return 0;
}
-static inline int
-nat_not_translate_output_feature_fwd (snat_main_t * sm, ip4_header_t * ip)
-{
- nat_ed_ses_key_t key;
- clib_bihash_kv_16_8_t kv, value;
- udp_header_t *udp;
-
- if (!sm->forwarding_enabled)
- return 0;
-
- if (ip->protocol == IP_PROTOCOL_ICMP)
- {
- if (icmp_get_ed_key (ip, &key))
- return 0;
- }
- else if (ip->protocol == IP_PROTOCOL_UDP || ip->protocol == IP_PROTOCOL_TCP)
- {
- udp = ip4_next_header(ip);
- key.l_addr = ip->src_address;
- key.r_addr = ip->dst_address;
- key.proto = ip->protocol;
- key.r_port = udp->dst_port;
- key.l_port = udp->src_port;
- }
- else
- {
- key.l_addr = ip->src_address;
- key.r_addr = ip->dst_address;
- key.proto = ip->protocol;
- key.l_port = key.r_port = 0;
- }
- key.fib_index = 0;
- kv.key[0] = key.as_u64[0];
- kv.key[1] = key.as_u64[1];
-
- if (!clib_bihash_search_16_8 (&sm->in2out_ed, &kv, &value))
- return value.value == ~0ULL;
-
- return 0;
-}
-
/**
* Get address and port values to be used for ICMP packet translation
* and create session if needed
if (!clib_bihash_search_16_8 (&sm->in2out_ed, &s_kv, &s_value))
{
- if (s_value.value == ~0ULL)
- return 0;
s = pool_elt_at_index (tsm->sessions, s_value.value);
}
else
}
else
{
- if (is_output_feature)
- {
- if (PREDICT_FALSE(nat_not_translate_output_feature_fwd(sm, ip0)))
- goto trace00;
- }
-
if (PREDICT_FALSE (proto0 == ~0 || proto0 == SNAT_PROTOCOL_ICMP))
{
next0 = SNAT_IN2OUT_NEXT_SLOW_PATH;
}
else
{
- if (is_output_feature)
- {
- if (PREDICT_FALSE(nat_not_translate_output_feature_fwd(sm, ip1)))
- goto trace01;
- }
-
if (PREDICT_FALSE (proto1 == ~0 || proto1 == SNAT_PROTOCOL_ICMP))
{
next1 = SNAT_IN2OUT_NEXT_SLOW_PATH;
}
}
+ b1->flags |= VNET_BUFFER_F_IS_NATED;
+
key1.addr = ip1->src_address;
key1.port = udp1->src_port;
key1.protocol = proto1;
}
}
- b1->flags |= VNET_BUFFER_F_IS_NATED;
-
old_addr1 = ip1->src_address.as_u32;
ip1->src_address = s1->out2in.addr;
new_addr1 = ip1->src_address.as_u32;
}
else
{
- if (is_output_feature)
- {
- if (PREDICT_FALSE(nat_not_translate_output_feature_fwd(sm, ip0)))
- goto trace0;
- }
-
if (PREDICT_FALSE (proto0 == ~0 || proto0 == SNAT_PROTOCOL_ICMP))
{
next0 = SNAT_IN2OUT_NEXT_SLOW_PATH;
return 0;
}
-static void
-create_bypass_for_fwd(snat_main_t * sm, ip4_header_t * ip)
-{
- nat_ed_ses_key_t key;
- clib_bihash_kv_16_8_t kv;
- udp_header_t *udp;
-
- if (ip->protocol == IP_PROTOCOL_ICMP)
- {
- if (icmp_get_ed_key (ip, &key))
- return;
- }
- else if (ip->protocol == IP_PROTOCOL_UDP || ip->protocol == IP_PROTOCOL_TCP)
- {
- udp = ip4_next_header(ip);
- key.r_addr = ip->src_address;
- key.l_addr = ip->dst_address;
- key.proto = ip->protocol;
- key.l_port = udp->dst_port;
- key.r_port = udp->src_port;
- }
- else
- {
- key.r_addr = ip->src_address;
- key.l_addr = ip->dst_address;
- key.proto = ip->protocol;
- key.l_port = key.r_port = 0;
- }
- key.fib_index = 0;
- kv.key[0] = key.as_u64[0];
- kv.key[1] = key.as_u64[1];
- kv.value = ~0ULL;
-
- if (clib_bihash_add_del_16_8 (&sm->in2out_ed, &kv, 1))
- clib_warning ("in2out_ed key add failed");
-}
-
/**
* Get address and port values to be used for ICMP packet translation
* and create session if needed
}
else
{
- create_bypass_for_fwd(sm, ip0);
dont_translate = 1;
goto out;
}
goto trace0;
}
else
- {
- create_bypass_for_fwd(sm, ip0);
- goto trace0;
- }
+ goto trace0;
}
/* Create session initiated by host from external network */
goto trace1;
}
else
- {
- create_bypass_for_fwd(sm, ip1);
- goto trace1;
- }
+ goto trace1;
}
/* Create session initiated by host from external network */
goto trace00;
}
else
- {
- create_bypass_for_fwd(sm, ip0);
- goto trace00;
- }
+ goto trace00;
}
/* Create session initiated by host from external network */
goto trace0;
}
else
- {
- create_bypass_for_fwd(sm, ip0);
- goto trace0;
- }
+ goto trace0;
}
/* Create session initiated by host from external network */
self.logger.error(ppp("Unexpected or invalid packet:"), p)
raise
- def test_output_feature_and_service2(self):
- """ NAT44 interface output feature and service host direct access """
- self.vapi.nat44_forwarding_enable_disable(1)
- self.nat44_add_address(self.nat_addr)
- self.vapi.nat44_interface_add_del_output_feature(self.pg1.sw_if_index,
- is_inside=0)
-
- # session initiaded from service host - translate
- pkts = self.create_stream_in(self.pg0, self.pg1)
- self.pg0.add_stream(pkts)
- self.pg_enable_capture(self.pg_interfaces)
- self.pg_start()
- capture = self.pg1.get_capture(len(pkts))
- self.verify_capture_out(capture)
-
- pkts = self.create_stream_out(self.pg1)
- self.pg1.add_stream(pkts)
- self.pg_enable_capture(self.pg_interfaces)
- self.pg_start()
- capture = self.pg0.get_capture(len(pkts))
- self.verify_capture_in(capture, self.pg0)
-
- tcp_port_out = self.tcp_port_out
- udp_port_out = self.udp_port_out
- icmp_id_out = self.icmp_id_out
-
- # session initiaded from remote host - do not translate
- pkts = self.create_stream_out(self.pg1,
- self.pg0.remote_ip4,
- use_inside_ports=True)
- self.pg1.add_stream(pkts)
- self.pg_enable_capture(self.pg_interfaces)
- self.pg_start()
- capture = self.pg0.get_capture(len(pkts))
- self.verify_capture_in(capture, self.pg0)
-
- pkts = self.create_stream_in(self.pg0, self.pg1)
- self.pg0.add_stream(pkts)
- self.pg_enable_capture(self.pg_interfaces)
- self.pg_start()
- capture = self.pg1.get_capture(len(pkts))
- self.verify_capture_out(capture, nat_ip=self.pg0.remote_ip4,
- same_port=True)
-
def test_one_armed_nat44(self):
""" One armed NAT44 """
remote_host = self.pg9.remote_hosts[0]
Code Review / vpp.git / commitdiff