From 6f19c695583f9d7bd8b39f575e03f01d27e51f64 Mon Sep 17 00:00:00 2001 From: Matus Fabian Date: Tue, 7 Mar 2017 08:04:32 -0800 Subject: [PATCH] CGN: fix outside port calculation and set buffer error (VPP-623) Change-Id: I5143328b2da62ce4d6bb2915e2a51855696d87fc Signed-off-by: Matus Fabian --- src/plugins/snat/in2out.c | 30 ++++++++++++++++++------------ src/plugins/snat/out2in.c | 21 +++++++++++++++------ 2 files changed, 33 insertions(+), 18 deletions(-) diff --git a/src/plugins/snat/in2out.c b/src/plugins/snat/in2out.c index 5970588b5b9..4abf8758af4 100644 --- a/src/plugins/snat/in2out.c +++ b/src/plugins/snat/in2out.c @@ -1361,8 +1361,8 @@ snat_det_in2out_node_fn (vlib_main_t * vm, ip4_header_t * ip0, * ip1; ip_csum_t sum0, sum1; ip4_address_t new_addr0, old_addr0, new_addr1, old_addr1; - u16 old_port0, new_port0, lo_port0, i; - u16 old_port1, new_port1, lo_port1; + u16 old_port0, new_port0, lo_port0, i0; + u16 old_port1, new_port1, lo_port1, i1; udp_header_t * udp0, * udp1; tcp_header_t * tcp0, * tcp1; u32 proto0, proto1; @@ -1409,6 +1409,7 @@ snat_det_in2out_node_fn (vlib_main_t * vm, { clib_warning("no match for internal host %U", format_ip4_address, &ip0->src_address); + b0->error = node->errors[SNAT_IN2OUT_ERROR_NO_TRANSLATION]; goto trace0; } @@ -1419,10 +1420,10 @@ snat_det_in2out_node_fn (vlib_main_t * vm, { key0.ext_host_addr = ip0->dst_address; key0.ext_host_port = tcp0->dst; - for (i = 0; i < dm0->ports_per_host; i++) + for (i0 = 0; i0 < dm0->ports_per_host; i0++) { - key0.out_port = clib_host_to_net_u16 (lo_port0 + i + - (clib_net_to_host_u16 (tcp0->src) % dm0->ports_per_host)); + key0.out_port = clib_host_to_net_u16 (lo_port0 + + ((i0 + clib_net_to_host_u16 (tcp0->src)) % dm0->ports_per_host)); if (snat_det_get_ses_by_out (dm0, &ip0->src_address, key0.as_u64)) continue; @@ -1433,6 +1434,7 @@ snat_det_in2out_node_fn (vlib_main_t * vm, if (PREDICT_FALSE(!ses0)) { next0 = SNAT_IN2OUT_NEXT_DROP; + b0->error = node->errors[SNAT_IN2OUT_ERROR_OUT_OF_PORTS]; goto trace0; } } @@ -1528,6 +1530,7 @@ snat_det_in2out_node_fn (vlib_main_t * vm, { clib_warning("no match for internal host %U", format_ip4_address, &ip0->src_address); + b1->error = node->errors[SNAT_IN2OUT_ERROR_NO_TRANSLATION]; goto trace1; } @@ -1539,10 +1542,10 @@ snat_det_in2out_node_fn (vlib_main_t * vm, { key1.ext_host_addr = ip1->dst_address; key1.ext_host_port = tcp1->dst; - for (i = 0; i < dm1->ports_per_host; i++) + for (i1 = 0; i1 < dm1->ports_per_host; i1++) { - key1.out_port = clib_host_to_net_u16 (lo_port1 + i + - (clib_net_to_host_u16 (tcp1->src) % dm1->ports_per_host)); + key1.out_port = clib_host_to_net_u16 (lo_port1 + + ((i1 + clib_net_to_host_u16 (tcp1->src)) % dm1->ports_per_host)); if (snat_det_get_ses_by_out (dm1, &ip1->src_address, key1.as_u64)) continue; @@ -1553,6 +1556,7 @@ snat_det_in2out_node_fn (vlib_main_t * vm, if (PREDICT_FALSE(!ses1)) { next1 = SNAT_IN2OUT_NEXT_DROP; + b1->error = node->errors[SNAT_IN2OUT_ERROR_OUT_OF_PORTS]; goto trace1; } } @@ -1652,7 +1656,7 @@ snat_det_in2out_node_fn (vlib_main_t * vm, ip4_header_t * ip0; ip_csum_t sum0; ip4_address_t new_addr0, old_addr0; - u16 old_port0, new_port0, lo_port0, i; + u16 old_port0, new_port0, lo_port0, i0; udp_header_t * udp0; tcp_header_t * tcp0; u32 proto0; @@ -1682,6 +1686,7 @@ snat_det_in2out_node_fn (vlib_main_t * vm, { clib_warning("no match for internal host %U", format_ip4_address, &ip0->src_address); + b0->error = node->errors[SNAT_IN2OUT_ERROR_NO_TRANSLATION]; goto trace00; } @@ -1692,10 +1697,10 @@ snat_det_in2out_node_fn (vlib_main_t * vm, { key0.ext_host_addr = ip0->dst_address; key0.ext_host_port = tcp0->dst; - for (i = 0; i < dm0->ports_per_host; i++) + for (i0 = 0; i0 < dm0->ports_per_host; i0++) { - key0.out_port = clib_host_to_net_u16 (lo_port0 + i + - (clib_net_to_host_u16 (tcp0->src) % dm0->ports_per_host)); + key0.out_port = clib_host_to_net_u16 (lo_port0 + + ((i0 + clib_net_to_host_u16 (tcp0->src)) % dm0->ports_per_host)); if (snat_det_get_ses_by_out (dm0, &ip0->src_address, key0.as_u64)) continue; @@ -1706,6 +1711,7 @@ snat_det_in2out_node_fn (vlib_main_t * vm, if (PREDICT_FALSE(!ses0)) { next0 = SNAT_IN2OUT_NEXT_DROP; + b0->error = node->errors[SNAT_IN2OUT_ERROR_OUT_OF_PORTS]; goto trace00; } } diff --git a/src/plugins/snat/out2in.c b/src/plugins/snat/out2in.c index 9b4c73d779e..178aa560940 100644 --- a/src/plugins/snat/out2in.c +++ b/src/plugins/snat/out2in.c @@ -1081,6 +1081,7 @@ snat_det_out2in_node_fn (vlib_main_t * vm, clib_warning("unknown dst address: %U", format_ip4_address, &ip0->dst_address); next0 = SNAT_OUT2IN_NEXT_DROP; + b0->error = node->errors[SNAT_OUT2IN_ERROR_NO_TRANSLATION]; goto trace0; } @@ -1090,12 +1091,14 @@ snat_det_out2in_node_fn (vlib_main_t * vm, ses0 = snat_det_get_ses_by_out (dm0, &new_addr0, key0.as_u64); if (PREDICT_FALSE(!ses0)) { - clib_warning("no match src %U:%d dst %d for user %U", - format_ip4_address, &ip0->dst_address, + clib_warning("no match src %U:%d dst %U:%d for user %U", + format_ip4_address, &ip0->src_address, clib_net_to_host_u16 (tcp0->src), + format_ip4_address, &ip0->dst_address, clib_net_to_host_u16 (tcp0->dst), format_ip4_address, &new_addr0); next0 = SNAT_OUT2IN_NEXT_DROP; + b0->error = node->errors[SNAT_OUT2IN_ERROR_NO_TRANSLATION]; goto trace0; } new_port0 = ses0->in_port; @@ -1173,6 +1176,7 @@ snat_det_out2in_node_fn (vlib_main_t * vm, clib_warning("unknown dst address: %U", format_ip4_address, &ip1->dst_address); next1 = SNAT_OUT2IN_NEXT_DROP; + b1->error = node->errors[SNAT_OUT2IN_ERROR_NO_TRANSLATION]; goto trace1; } @@ -1182,12 +1186,14 @@ snat_det_out2in_node_fn (vlib_main_t * vm, ses1 = snat_det_get_ses_by_out (dm1, &new_addr1, key1.as_u64); if (PREDICT_FALSE(!ses1)) { - clib_warning("no match src %U:%d dst %d for user %U", - format_ip4_address, &ip1->dst_address, + clib_warning("no match src %U:%d dst %U:%d for user %U", + format_ip4_address, &ip1->src_address, clib_net_to_host_u16 (tcp1->src), + format_ip4_address, &ip1->dst_address, clib_net_to_host_u16 (tcp1->dst), format_ip4_address, &new_addr1); next1 = SNAT_OUT2IN_NEXT_DROP; + b1->error = node->errors[SNAT_OUT2IN_ERROR_NO_TRANSLATION]; goto trace1; } new_port1 = ses1->in_port; @@ -1296,6 +1302,7 @@ snat_det_out2in_node_fn (vlib_main_t * vm, clib_warning("unknown dst address: %U", format_ip4_address, &ip0->dst_address); next0 = SNAT_OUT2IN_NEXT_DROP; + b0->error = node->errors[SNAT_OUT2IN_ERROR_NO_TRANSLATION]; goto trace00; } @@ -1305,12 +1312,14 @@ snat_det_out2in_node_fn (vlib_main_t * vm, ses0 = snat_det_get_ses_by_out (dm0, &new_addr0, key0.as_u64); if (PREDICT_FALSE(!ses0)) { - clib_warning("no match src %U:%d dst %d for user %U", - format_ip4_address, &ip0->dst_address, + clib_warning("no match src %U:%d dst %U:%d for user %U", + format_ip4_address, &ip0->src_address, clib_net_to_host_u16 (tcp0->src), + format_ip4_address, &ip0->dst_address, clib_net_to_host_u16 (tcp0->dst), format_ip4_address, &new_addr0); next0 = SNAT_OUT2IN_NEXT_DROP; + b0->error = node->errors[SNAT_OUT2IN_ERROR_NO_TRANSLATION]; goto trace00; } new_port0 = ses0->in_port; -- 2.16.6