fib_index, 0));
}
else
tsm = vec_elt_at_index (sm->per_thread_data, sm->num_workers);
}
else
tsm = vec_elt_at_index (sm->per_thread_data, sm->num_workers);
if (sm->num_workers > 1)
{
ip4_header_t ip;
if (sm->num_workers > 1)
{
ip4_header_t ip;
- ip.src_address.as_u32 = local->addr.as_u32,
- bitmap = clib_bitmap_set (bitmap,
- sm->worker_in2out_cb (&ip, local->fib_index, 0),
- 1);
+ ip.src_address.as_u32 = local->addr.as_u32,
+ bitmap = clib_bitmap_set (
+ bitmap, sm->worker_in2out_cb (0, &ip, local->fib_index, 0), 1);
.src_address = local->addr,
};
.src_address = local->addr,
};
- if (sm->worker_in2out_cb (&ip, m->fib_index, 0) ==
+ if (sm->worker_in2out_cb (0, &ip, m->fib_index, 0) ==
- {
- vec_add1 (tmp, i);
- }
- }
+ {
+ vec_add1 (tmp, i);
+ }
+ }
ASSERT (vec_len (tmp) != 0);
}
else
ASSERT (vec_len (tmp) != 0);
}
else
-nat44_ed_get_worker_in2out_cb (ip4_header_t *ip, u32 rx_fib_index,
- u8 is_output)
+nat44_ed_get_worker_in2out_cb (vlib_buffer_t *b, ip4_header_t *ip,
+ u32 rx_fib_index, u8 is_output)
{
snat_main_t *sm = &snat_main;
u32 next_worker_index = sm->first_worker_index;
u32 hash;
clib_bihash_kv_16_8_t kv16, value16;
{
snat_main_t *sm = &snat_main;
u32 next_worker_index = sm->first_worker_index;
u32 hash;
clib_bihash_kv_16_8_t kv16, value16;
- snat_main_per_thread_data_t *tsm;
- udp_header_t *udp;
+ u32 fib_index = rx_fib_index;
if (PREDICT_FALSE (is_output))
{
if (PREDICT_FALSE (is_output))
{
- u32 fib_index = sm->outside_fib_index;
+ fib_index = sm->outside_fib_index;
nat_outside_fib_t *outside_fib;
fib_node_index_t fei = FIB_NODE_INDEX_INVALID;
fib_prefix_t pfx = {
nat_outside_fib_t *outside_fib;
fib_node_index_t fei = FIB_NODE_INDEX_INVALID;
fib_prefix_t pfx = {
- udp = ip4_next_header (ip);
-
switch (vec_len (sm->outside_fibs))
{
case 0:
switch (vec_len (sm->outside_fibs))
{
case 0:
/* *INDENT-ON* */
break;
}
/* *INDENT-ON* */
break;
}
- init_ed_k (&kv16, ip->src_address, udp->src_port, ip->dst_address,
- udp->dst_port, fib_index, ip->protocol);
+ if (b)
+ {
+ init_ed_k (&kv16, ip->src_address, vnet_buffer (b)->ip.reass.l4_src_port,
+ ip->dst_address, vnet_buffer (b)->ip.reass.l4_dst_port,
+ fib_index, ip->protocol);
if (PREDICT_TRUE (
!clib_bihash_search_16_8 (&sm->flow_hash, &kv16, &value16)))
{
if (PREDICT_TRUE (
!clib_bihash_search_16_8 (&sm->flow_hash, &kv16, &value16)))
{
- tsm =
- vec_elt_at_index (sm->per_thread_data,
- ed_value_get_thread_index (&value16));
- next_worker_index += tsm->thread_index;
-
- nat_elog_debug_handoff (
- sm, "HANDOFF IN2OUT-OUTPUT-FEATURE (session)", next_worker_index,
- fib_index, clib_net_to_host_u32 (ip->src_address.as_u32),
- clib_net_to_host_u32 (ip->dst_address.as_u32));
-
- return next_worker_index;
+ next_worker_index = ed_value_get_thread_index (&value16);
+ vnet_buffer2 (b)->nat.cached_session_index =
+ ed_value_get_session_index (&value16);
+ goto out;
else
next_worker_index += sm->workers[hash % _vec_len (sm->workers)];
else
next_worker_index += sm->workers[hash % _vec_len (sm->workers)];
if (PREDICT_TRUE (!is_output))
{
nat_elog_debug_handoff (sm, "HANDOFF IN2OUT", next_worker_index,
if (PREDICT_TRUE (!is_output))
{
nat_elog_debug_handoff (sm, "HANDOFF IN2OUT", next_worker_index,
{
udp = ip4_next_header (ip);
{
udp = ip4_next_header (ip);
- init_ed_k (&kv16, ip->dst_address, udp->dst_port, ip->src_address,
- udp->src_port, rx_fib_index, ip->protocol);
+ init_ed_k (&kv16, ip->dst_address, vnet_buffer (b)->ip.reass.l4_dst_port,
+ ip->src_address, vnet_buffer (b)->ip.reass.l4_src_port,
+ rx_fib_index, ip->protocol);
if (PREDICT_TRUE (
!clib_bihash_search_16_8 (&sm->flow_hash, &kv16, &value16)))
if (PREDICT_TRUE (
!clib_bihash_search_16_8 (&sm->flow_hash, &kv16, &value16)))
}
udp = ip4_next_header (ip);
}
udp = ip4_next_header (ip);
+ port = vnet_buffer (b)->ip.reass.l4_dst_port;
if (PREDICT_FALSE (ip->protocol == IP_PROTOCOL_ICMP))
{
if (PREDICT_FALSE (ip->protocol == IP_PROTOCOL_ICMP))
{
ip.dst_address.as_u32 = ip.src_address.as_u32 = addr->as_u32;
if (sm->num_workers > 1)
ip.dst_address.as_u32 = ip.src_address.as_u32 = addr->as_u32;
if (sm->num_workers > 1)
- tsm =
- vec_elt_at_index (sm->per_thread_data,
- sm->worker_in2out_cb (&ip, fib_index, 0));
+ tsm = vec_elt_at_index (sm->per_thread_data,
+ sm->worker_in2out_cb (0, &ip, fib_index, 0));
else
tsm = vec_elt_at_index (sm->per_thread_data, sm->num_workers);
else
tsm = vec_elt_at_index (sm->per_thread_data, sm->num_workers);
#define NAT_STATIC_MAPPING_FLAG_LB 8
#define NAT_STATIC_MAPPING_FLAG_EXACT_ADDRESS 16
#define NAT_STATIC_MAPPING_FLAG_LB 8
#define NAT_STATIC_MAPPING_FLAG_EXACT_ADDRESS 16
typedef CLIB_PACKED(struct
{
// number of sessions in this vrf
typedef CLIB_PACKED(struct
{
// number of sessions in this vrf
// is this vrf expired
u8 expired;
}) per_vrf_sessions_t;
// is this vrf expired
u8 expired;
}) per_vrf_sessions_t;
f->rewrite.icmp_id = id;
}
f->rewrite.icmp_id = id;
}
typedef CLIB_PACKED(struct
{
/* Outside network tuple */
typedef CLIB_PACKED(struct
{
/* Outside network tuple */
u32 per_vrf_sessions_index;
}) snat_session_t;
u32 per_vrf_sessions_index;
}) snat_session_t;
typedef struct
{
ip4_address_t addr;
u32 fib_index;
typedef struct
{
ip4_address_t addr;
u32 fib_index;
#define _(N, i, n, s) \
u32 busy_##n##_ports; \
u32 * busy_##n##_ports_per_thread; \
u32 busy_##n##_port_refcounts[65535];
foreach_nat_protocol
#undef _
#define _(N, i, n, s) \
u32 busy_##n##_ports; \
u32 * busy_##n##_ports_per_thread; \
u32 busy_##n##_port_refcounts[65535];
foreach_nat_protocol
#undef _
} snat_address_t;
typedef struct
} snat_address_t;
typedef struct
struct snat_main_s;
/* Return worker thread index for given packet */
struct snat_main_s;
/* Return worker thread index for given packet */
-typedef u32 (snat_get_worker_in2out_function_t) (ip4_header_t * ip,
+typedef u32 (snat_get_worker_in2out_function_t) (vlib_buffer_t *b,
+ ip4_header_t *ip,
u32 rx_fib_index,
u8 is_output);
u32 rx_fib_index,
u8 is_output);
ip.src_address.as_u32 = ukey.addr.as_u32;
ukey.fib_index = fib_table_find (FIB_PROTOCOL_IP4, ntohl (mp->vrf_id));
if (sm->num_workers > 1)
ip.src_address.as_u32 = ukey.addr.as_u32;
ukey.fib_index = fib_table_find (FIB_PROTOCOL_IP4, ntohl (mp->vrf_id));
if (sm->num_workers > 1)
- tsm =
- vec_elt_at_index (sm->per_thread_data,
- sm->worker_in2out_cb (&ip, ukey.fib_index, 0));
+ tsm = vec_elt_at_index (sm->per_thread_data,
+ sm->worker_in2out_cb (0, &ip, ukey.fib_index, 0));
else
tsm = vec_elt_at_index (sm->per_thread_data, sm->num_workers);
else
tsm = vec_elt_at_index (sm->per_thread_data, sm->num_workers);
- ti[0] = sm->worker_in2out_cb (ip0, rx_fib_index0, is_output);
- ti[1] = sm->worker_in2out_cb (ip1, rx_fib_index1, is_output);
- ti[2] = sm->worker_in2out_cb (ip2, rx_fib_index2, is_output);
- ti[3] = sm->worker_in2out_cb (ip3, rx_fib_index3, is_output);
+ ti[0] = sm->worker_in2out_cb (b[0], ip0, rx_fib_index0, is_output);
+ ti[1] = sm->worker_in2out_cb (b[1], ip1, rx_fib_index1, is_output);
+ ti[2] = sm->worker_in2out_cb (b[2], ip2, rx_fib_index2, is_output);
+ ti[3] = sm->worker_in2out_cb (b[3], ip3, rx_fib_index3, is_output);
- ti[0] = sm->worker_in2out_cb (ip0, rx_fib_index0, is_output);
+ ti[0] = sm->worker_in2out_cb (b[0], ip0, rx_fib_index0, is_output);
}
static_always_inline int
}
static_always_inline int
-nat44_ed_not_translate (snat_main_t * sm, vlib_node_runtime_t * node,
- u32 sw_if_index, ip4_header_t * ip, u32 proto,
- u32 rx_fib_index, u32 thread_index)
+nat44_ed_not_translate (snat_main_t *sm, vlib_node_runtime_t *node,
+ u32 sw_if_index, vlib_buffer_t *b, ip4_header_t *ip,
+ u32 proto, u32 rx_fib_index, u32 thread_index)
- udp_header_t *udp = ip4_next_header (ip);
clib_bihash_kv_16_8_t kv, value;
clib_bihash_kv_16_8_t kv, value;
- init_ed_k (&kv, ip->dst_address, udp->dst_port, ip->src_address,
- udp->src_port, sm->outside_fib_index, ip->protocol);
+ init_ed_k (&kv, ip->dst_address, vnet_buffer (b)->ip.reass.l4_dst_port,
+ ip->src_address, vnet_buffer (b)->ip.reass.l4_src_port,
+ sm->outside_fib_index, ip->protocol);
/* NAT packet aimed at external address if has active sessions */
if (clib_bihash_search_16_8 (&sm->flow_hash, &kv, &value))
/* NAT packet aimed at external address if has active sessions */
if (clib_bihash_search_16_8 (&sm->flow_hash, &kv, &value))
ip4_address_t placeholder_addr;
u16 placeholder_port;
u32 placeholder_fib_index;
ip4_address_t placeholder_addr;
u16 placeholder_port;
u32 placeholder_fib_index;
- if (!snat_static_mapping_match
- (sm, ip->dst_address, udp->dst_port, sm->outside_fib_index, proto,
- &placeholder_addr, &placeholder_port, &placeholder_fib_index, 1, 0,
- 0, 0, 0, 0, 0))
+ if (!snat_static_mapping_match (
+ sm, ip->dst_address, vnet_buffer (b)->ip.reass.l4_dst_port,
+ sm->outside_fib_index, proto, &placeholder_addr, &placeholder_port,
+ &placeholder_fib_index, 1, 0, 0, 0, 0, 0, 0))
- if (PREDICT_FALSE (nat44_ed_not_translate (sm, node, sw_if_index, ip,
+ if (PREDICT_FALSE (nat44_ed_not_translate (sm, node, sw_if_index, b, ip,
NAT_PROTOCOL_ICMP,
rx_fib_index, thread_index)))
{
NAT_PROTOCOL_ICMP,
rx_fib_index, thread_index)))
{
- if (PREDICT_FALSE
- (nat44_ed_not_translate
- (sm, node, sw_if_index0, ip0, proto0, rx_fib_index0,
+ if (PREDICT_FALSE (nat44_ed_not_translate (
+ sm, node, sw_if_index0, b0, ip0, proto0, rx_fib_index0,
thread_index)))
goto trace0;
}
thread_index)))
goto trace0;
}
{
snat_session_t *s;
ip4_header_t *ip;
{
snat_session_t *s;
ip4_header_t *ip;
snat_main_per_thread_data_t *tsm = &sm->per_thread_data[thread_index];
if (PREDICT_FALSE
snat_main_per_thread_data_t *tsm = &sm->per_thread_data[thread_index];
if (PREDICT_FALSE
}
ip = vlib_buffer_get_current (b);
}
ip = vlib_buffer_get_current (b);
- udp = ip4_next_header (ip);
s->ext_host_addr.as_u32 = ip->src_address.as_u32;
s->ext_host_addr.as_u32 = ip->src_address.as_u32;
- s->ext_host_port = nat_proto == NAT_PROTOCOL_ICMP ? 0 : udp->src_port;
+ s->ext_host_port =
+ nat_proto == NAT_PROTOCOL_ICMP ? 0 : vnet_buffer (b)->ip.reass.l4_src_port;
s->flags |= SNAT_SESSION_FLAG_STATIC_MAPPING;
if (lb_nat)
s->flags |= SNAT_SESSION_FLAG_LOAD_BALANCING;
s->flags |= SNAT_SESSION_FLAG_STATIC_MAPPING;
if (lb_nat)
s->flags |= SNAT_SESSION_FLAG_LOAD_BALANCING;
ip4_header_t *ip, u32 rx_fib_index, u32 thread_index)
{
clib_bihash_kv_16_8_t kv, value;
ip4_header_t *ip, u32 rx_fib_index, u32 thread_index)
{
clib_bihash_kv_16_8_t kv, value;
snat_main_per_thread_data_t *tsm = &sm->per_thread_data[thread_index];
vlib_main_t *vm = vlib_get_main ();
f64 now = vlib_time_now (vm);
snat_main_per_thread_data_t *tsm = &sm->per_thread_data[thread_index];
vlib_main_t *vm = vlib_get_main ();
f64 now = vlib_time_now (vm);
{
if (ip->protocol == IP_PROTOCOL_UDP || ip->protocol == IP_PROTOCOL_TCP)
{
{
if (ip->protocol == IP_PROTOCOL_UDP || ip->protocol == IP_PROTOCOL_TCP)
{
- udp = ip4_next_header (ip);
- lookup_sport = udp->dst_port;
- lookup_dport = udp->src_port;
+ lookup_sport = vnet_buffer (b)->ip.reass.l4_dst_port;
+ lookup_dport = vnet_buffer (b)->ip.reass.l4_src_port;
proto = ip_proto_to_nat_proto (ip0->protocol);
udp = ip4_next_header (ip0);
proto = ip_proto_to_nat_proto (ip0->protocol);
udp = ip4_next_header (ip0);
+ port = vnet_buffer (b)->ip.reass.l4_dst_port;
/* unknown protocol */
if (PREDICT_FALSE (proto == NAT_PROTOCOL_OTHER))
/* unknown protocol */
if (PREDICT_FALSE (proto == NAT_PROTOCOL_OTHER))