2 * Copyright (c) 2016 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
17 #include <vnet/fib/ip4_fib.h>
19 #include <vnet/gre/packet.h>
20 #include <lb/lbhash.h>
22 #define foreach_lb_error \
24 _(PROTO_NOT_SUPPORTED, "protocol not supported")
28 #define _(sym,str) LB_ERROR_##sym,
34 static char *lb_error_strings[] =
36 #define _(sym,string) string,
52 } lb_nodeport_trace_t;
63 format_lb_trace (u8 * s, va_list * args)
65 lb_main_t *lbm = &lb_main;
66 CLIB_UNUSED(vlib_main_t * vm)
67 = va_arg (*args, vlib_main_t *);
68 CLIB_UNUSED(vlib_node_t * node)
69 = va_arg (*args, vlib_node_t *);
70 lb_trace_t *t = va_arg (*args, lb_trace_t *);
71 if (pool_is_free_index(lbm->vips, t->vip_index))
73 s = format (s, "lb vip[%d]: This VIP was freed since capture\n");
77 s = format (s, "lb vip[%d]: %U\n", t->vip_index, format_lb_vip,
78 &lbm->vips[t->vip_index]);
80 if (pool_is_free_index(lbm->ass, t->as_index))
82 s = format (s, "lb as[%d]: This AS was freed since capture\n");
86 s = format (s, "lb as[%d]: %U\n", t->as_index, format_lb_as,
87 &lbm->ass[t->as_index]);
93 format_lb_nat_trace (u8 * s, va_list * args)
95 lb_main_t *lbm = &lb_main;
96 CLIB_UNUSED(vlib_main_t * vm)
97 = va_arg (*args, vlib_main_t *);
98 CLIB_UNUSED(vlib_node_t * node)
99 = va_arg (*args, vlib_node_t *);
100 lb_nat_trace_t *t = va_arg (*args, lb_nat_trace_t *);
102 if (pool_is_free_index(lbm->vips, t->vip_index))
104 s = format (s, "lb vip[%d]: This VIP was freed since capture\n");
108 s = format (s, "lb vip[%d]: %U\n", t->vip_index, format_lb_vip,
109 &lbm->vips[t->vip_index]);
111 if (pool_is_free_index(lbm->ass, t->as_index))
113 s = format (s, "lb as[%d]: This AS was freed since capture\n");
117 s = format (s, "lb as[%d]: %U\n", t->as_index, format_lb_as,
118 &lbm->ass[t->as_index]);
120 s = format (s, "lb nat: rx_sw_if_index = %d, next_index = %d",
121 t->rx_sw_if_index, t->next_index);
127 lb_get_sticky_table (u32 thread_index)
129 lb_main_t *lbm = &lb_main;
130 lb_hash_t *sticky_ht = lbm->per_cpu[thread_index].sticky_ht;
131 //Check if size changed
133 sticky_ht && (lbm->per_cpu_sticky_buckets != lb_hash_nbuckets(sticky_ht))))
135 //Dereference everything in there
138 lb_hash_foreach_entry(sticky_ht, b, i)
140 vlib_refcount_add (&lbm->as_refcount, thread_index, b->value[i], -1);
141 vlib_refcount_add (&lbm->as_refcount, thread_index, 0, 1);
144 lb_hash_free (sticky_ht);
148 //Create if necessary
149 if (PREDICT_FALSE(sticky_ht == NULL))
151 lbm->per_cpu[thread_index].sticky_ht = lb_hash_alloc (
152 lbm->per_cpu_sticky_buckets, lbm->flow_timeout);
153 sticky_ht = lbm->per_cpu[thread_index].sticky_ht;
154 clib_warning("Regenerated sticky table %p", sticky_ht);
160 sticky_ht->timeout = lbm->flow_timeout;
165 lb_node_get_other_ports4 (ip4_header_t *ip40)
171 lb_node_get_other_ports6 (ip6_header_t *ip60)
176 static_always_inline u32
177 lb_node_get_hash (vlib_buffer_t *p, u8 is_input_v4)
184 ip40 = vlib_buffer_get_current (p);
186 ip40->protocol == IP_PROTOCOL_TCP
187 || ip40->protocol == IP_PROTOCOL_UDP))
188 ports = ((u64) ((udp_header_t *) (ip40 + 1))->src_port << 16)
189 | ((u64) ((udp_header_t *) (ip40 + 1))->dst_port);
191 ports = lb_node_get_other_ports4 (ip40);
193 hash = lb_hash_hash (*((u64 *) &ip40->address_pair), ports, 0, 0, 0);
198 ip60 = vlib_buffer_get_current (p);
201 ip60->protocol == IP_PROTOCOL_TCP
202 || ip60->protocol == IP_PROTOCOL_UDP))
203 ports = ((u64) ((udp_header_t *) (ip60 + 1))->src_port << 16)
204 | ((u64) ((udp_header_t *) (ip60 + 1))->dst_port);
206 ports = lb_node_get_other_ports6 (ip60);
208 hash = lb_hash_hash (ip60->src_address.as_u64[0],
209 ip60->src_address.as_u64[1],
210 ip60->dst_address.as_u64[0],
211 ip60->dst_address.as_u64[1], ports);
216 static_always_inline uword
217 lb_node_fn (vlib_main_t * vm, vlib_node_runtime_t * node, vlib_frame_t * frame,
218 u8 is_input_v4, //Compile-time parameter stating that is input is v4 (or v6)
219 lb_encap_type_t encap_type) //Compile-time parameter is GRE4/GRE6/L3DSR/NAT4/NAT6
221 lb_main_t *lbm = &lb_main;
222 u32 n_left_from, *from, next_index, *to_next, n_left_to_next;
223 u32 thread_index = vlib_get_thread_index ();
224 u32 lb_time = lb_hash_time_now (vm);
226 lb_hash_t *sticky_ht = lb_get_sticky_table (thread_index);
227 from = vlib_frame_vector_args (frame);
228 n_left_from = frame->n_vectors;
229 next_index = node->cached_next_index;
232 if (PREDICT_TRUE(n_left_from > 0))
233 nexthash0 = lb_node_get_hash (vlib_get_buffer (vm, from[0]), is_input_v4);
235 while (n_left_from > 0)
237 vlib_get_next_frame(vm, node, next_index, to_next, n_left_to_next);
238 while (n_left_from > 0 && n_left_to_next > 0)
245 u32 available_index0;
247 u32 hash0 = nexthash0;
249 if (PREDICT_TRUE(n_left_from > 1))
251 vlib_buffer_t *p1 = vlib_get_buffer (vm, from[1]);
252 //Compute next hash and prefetch bucket
253 nexthash0 = lb_node_get_hash (p1, is_input_v4);
254 lb_hash_prefetch_bucket (sticky_ht, nexthash0);
255 //Prefetch for encap, next
256 CLIB_PREFETCH(vlib_buffer_get_current (p1) - 64, 64, STORE);
259 if (PREDICT_TRUE(n_left_from > 2))
262 p2 = vlib_get_buffer (vm, from[2]);
263 /* prefetch packet header and data */
264 vlib_prefetch_buffer_header(p2, STORE);
265 CLIB_PREFETCH(vlib_buffer_get_current (p2), 64, STORE);
268 pi0 = to_next[0] = from[0];
274 p0 = vlib_get_buffer (vm, pi0);
275 vip0 = pool_elt_at_index(lbm->vips,
276 vnet_buffer (p0)->ip.adj_index[VLIB_TX]);
281 ip40 = vlib_buffer_get_current (p0);
282 len0 = clib_net_to_host_u16 (ip40->length);
287 ip60 = vlib_buffer_get_current (p0);
288 len0 = clib_net_to_host_u16 (ip60->payload_length)
289 + sizeof(ip6_header_t);
292 lb_hash_get (sticky_ht, hash0,
293 vnet_buffer (p0)->ip.adj_index[VLIB_TX], lb_time,
294 &available_index0, &asindex0);
296 if (PREDICT_TRUE(asindex0 != ~0))
298 //Found an existing entry
299 counter = LB_VIP_COUNTER_NEXT_PACKET;
301 else if (PREDICT_TRUE(available_index0 != ~0))
303 //There is an available slot for a new flow
305 vip0->new_flow_table[hash0 & vip0->new_flow_table_mask].as_index;
306 counter = LB_VIP_COUNTER_FIRST_PACKET;
307 counter = (asindex0 == 0) ? LB_VIP_COUNTER_NO_SERVER : counter;
309 //TODO: There are race conditions with as0 and vip0 manipulation.
310 //Configuration may be changed, vectors resized, etc...
312 //Dereference previously used
314 &lbm->as_refcount, thread_index,
315 lb_hash_available_value (sticky_ht, hash0, available_index0),
317 vlib_refcount_add (&lbm->as_refcount, thread_index, asindex0, 1);
320 //Note that when there is no AS configured, an entry is configured anyway.
321 //But no configured AS is not something that should happen
322 lb_hash_put (sticky_ht, hash0, asindex0,
323 vnet_buffer (p0)->ip.adj_index[VLIB_TX],
324 available_index0, lb_time);
328 //Could not store new entry in the table
330 vip0->new_flow_table[hash0 & vip0->new_flow_table_mask].as_index;
331 counter = LB_VIP_COUNTER_UNTRACKED_PACKET;
334 vlib_increment_simple_counter (
335 &lbm->vip_counters[counter], thread_index,
336 vnet_buffer (p0)->ip.adj_index[VLIB_TX],
340 if ((encap_type == LB_ENCAP_TYPE_GRE4)
341 || (encap_type == LB_ENCAP_TYPE_GRE6))
344 if (encap_type == LB_ENCAP_TYPE_GRE4) /* encap GRE4*/
347 vlib_buffer_advance (
348 p0, -sizeof(ip4_header_t) - sizeof(gre_header_t));
349 ip40 = vlib_buffer_get_current (p0);
350 gre0 = (gre_header_t *) (ip40 + 1);
351 ip40->src_address = lbm->ip4_src_address;
352 ip40->dst_address = lbm->ass[asindex0].address.ip4;
353 ip40->ip_version_and_header_length = 0x45;
355 ip40->fragment_id = 0;
356 ip40->flags_and_fragment_offset = 0;
357 ip40->length = clib_host_to_net_u16 (
358 len0 + sizeof(gre_header_t) + sizeof(ip4_header_t));
359 ip40->protocol = IP_PROTOCOL_GRE;
360 ip40->checksum = ip4_header_checksum (ip40);
365 vlib_buffer_advance (
366 p0, -sizeof(ip6_header_t) - sizeof(gre_header_t));
367 ip60 = vlib_buffer_get_current (p0);
368 gre0 = (gre_header_t *) (ip60 + 1);
369 ip60->dst_address = lbm->ass[asindex0].address.ip6;
370 ip60->src_address = lbm->ip6_src_address;
371 ip60->hop_limit = 128;
372 ip60->ip_version_traffic_class_and_flow_label =
373 clib_host_to_net_u32 (0x6 << 28);
374 ip60->payload_length = clib_host_to_net_u16 (
375 len0 + sizeof(gre_header_t));
376 ip60->protocol = IP_PROTOCOL_GRE;
379 gre0->flags_and_version = 0;
382 clib_host_to_net_u16 (0x0800) :
383 clib_host_to_net_u16 (0x86DD);
385 else if (encap_type == LB_ENCAP_TYPE_L3DSR) /* encap L3DSR*/
393 ip40 = vlib_buffer_get_current (p0);
394 old_dst = ip40->dst_address.as_u32;
395 old_dscp = ip40->tos;
396 ip40->dst_address = lbm->ass[asindex0].address.ip4;
397 /* Get and rewrite DSCP bit */
398 ip40->tos = (u8) ((vip0->encap_args.dscp & 0x3F) << 2);
400 csum = ip40->checksum;
401 csum = ip_csum_sub_even (csum, old_dst);
402 csum = ip_csum_sub_even (csum, old_dscp);
403 csum = ip_csum_add_even (csum,
404 lbm->ass[asindex0].address.ip4.as_u32);
405 csum = ip_csum_add_even (csum, ip40->tos);
406 ip40->checksum = ip_csum_fold (csum);
408 /* Recomputing L4 checksum after dst-IP modifying */
409 th0 = ip4_next_header (ip40);
411 th0->checksum = ip4_tcp_udp_compute_checksum (vm, p0, ip40);
413 else if ((encap_type == LB_ENCAP_TYPE_NAT4)
414 || (encap_type == LB_ENCAP_TYPE_NAT6))
420 if ((is_input_v4 == 1) && (encap_type == LB_ENCAP_TYPE_NAT4))
425 ip40 = vlib_buffer_get_current (p0);
426 uh = (udp_header_t *) (ip40 + 1);
427 old_dst = ip40->dst_address.as_u32;
428 ip40->dst_address = lbm->ass[asindex0].address.ip4;
430 csum = ip40->checksum;
431 csum = ip_csum_sub_even (csum, old_dst);
432 csum = ip_csum_add_even (
433 csum, lbm->ass[asindex0].address.ip4.as_u32);
434 ip40->checksum = ip_csum_fold (csum);
436 if ((ip40->protocol == IP_PROTOCOL_UDP)
437 || (uh->dst_port == vip0->encap_args.port))
439 uh->dst_port = vip0->encap_args.target_port;
441 csum = ip_csum_sub_even (csum, old_dst);
442 csum = ip_csum_add_even (
443 csum, lbm->ass[asindex0].address.ip4.as_u32);
444 uh->checksum = ip_csum_fold (csum);
448 next_index = LB_NEXT_DROP;
451 else if ((is_input_v4 == 0) && (encap_type == LB_ENCAP_TYPE_NAT6))
455 ip6_address_t old_dst;
457 ip60 = vlib_buffer_get_current (p0);
458 uh = (udp_header_t *) (ip60 + 1);
460 old_dst.as_u64[0] = ip60->dst_address.as_u64[0];
461 old_dst.as_u64[1] = ip60->dst_address.as_u64[1];
462 ip60->dst_address.as_u64[0] =
463 lbm->ass[asindex0].address.ip6.as_u64[0];
464 ip60->dst_address.as_u64[1] =
465 lbm->ass[asindex0].address.ip6.as_u64[1];
467 if (PREDICT_TRUE(ip60->protocol == IP_PROTOCOL_UDP))
469 uh->dst_port = vip0->encap_args.target_port;
471 csum = ip_csum_sub_even (csum, old_dst.as_u64[0]);
472 csum = ip_csum_sub_even (csum, old_dst.as_u64[1]);
473 csum = ip_csum_add_even (
474 csum, lbm->ass[asindex0].address.ip6.as_u64[0]);
475 csum = ip_csum_add_even (
476 csum, lbm->ass[asindex0].address.ip6.as_u64[1]);
477 uh->checksum = ip_csum_fold (csum);
481 next_index = LB_NEXT_DROP;
486 if (PREDICT_FALSE(p0->flags & VLIB_BUFFER_IS_TRACED))
488 lb_trace_t *tr = vlib_add_trace (vm, node, p0, sizeof(*tr));
489 tr->as_index = asindex0;
490 tr->vip_index = vnet_buffer (p0)->ip.adj_index[VLIB_TX];
494 //Note that this is going to error if asindex0 == 0
495 vnet_buffer (p0)->ip.adj_index[VLIB_TX] =
496 lbm->ass[asindex0].dpo.dpoi_index;
497 vlib_validate_buffer_enqueue_x1(
498 vm, node, next_index, to_next, n_left_to_next, pi0,
499 lbm->ass[asindex0].dpo.dpoi_next_node);
501 vlib_put_next_frame (vm, node, next_index, n_left_to_next);
504 return frame->n_vectors;
508 format_nodeport_lb_trace (u8 * s, va_list * args)
510 lb_main_t *lbm = &lb_main;
511 CLIB_UNUSED(vlib_main_t * vm)
512 = va_arg (*args, vlib_main_t *);
513 CLIB_UNUSED(vlib_node_t * node)
514 = va_arg (*args, vlib_node_t *);
515 lb_nodeport_trace_t *t = va_arg (*args, lb_nodeport_trace_t *);
516 if (pool_is_free_index(lbm->vips, t->vip_index))
518 s = format (s, "lb vip[%d]: This VIP was freed since capture\n");
522 s = format (s, "lb vip[%d]: %U\n", t->vip_index, format_lb_vip,
523 &lbm->vips[t->vip_index]);
526 s = format (s, " lb node_port: %d", t->node_port);
532 lb_nodeport_node_fn (vlib_main_t * vm, vlib_node_runtime_t * node,
533 vlib_frame_t * frame, u8 is_input_v4)
535 lb_main_t *lbm = &lb_main;
536 u32 n_left_from, *from, next_index, *to_next, n_left_to_next;
538 from = vlib_frame_vector_args (frame);
539 n_left_from = frame->n_vectors;
540 next_index = node->cached_next_index;
542 while (n_left_from > 0)
544 vlib_get_next_frame(vm, node, next_index, to_next, n_left_to_next);
546 while (n_left_from > 0 && n_left_to_next > 0)
550 udp_header_t * udp_0;
553 if (PREDICT_TRUE(n_left_from > 1))
555 vlib_buffer_t *p1 = vlib_get_buffer (vm, from[1]);
556 //Prefetch for encap, next
557 CLIB_PREFETCH(vlib_buffer_get_current (p1) - 64, 64, STORE);
560 if (PREDICT_TRUE(n_left_from > 2))
563 p2 = vlib_get_buffer (vm, from[2]);
564 /* prefetch packet header and data */
565 vlib_prefetch_buffer_header(p2, STORE);
566 CLIB_PREFETCH(vlib_buffer_get_current (p2), 64, STORE);
569 pi0 = to_next[0] = from[0];
575 p0 = vlib_get_buffer (vm, pi0);
580 vlib_buffer_advance (
581 p0, -(word) (sizeof(udp_header_t) + sizeof(ip4_header_t)));
582 ip40 = vlib_buffer_get_current (p0);
583 udp_0 = (udp_header_t *) (ip40 + 1);
588 vlib_buffer_advance (
589 p0, -(word) (sizeof(udp_header_t) + sizeof(ip6_header_t)));
590 ip60 = vlib_buffer_get_current (p0);
591 udp_0 = (udp_header_t *) (ip60 + 1);
594 entry0 = hash_get_mem(lbm->vip_index_by_nodeport, &(udp_0->dst_port));
597 vnet_buffer(p0)->ip.adj_index[VLIB_TX] = entry0[0];
599 if (PREDICT_FALSE(p0->flags & VLIB_BUFFER_IS_TRACED))
601 lb_nodeport_trace_t *tr = vlib_add_trace (vm, node, p0,
603 tr->vip_index = entry0[0];
604 tr->node_port = (u32) clib_net_to_host_u16 (udp_0->dst_port);
607 vlib_validate_buffer_enqueue_x1(vm, node, next_index, to_next,
610 LB4_NODEPORT_NEXT_IP4_NAT4 : LB6_NODEPORT_NEXT_IP6_NAT6);
612 vlib_put_next_frame (vm, node, next_index, n_left_to_next);
615 return frame->n_vectors;
620 * @brief Match NAT44 static mapping.
622 * @param sm NAT main.
623 * @param match Address and port to match.
624 * @param index index to the pool.
626 * @returns 0 if match found, otherwise -1.
629 lb_nat44_mapping_match (lb_main_t *lbm, lb_snat4_key_t * match, u32 *index)
631 clib_bihash_kv_8_8_t kv4, value;
632 clib_bihash_8_8_t *mapping_hash = &lbm->mapping_by_as4;
634 kv4.key = match->as_u64;
636 if (clib_bihash_search_8_8 (mapping_hash, &kv4, &value))
641 *index = value.value;
646 * @brief Match NAT66 static mapping.
648 * @param sm NAT main.
649 * @param match Address and port to match.
650 * @param mapping External or local address and port of the matched mapping.
652 * @returns 0 if match found otherwise 1.
655 lb_nat66_mapping_match (lb_main_t *lbm, lb_snat6_key_t * match, u32 *index)
657 clib_bihash_kv_24_8_t kv6, value;
658 lb_snat6_key_t m_key6;
659 clib_bihash_24_8_t *mapping_hash = &lbm->mapping_by_as6;
661 m_key6.addr.as_u64[0] = match->addr.as_u64[0];
662 m_key6.addr.as_u64[1] = match->addr.as_u64[1];
663 m_key6.port = match->port;
665 m_key6.fib_index = 0;
667 kv6.key[0] = m_key6.as_u64[0];
668 kv6.key[1] = m_key6.as_u64[1];
669 kv6.key[2] = m_key6.as_u64[2];
671 if (clib_bihash_search_24_8 (mapping_hash, &kv6, &value))
676 *index = value.value;
681 lb_nat_in2out_node_fn (vlib_main_t * vm, vlib_node_runtime_t * node,
682 vlib_frame_t * frame, u32 is_nat4)
684 u32 n_left_from, *from, *to_next;
686 u32 pkts_processed = 0;
687 lb_main_t *lbm = &lb_main;
688 u32 stats_node_index;
691 is_nat4 ? lb_nat4_in2out_node.index : lb_nat6_in2out_node.index;
693 from = vlib_frame_vector_args (frame);
694 n_left_from = frame->n_vectors;
695 next_index = node->cached_next_index;
697 while (n_left_from > 0)
701 vlib_get_next_frame(vm, node, next_index, to_next, n_left_to_next);
703 while (n_left_from > 0 && n_left_to_next > 0)
710 u16 old_port0, new_port0;
717 /* speculatively enqueue b0 to the current next frame */
725 b0 = vlib_get_buffer (vm, bi0);
726 next0 = LB_NAT4_IN2OUT_NEXT_LOOKUP;
727 sw_if_index0 = vnet_buffer(b0)->sw_if_index[VLIB_RX];
728 rx_fib_index0 = ip4_fib_table_get_index_for_sw_if_index (
734 u32 old_addr0, new_addr0;
735 lb_snat4_key_t key40;
736 lb_snat_mapping_t *sm40;
739 ip40 = vlib_buffer_get_current (b0);
740 udp0 = ip4_next_header (ip40);
741 tcp0 = (tcp_header_t *) udp0;
742 proto0 = lb_ip_proto_to_nat_proto (ip40->protocol);
744 key40.addr = ip40->src_address;
745 key40.protocol = proto0;
746 key40.port = udp0->src_port;
747 key40.fib_index = rx_fib_index0;
749 if (lb_nat44_mapping_match (lbm, &key40, &index40))
751 next0 = LB_NAT4_IN2OUT_NEXT_DROP;
755 sm40 = pool_elt_at_index(lbm->snat_mappings, index40);
756 new_addr0 = sm40->src_ip.ip4.as_u32;
757 new_port0 = sm40->src_port;
758 vnet_buffer(b0)->sw_if_index[VLIB_TX] = sm40->fib_index;
759 old_addr0 = ip40->src_address.as_u32;
760 ip40->src_address.as_u32 = new_addr0;
762 csum = ip40->checksum;
763 csum = ip_csum_sub_even (csum, old_addr0);
764 csum = ip_csum_add_even (csum, new_addr0);
765 ip40->checksum = ip_csum_fold (csum);
767 if (PREDICT_TRUE(proto0 == LB_NAT_PROTOCOL_TCP))
769 old_port0 = tcp0->src_port;
770 tcp0->src_port = new_port0;
772 csum = tcp0->checksum;
773 csum = ip_csum_sub_even (csum, old_addr0);
774 csum = ip_csum_sub_even (csum, old_port0);
775 csum = ip_csum_add_even (csum, new_addr0);
776 csum = ip_csum_add_even (csum, new_port0);
777 tcp0->checksum = ip_csum_fold (csum);
779 else if (PREDICT_TRUE(proto0 == LB_NAT_PROTOCOL_UDP))
781 old_port0 = udp0->src_port;
782 udp0->src_port = new_port0;
784 csum = udp0->checksum;
785 csum = ip_csum_sub_even (csum, old_addr0);
786 csum = ip_csum_sub_even (csum, old_port0);
787 csum = ip_csum_add_even (csum, new_addr0);
788 csum = ip_csum_add_even (csum, new_port0);
789 udp0->checksum = ip_csum_fold (csum);
792 pkts_processed += next0 != LB_NAT4_IN2OUT_NEXT_DROP;
797 ip6_address_t old_addr0, new_addr0;
798 lb_snat6_key_t key60;
799 lb_snat_mapping_t *sm60;
802 ip60 = vlib_buffer_get_current (b0);
803 udp0 = ip6_next_header (ip60);
804 tcp0 = (tcp_header_t *) udp0;
805 proto0 = lb_ip_proto_to_nat_proto (ip60->protocol);
807 key60.addr.as_u64[0] = ip60->src_address.as_u64[0];
808 key60.addr.as_u64[1] = ip60->src_address.as_u64[1];
809 key60.protocol = proto0;
810 key60.port = udp0->src_port;
811 key60.fib_index = rx_fib_index0;
813 if (lb_nat66_mapping_match (lbm, &key60, &index60))
815 next0 = LB_NAT6_IN2OUT_NEXT_DROP;
819 sm60 = pool_elt_at_index(lbm->snat_mappings, index60);
820 new_addr0.as_u64[0] = sm60->src_ip.as_u64[0];
821 new_addr0.as_u64[1] = sm60->src_ip.as_u64[1];
822 new_port0 = sm60->src_port;
823 vnet_buffer(b0)->sw_if_index[VLIB_TX] = sm60->fib_index;
824 old_addr0.as_u64[0] = ip60->src_address.as_u64[0];
825 old_addr0.as_u64[1] = ip60->src_address.as_u64[1];
826 ip60->src_address.as_u64[0] = new_addr0.as_u64[0];
827 ip60->src_address.as_u64[1] = new_addr0.as_u64[1];
829 if (PREDICT_TRUE(proto0 == LB_NAT_PROTOCOL_TCP))
831 old_port0 = tcp0->src_port;
832 tcp0->src_port = new_port0;
834 csum = tcp0->checksum;
835 csum = ip_csum_sub_even (csum, old_addr0.as_u64[0]);
836 csum = ip_csum_sub_even (csum, old_addr0.as_u64[1]);
837 csum = ip_csum_add_even (csum, new_addr0.as_u64[0]);
838 csum = ip_csum_add_even (csum, new_addr0.as_u64[1]);
839 csum = ip_csum_sub_even (csum, old_port0);
840 csum = ip_csum_add_even (csum, new_port0);
841 tcp0->checksum = ip_csum_fold (csum);
843 else if (PREDICT_TRUE(proto0 == LB_NAT_PROTOCOL_UDP))
845 old_port0 = udp0->src_port;
846 udp0->src_port = new_port0;
848 csum = udp0->checksum;
849 csum = ip_csum_sub_even (csum, old_addr0.as_u64[0]);
850 csum = ip_csum_sub_even (csum, old_addr0.as_u64[1]);
851 csum = ip_csum_add_even (csum, new_addr0.as_u64[0]);
852 csum = ip_csum_add_even (csum, new_addr0.as_u64[1]);
853 csum = ip_csum_sub_even (csum, old_port0);
854 csum = ip_csum_add_even (csum, new_port0);
855 udp0->checksum = ip_csum_fold (csum);
858 pkts_processed += next0 != LB_NAT4_IN2OUT_NEXT_DROP;
861 trace0: if (PREDICT_FALSE(
862 (node->flags & VLIB_NODE_FLAG_TRACE) && (b0->flags & VLIB_BUFFER_IS_TRACED)))
864 lb_nat_trace_t *t = vlib_add_trace (vm, node, b0, sizeof(*t));
865 t->rx_sw_if_index = sw_if_index0;
866 t->next_index = next0;
869 /* verify speculative enqueue, maybe switch current next frame */
870 vlib_validate_buffer_enqueue_x1(vm, node, next_index, to_next,
871 n_left_to_next, bi0, next0);
874 vlib_put_next_frame (vm, node, next_index, n_left_to_next);
877 vlib_node_increment_counter (vm, stats_node_index,
878 LB_NAT_IN2OUT_ERROR_IN2OUT_PACKETS,
880 return frame->n_vectors;
884 lb6_gre6_node_fn (vlib_main_t * vm, vlib_node_runtime_t * node,
885 vlib_frame_t * frame)
887 return lb_node_fn (vm, node, frame, 0, LB_ENCAP_TYPE_GRE6);
891 lb6_gre4_node_fn (vlib_main_t * vm, vlib_node_runtime_t * node,
892 vlib_frame_t * frame)
894 return lb_node_fn (vm, node, frame, 0, LB_ENCAP_TYPE_GRE4);
898 lb4_gre6_node_fn (vlib_main_t * vm, vlib_node_runtime_t * node,
899 vlib_frame_t * frame)
901 return lb_node_fn (vm, node, frame, 1, LB_ENCAP_TYPE_GRE6);
905 lb4_gre4_node_fn (vlib_main_t * vm, vlib_node_runtime_t * node,
906 vlib_frame_t * frame)
908 return lb_node_fn (vm, node, frame, 1, LB_ENCAP_TYPE_GRE4);
912 lb4_l3dsr_node_fn (vlib_main_t * vm, vlib_node_runtime_t * node,
913 vlib_frame_t * frame)
915 return lb_node_fn (vm, node, frame, 1, LB_ENCAP_TYPE_L3DSR);
919 lb6_nat6_node_fn (vlib_main_t * vm, vlib_node_runtime_t * node,
920 vlib_frame_t * frame)
922 return lb_node_fn (vm, node, frame, 0, LB_ENCAP_TYPE_NAT6);
926 lb4_nat4_node_fn (vlib_main_t * vm, vlib_node_runtime_t * node,
927 vlib_frame_t * frame)
929 return lb_node_fn (vm, node, frame, 1, LB_ENCAP_TYPE_NAT4);
933 lb_nat4_in2out_node_fn (vlib_main_t * vm, vlib_node_runtime_t * node,
934 vlib_frame_t * frame)
936 return lb_nat_in2out_node_fn (vm, node, frame, 1);
940 lb_nat6_in2out_node_fn (vlib_main_t * vm, vlib_node_runtime_t * node,
941 vlib_frame_t * frame)
943 return lb_nat_in2out_node_fn (vm, node, frame, 0);
946 VLIB_REGISTER_NODE (lb6_gre6_node) =
948 .function = lb6_gre6_node_fn,
950 .vector_size = sizeof(u32),
951 .format_trace = format_lb_trace,
952 .n_errors = LB_N_ERROR, .error_strings = lb_error_strings,
953 .n_next_nodes = LB_N_NEXT,
955 { [LB_NEXT_DROP] = "error-drop" },
958 VLIB_REGISTER_NODE (lb6_gre4_node) =
960 .function = lb6_gre4_node_fn,
962 .vector_size = sizeof(u32),
963 .format_trace = format_lb_trace,
964 .n_errors = LB_N_ERROR,
965 .error_strings = lb_error_strings,
966 .n_next_nodes = LB_N_NEXT,
968 { [LB_NEXT_DROP] = "error-drop" },
971 VLIB_REGISTER_NODE (lb4_gre6_node) =
973 .function = lb4_gre6_node_fn,
975 .vector_size = sizeof(u32),
976 .format_trace = format_lb_trace,
977 .n_errors = LB_N_ERROR,
978 .error_strings = lb_error_strings,
979 .n_next_nodes = LB_N_NEXT,
981 { [LB_NEXT_DROP] = "error-drop" },
984 VLIB_REGISTER_NODE (lb4_gre4_node) =
986 .function = lb4_gre4_node_fn,
988 .vector_size = sizeof(u32),
989 .format_trace = format_lb_trace,
990 .n_errors = LB_N_ERROR,
991 .error_strings = lb_error_strings,
992 .n_next_nodes = LB_N_NEXT,
994 { [LB_NEXT_DROP] = "error-drop" },
997 VLIB_REGISTER_NODE (lb4_l3dsr_node) =
999 .function = lb4_l3dsr_node_fn,
1000 .name = "lb4-l3dsr",
1001 .vector_size = sizeof(u32),
1002 .format_trace = format_lb_trace,
1003 .n_errors = LB_N_ERROR,
1004 .error_strings = lb_error_strings,
1005 .n_next_nodes = LB_N_NEXT,
1007 { [LB_NEXT_DROP] = "error-drop" },
1010 VLIB_REGISTER_NODE (lb6_nat6_node) =
1012 .function = lb6_nat6_node_fn,
1014 .vector_size = sizeof(u32),
1015 .format_trace = format_lb_trace,
1016 .n_errors = LB_N_ERROR,
1017 .error_strings = lb_error_strings,
1018 .n_next_nodes = LB_N_NEXT,
1020 { [LB_NEXT_DROP] = "error-drop" },
1023 VLIB_REGISTER_NODE (lb4_nat4_node) =
1025 .function = lb4_nat4_node_fn,
1027 .vector_size = sizeof(u32),
1028 .format_trace = format_lb_trace,
1029 .n_errors = LB_N_ERROR,
1030 .error_strings = lb_error_strings,
1031 .n_next_nodes = LB_N_NEXT,
1033 { [LB_NEXT_DROP] = "error-drop" },
1037 lb4_nodeport_node_fn (vlib_main_t * vm, vlib_node_runtime_t * node,
1038 vlib_frame_t * frame)
1040 return lb_nodeport_node_fn (vm, node, frame, 1);
1044 lb6_nodeport_node_fn (vlib_main_t * vm, vlib_node_runtime_t * node,
1045 vlib_frame_t * frame)
1047 return lb_nodeport_node_fn (vm, node, frame, 0);
1050 VLIB_REGISTER_NODE (lb4_nodeport_node) =
1052 .function = lb4_nodeport_node_fn,
1053 .name = "lb4-nodeport",
1054 .vector_size = sizeof(u32),
1055 .format_trace = format_nodeport_lb_trace,
1056 .n_errors = LB_N_ERROR,
1057 .error_strings = lb_error_strings,
1058 .n_next_nodes = LB4_NODEPORT_N_NEXT,
1061 [LB4_NODEPORT_NEXT_IP4_NAT4] = "lb4-nat4",
1062 [LB4_NODEPORT_NEXT_DROP] = "error-drop",
1066 VLIB_REGISTER_NODE (lb6_nodeport_node) =
1068 .function = lb6_nodeport_node_fn,
1069 .name = "lb6-nodeport",
1070 .vector_size = sizeof(u32),
1071 .format_trace = format_nodeport_lb_trace,
1072 .n_errors = LB_N_ERROR,
1073 .error_strings = lb_error_strings,
1074 .n_next_nodes = LB6_NODEPORT_N_NEXT,
1077 [LB6_NODEPORT_NEXT_IP6_NAT6] = "lb6-nat6",
1078 [LB6_NODEPORT_NEXT_DROP] = "error-drop",
1082 VNET_FEATURE_INIT (lb_nat4_in2out_node_fn, static) =
1084 .arc_name = "ip4-unicast",
1085 .node_name = "lb-nat4-in2out",
1086 .runs_before = VNET_FEATURES("ip4-lookup"),
1089 VLIB_REGISTER_NODE (lb_nat4_in2out_node) =
1091 .function = lb_nat4_in2out_node_fn,
1092 .name = "lb-nat4-in2out",
1093 .vector_size = sizeof(u32),
1094 .format_trace = format_lb_nat_trace,
1095 .n_errors = LB_N_ERROR,
1096 .error_strings = lb_error_strings,
1097 .n_next_nodes = LB_NAT4_IN2OUT_N_NEXT,
1100 [LB_NAT4_IN2OUT_NEXT_DROP] = "error-drop",
1101 [LB_NAT4_IN2OUT_NEXT_LOOKUP] = "ip4-lookup",
1105 VNET_FEATURE_INIT (lb_nat6_in2out_node_fn, static) =
1107 .arc_name = "ip6-unicast",
1108 .node_name = "lb-nat6-in2out",
1109 .runs_before = VNET_FEATURES("ip6-lookup"),
1112 VLIB_REGISTER_NODE (lb_nat6_in2out_node) =
1114 .function = lb_nat6_in2out_node_fn,
1115 .name = "lb-nat6-in2out",
1116 .vector_size = sizeof(u32),
1117 .format_trace = format_lb_nat_trace,
1118 .n_errors = LB_N_ERROR,
1119 .error_strings = lb_error_strings,
1120 .n_next_nodes = LB_NAT6_IN2OUT_N_NEXT,
1123 [LB_NAT6_IN2OUT_NEXT_DROP] = "error-drop",
1124 [LB_NAT6_IN2OUT_NEXT_LOOKUP] = "ip6-lookup",
Code Review / vpp.git / blob