2 * Copyright (c) 2016 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
17 * @brief NAT44 EI inside to outside network translation
20 #include <vlib/vlib.h>
22 #include <vnet/vnet.h>
23 #include <vnet/ip/ip.h>
24 #include <vnet/ethernet/ethernet.h>
25 #include <vnet/udp/udp_local.h>
26 #include <vnet/fib/ip4_fib.h>
28 #include <vppinfra/hash.h>
29 #include <vppinfra/error.h>
31 #include <nat/lib/log.h>
32 #include <nat/lib/nat_syslog.h>
33 #include <nat/lib/ipfix_logging.h>
34 #include <nat/lib/nat_inlines.h>
35 #include <nat/nat44-ei/nat44_ei_inlines.h>
36 #include <nat/nat44-ei/nat44_ei.h>
37 #include <nat/nat44-ei/nat44_ei_hairpinning.h>
46 } nat44_ei_in2out_trace_t;
48 /* packet trace format function */
50 format_nat44_ei_in2out_trace (u8 *s, va_list *args)
52 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
53 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
54 nat44_ei_in2out_trace_t *t = va_arg (*args, nat44_ei_in2out_trace_t *);
57 tag = t->is_slow_path ? "NAT44_IN2OUT_SLOW_PATH" : "NAT44_IN2OUT_FAST_PATH";
59 s = format (s, "%s: sw_if_index %d, next index %d, session %d", tag,
60 t->sw_if_index, t->next_index, t->session_index);
61 if (t->is_hairpinning)
63 s = format (s, ", with-hairpinning");
70 format_nat44_ei_in2out_fast_trace (u8 *s, va_list *args)
72 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
73 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
74 nat44_ei_in2out_trace_t *t = va_arg (*args, nat44_ei_in2out_trace_t *);
76 s = format (s, "NAT44_IN2OUT_FAST: sw_if_index %d, next index %d",
77 t->sw_if_index, t->next_index);
82 #define foreach_nat44_ei_in2out_error \
83 _ (UNSUPPORTED_PROTOCOL, "unsupported protocol") \
84 _ (OUT_OF_PORTS, "out of ports") \
85 _ (BAD_OUTSIDE_FIB, "outside VRF ID not found") \
86 _ (BAD_ICMP_TYPE, "unsupported ICMP type") \
87 _ (NO_TRANSLATION, "no translation") \
88 _ (MAX_SESSIONS_EXCEEDED, "maximum sessions exceeded") \
89 _ (CANNOT_CREATE_USER, "cannot create NAT user")
93 #define _(sym, str) NAT44_EI_IN2OUT_ERROR_##sym,
94 foreach_nat44_ei_in2out_error
96 NAT44_EI_IN2OUT_N_ERROR,
97 } nat44_ei_in2out_error_t;
99 static char *nat44_ei_in2out_error_strings[] = {
100 #define _(sym,string) string,
101 foreach_nat44_ei_in2out_error
107 NAT44_EI_IN2OUT_NEXT_LOOKUP,
108 NAT44_EI_IN2OUT_NEXT_DROP,
109 NAT44_EI_IN2OUT_NEXT_ICMP_ERROR,
110 NAT44_EI_IN2OUT_NEXT_SLOW_PATH,
111 NAT44_EI_IN2OUT_NEXT_HAIRPINNING_HANDOFF,
112 NAT44_EI_IN2OUT_N_NEXT,
113 } nat44_ei_in2out_next_t;
117 NAT44_EI_IN2OUT_HAIRPINNING_FINISH_NEXT_DROP,
118 NAT44_EI_IN2OUT_HAIRPINNING_FINISH_NEXT_LOOKUP,
119 NAT44_EI_IN2OUT_HAIRPINNING_FINISH_N_NEXT,
120 } nat44_ei_in2out_hairpinnig_finish_next_t;
123 nat44_ei_not_translate_fast (vlib_node_runtime_t *node, u32 sw_if_index0,
124 ip4_header_t *ip0, u32 proto0, u32 rx_fib_index0)
126 nat44_ei_main_t *nm = &nat44_ei_main;
131 fib_node_index_t fei = FIB_NODE_INDEX_INVALID;
132 nat44_ei_outside_fib_t *outside_fib;
134 .fp_proto = FIB_PROTOCOL_IP4,
137 .ip4.as_u32 = ip0->dst_address.as_u32,
142 /* Don't NAT packet aimed at the intfc address */
143 if (PREDICT_FALSE (nat44_ei_is_interface_addr (
144 nm->ip4_main, node, sw_if_index0, ip0->dst_address.as_u32)))
147 fei = fib_table_lookup (rx_fib_index0, &pfx);
148 if (FIB_NODE_INDEX_INVALID != fei)
150 u32 sw_if_index = fib_entry_get_resolving_interface (fei);
151 if (sw_if_index == ~0)
153 vec_foreach (outside_fib, nm->outside_fibs)
155 fei = fib_table_lookup (outside_fib->fib_index, &pfx);
156 if (FIB_NODE_INDEX_INVALID != fei)
158 sw_if_index = fib_entry_get_resolving_interface (fei);
159 if (sw_if_index != ~0)
164 if (sw_if_index == ~0)
167 nat44_ei_interface_t *i;
168 pool_foreach (i, nm->interfaces)
170 /* NAT packet aimed at outside interface */
171 if ((nat44_ei_interface_is_outside (i)) &&
172 (sw_if_index == i->sw_if_index))
181 nat44_ei_not_translate (nat44_ei_main_t *nm, vlib_node_runtime_t *node,
182 u32 sw_if_index0, ip4_header_t *ip0, u32 proto0,
183 u32 rx_fib_index0, u32 thread_index)
185 udp_header_t *udp0 = ip4_next_header (ip0);
186 clib_bihash_kv_8_8_t kv0, value0;
188 init_nat_k (&kv0, ip0->dst_address, udp0->dst_port, nm->outside_fib_index,
191 /* NAT packet aimed at external address if */
192 /* has active sessions */
193 if (clib_bihash_search_8_8 (&nm->out2in, &kv0, &value0))
195 /* or is static mappings */
196 ip4_address_t placeholder_addr;
197 u16 placeholder_port;
198 u32 placeholder_fib_index;
199 if (!nat44_ei_static_mapping_match (ip0->dst_address, udp0->dst_port,
200 nm->outside_fib_index, proto0,
201 &placeholder_addr, &placeholder_port,
202 &placeholder_fib_index, 1, 0, 0))
208 if (nm->forwarding_enabled)
211 return nat44_ei_not_translate_fast (node, sw_if_index0, ip0, proto0,
216 nat44_ei_not_translate_output_feature (nat44_ei_main_t *nm, ip4_header_t *ip0,
217 u32 proto0, u16 src_port, u16 dst_port,
218 u32 thread_index, u32 sw_if_index)
220 clib_bihash_kv_8_8_t kv0, value0;
221 nat44_ei_interface_t *i;
224 init_nat_k (&kv0, ip0->src_address, src_port,
225 ip4_fib_table_get_index_for_sw_if_index (sw_if_index), proto0);
227 if (!clib_bihash_search_8_8 (&nm->out2in, &kv0, &value0))
231 init_nat_k (&kv0, ip0->dst_address, dst_port,
232 ip4_fib_table_get_index_for_sw_if_index (sw_if_index), proto0);
233 if (!clib_bihash_search_8_8 (&nm->in2out, &kv0, &value0))
236 pool_foreach (i, nm->output_feature_interfaces)
238 if ((nat44_ei_interface_is_inside (i)) &&
239 (sw_if_index == i->sw_if_index))
248 #ifndef CLIB_MARCH_VARIANT
250 nat44_i2o_is_idle_session_cb (clib_bihash_kv_8_8_t * kv, void *arg)
252 nat44_ei_main_t *nm = &nat44_ei_main;
253 nat44_ei_is_idle_session_ctx_t *ctx = arg;
254 nat44_ei_session_t *s;
255 u64 sess_timeout_time;
256 nat44_ei_main_per_thread_data_t *tnm =
257 vec_elt_at_index (nm->per_thread_data, ctx->thread_index);
258 clib_bihash_kv_8_8_t s_kv;
260 if (ctx->thread_index != nat_value_get_thread_index (kv))
265 s = pool_elt_at_index (tnm->sessions, nat_value_get_session_index (kv));
266 sess_timeout_time = s->last_heard + (f64) nat_session_get_timeout (
267 &nm->timeouts, s->nat_proto, s->state);
268 if (ctx->now >= sess_timeout_time)
270 init_nat_o2i_k (&s_kv, s);
271 if (clib_bihash_add_del_8_8 (&nm->out2in, &s_kv, 0))
272 nat_elog_warn (nm, "out2in key del failed");
274 nat_ipfix_logging_nat44_ses_delete (ctx->thread_index,
275 s->in2out.addr.as_u32,
276 s->out2in.addr.as_u32,
280 s->in2out.fib_index);
282 nat_syslog_nat44_apmdel (s->user_index, s->in2out.fib_index,
283 &s->in2out.addr, s->in2out.port,
284 &s->out2in.addr, s->out2in.port, s->nat_proto);
286 nat_ha_sdel (&s->out2in.addr, s->out2in.port, &s->ext_host_addr,
287 s->ext_host_port, s->nat_proto, s->out2in.fib_index,
290 if (!nat44_ei_is_session_static (s))
291 nat44_ei_free_outside_address_and_port (
292 nm->addresses, ctx->thread_index, &s->out2in.addr, s->out2in.port,
295 nat44_ei_delete_session (nm, s, ctx->thread_index);
304 slow_path (nat44_ei_main_t *nm, vlib_buffer_t *b0, ip4_header_t *ip0,
305 ip4_address_t i2o_addr, u16 i2o_port, u32 rx_fib_index0,
306 nat_protocol_t nat_proto, nat44_ei_session_t **sessionp,
307 vlib_node_runtime_t *node, u32 next0, u32 thread_index, f64 now)
310 nat44_ei_session_t *s = 0;
311 clib_bihash_kv_8_8_t kv0;
313 nat44_ei_outside_fib_t *outside_fib;
314 fib_node_index_t fei = FIB_NODE_INDEX_INVALID;
317 .fp_proto = FIB_PROTOCOL_IP4,
320 .ip4.as_u32 = ip0->dst_address.as_u32,
323 nat44_ei_is_idle_session_ctx_t ctx0;
324 ip4_address_t sm_addr;
328 if (PREDICT_FALSE (nat44_ei_maximum_sessions_exceeded (nm, thread_index)))
330 b0->error = node->errors[NAT44_EI_IN2OUT_ERROR_MAX_SESSIONS_EXCEEDED];
331 nat_ipfix_logging_max_sessions (thread_index,
332 nm->max_translations_per_thread);
333 nat_elog_notice (nm, "maximum sessions exceeded");
334 return NAT44_EI_IN2OUT_NEXT_DROP;
337 /* First try to match static mapping by local address and port */
338 if (nat44_ei_static_mapping_match (i2o_addr, i2o_port, rx_fib_index0,
339 nat_proto, &sm_addr, &sm_port,
340 &sm_fib_index, 0, 0, &identity_nat))
342 /* Try to create dynamic translation */
343 if (nm->alloc_addr_and_port (
344 nm->addresses, rx_fib_index0, thread_index, nat_proto,
345 ip0->src_address, &sm_addr, &sm_port, nm->port_per_thread,
346 nm->per_thread_data[thread_index].snat_thread_index))
348 b0->error = node->errors[NAT44_EI_IN2OUT_ERROR_OUT_OF_PORTS];
349 return NAT44_EI_IN2OUT_NEXT_DROP;
354 if (PREDICT_FALSE (identity_nat))
363 u = nat44_ei_user_get_or_create (nm, &ip0->src_address, rx_fib_index0,
367 b0->error = node->errors[NAT44_EI_IN2OUT_ERROR_CANNOT_CREATE_USER];
368 return NAT44_EI_IN2OUT_NEXT_DROP;
371 s = nat44_ei_session_alloc_or_recycle (nm, u, thread_index, now);
374 nat44_ei_delete_user_with_no_session (nm, u, thread_index);
375 nat_elog_warn (nm, "create NAT session failed");
376 return NAT44_EI_IN2OUT_NEXT_DROP;
380 s->flags |= NAT44_EI_SESSION_FLAG_STATIC_MAPPING;
381 nat44_ei_user_session_increment (nm, u, is_sm);
382 s->in2out.addr = i2o_addr;
383 s->in2out.port = i2o_port;
384 s->in2out.fib_index = rx_fib_index0;
385 s->nat_proto = nat_proto;
386 s->out2in.addr = sm_addr;
387 s->out2in.port = sm_port;
388 s->out2in.fib_index = nm->outside_fib_index;
389 switch (vec_len (nm->outside_fibs))
392 s->out2in.fib_index = nm->outside_fib_index;
395 s->out2in.fib_index = nm->outside_fibs[0].fib_index;
398 vec_foreach (outside_fib, nm->outside_fibs)
400 fei = fib_table_lookup (outside_fib->fib_index, &pfx);
401 if (FIB_NODE_INDEX_INVALID != fei)
403 if (fib_entry_get_resolving_interface (fei) != ~0)
405 s->out2in.fib_index = outside_fib->fib_index;
412 s->ext_host_addr.as_u32 = ip0->dst_address.as_u32;
413 s->ext_host_port = vnet_buffer (b0)->ip.reass.l4_dst_port;
416 /* Add to translation hashes */
418 ctx0.thread_index = thread_index;
419 init_nat_i2o_kv (&kv0, s, thread_index,
420 s - nm->per_thread_data[thread_index].sessions);
421 if (clib_bihash_add_or_overwrite_stale_8_8 (
422 &nm->in2out, &kv0, nat44_i2o_is_idle_session_cb, &ctx0))
423 nat_elog_notice (nm, "in2out key add failed");
425 init_nat_o2i_kv (&kv0, s, thread_index,
426 s - nm->per_thread_data[thread_index].sessions);
427 if (clib_bihash_add_or_overwrite_stale_8_8 (
428 &nm->out2in, &kv0, nat44_o2i_is_idle_session_cb, &ctx0))
429 nat_elog_notice (nm, "out2in key add failed");
432 nat_ipfix_logging_nat44_ses_create (
433 thread_index, s->in2out.addr.as_u32, s->out2in.addr.as_u32, s->nat_proto,
434 s->in2out.port, s->out2in.port, s->in2out.fib_index);
436 nat_syslog_nat44_apmadd (s->user_index, s->in2out.fib_index, &s->in2out.addr,
437 s->in2out.port, &s->out2in.addr, s->out2in.port,
440 nat_ha_sadd (&s->in2out.addr, s->in2out.port, &s->out2in.addr,
441 s->out2in.port, &s->ext_host_addr, s->ext_host_port,
442 &s->ext_host_nat_addr, s->ext_host_nat_port, s->nat_proto,
443 s->in2out.fib_index, s->flags, thread_index, 0);
448 #ifndef CLIB_MARCH_VARIANT
449 static_always_inline nat44_ei_in2out_error_t
450 icmp_get_key (vlib_buffer_t *b, ip4_header_t *ip0, ip4_address_t *addr,
451 u16 *port, nat_protocol_t *nat_proto)
453 icmp46_header_t *icmp0;
454 icmp_echo_header_t *echo0, *inner_echo0 = 0;
455 ip4_header_t *inner_ip0 = 0;
457 icmp46_header_t *inner_icmp0;
459 icmp0 = (icmp46_header_t *) ip4_next_header (ip0);
460 echo0 = (icmp_echo_header_t *) (icmp0 + 1);
462 if (!icmp_type_is_error_message
463 (vnet_buffer (b)->ip.reass.icmp_type_or_tcp_flags))
465 *nat_proto = NAT_PROTOCOL_ICMP;
466 *addr = ip0->src_address;
467 *port = vnet_buffer (b)->ip.reass.l4_src_port;
471 inner_ip0 = (ip4_header_t *) (echo0 + 1);
472 l4_header = ip4_next_header (inner_ip0);
473 *nat_proto = ip_proto_to_nat_proto (inner_ip0->protocol);
474 *addr = inner_ip0->dst_address;
477 case NAT_PROTOCOL_ICMP:
478 inner_icmp0 = (icmp46_header_t *) l4_header;
479 inner_echo0 = (icmp_echo_header_t *) (inner_icmp0 + 1);
480 *port = inner_echo0->identifier;
482 case NAT_PROTOCOL_UDP:
483 case NAT_PROTOCOL_TCP:
484 *port = ((tcp_udp_header_t *) l4_header)->dst_port;
487 return NAT44_EI_IN2OUT_ERROR_UNSUPPORTED_PROTOCOL;
490 return -1; /* success */
494 * Get address and port values to be used for ICMP packet translation
495 * and create session if needed
497 * @param[in,out] nm NAT main
498 * @param[in,out] node NAT node runtime
499 * @param[in] thread_index thread index
500 * @param[in,out] b0 buffer containing packet to be translated
501 * @param[in,out] ip0 ip header
502 * @param[out] p_proto protocol used for matching
503 * @param[out] p_value address and port after NAT translation
504 * @param[out] p_dont_translate if packet should not be translated
505 * @param d optional parameter
506 * @param e optional parameter
509 nat44_ei_icmp_match_in2out_slow (vlib_node_runtime_t *node, u32 thread_index,
510 vlib_buffer_t *b0, ip4_header_t *ip0,
511 ip4_address_t *addr, u16 *port,
512 u32 *fib_index, nat_protocol_t *proto,
513 nat44_ei_session_t **p_s0, u8 *dont_translate)
515 nat44_ei_main_t *nm = &nat44_ei_main;
516 nat44_ei_main_per_thread_data_t *tnm = &nm->per_thread_data[thread_index];
518 nat44_ei_session_t *s0 = 0;
519 clib_bihash_kv_8_8_t kv0, value0;
522 vlib_main_t *vm = vlib_get_main ();
525 sw_if_index0 = vnet_buffer (b0)->sw_if_index[VLIB_RX];
526 *fib_index = ip4_fib_table_get_index_for_sw_if_index (sw_if_index0);
528 err = icmp_get_key (b0, ip0, addr, port, proto);
531 b0->error = node->errors[err];
532 next0 = NAT44_EI_IN2OUT_NEXT_DROP;
536 init_nat_k (&kv0, *addr, *port, *fib_index, *proto);
537 if (clib_bihash_search_8_8 (&nm->in2out, &kv0, &value0))
539 if (vnet_buffer (b0)->sw_if_index[VLIB_TX] != ~0)
541 if (PREDICT_FALSE (nat44_ei_not_translate_output_feature (
542 nm, ip0, *proto, *port, *port, thread_index, sw_if_index0)))
550 if (PREDICT_FALSE (nat44_ei_not_translate (
551 nm, node, sw_if_index0, ip0, NAT_PROTOCOL_ICMP, *fib_index,
560 (icmp_type_is_error_message
561 (vnet_buffer (b0)->ip.reass.icmp_type_or_tcp_flags)))
563 b0->error = node->errors[NAT44_EI_IN2OUT_ERROR_BAD_ICMP_TYPE];
564 next0 = NAT44_EI_IN2OUT_NEXT_DROP;
568 next0 = slow_path (nm, b0, ip0, *addr, *port, *fib_index, *proto, &s0,
569 node, next0, thread_index, vlib_time_now (vm));
571 if (PREDICT_FALSE (next0 == NAT44_EI_IN2OUT_NEXT_DROP))
583 (vnet_buffer (b0)->ip.reass.icmp_type_or_tcp_flags !=
585 && vnet_buffer (b0)->ip.reass.icmp_type_or_tcp_flags !=
587 && !icmp_type_is_error_message (vnet_buffer (b0)->ip.
588 reass.icmp_type_or_tcp_flags)))
590 b0->error = node->errors[NAT44_EI_IN2OUT_ERROR_BAD_ICMP_TYPE];
591 next0 = NAT44_EI_IN2OUT_NEXT_DROP;
595 s0 = pool_elt_at_index (tnm->sessions,
596 nat_value_get_session_index (&value0));
602 *addr = s0->out2in.addr;
603 *port = s0->out2in.port;
604 *fib_index = s0->out2in.fib_index;
612 #ifndef CLIB_MARCH_VARIANT
614 nat44_ei_icmp_match_in2out_fast (vlib_node_runtime_t *node, u32 thread_index,
615 vlib_buffer_t *b0, ip4_header_t *ip0,
616 ip4_address_t *addr, u16 *port,
617 u32 *fib_index, nat_protocol_t *proto,
618 nat44_ei_session_t **s0, u8 *dont_translate)
626 sw_if_index0 = vnet_buffer (b0)->sw_if_index[VLIB_RX];
627 *fib_index = ip4_fib_table_get_index_for_sw_if_index (sw_if_index0);
629 err = icmp_get_key (b0, ip0, addr, port, proto);
632 b0->error = node->errors[err];
633 next0 = NAT44_EI_IN2OUT_NEXT_DROP;
637 ip4_address_t sm_addr;
641 if (nat44_ei_static_mapping_match (*addr, *port, *fib_index, *proto,
642 &sm_addr, &sm_port, &sm_fib_index, 0,
645 if (PREDICT_FALSE (nat44_ei_not_translate_fast (
646 node, sw_if_index0, ip0, IP_PROTOCOL_ICMP, *fib_index)))
652 if (icmp_type_is_error_message
653 (vnet_buffer (b0)->ip.reass.icmp_type_or_tcp_flags))
655 next0 = NAT44_EI_IN2OUT_NEXT_DROP;
659 b0->error = node->errors[NAT44_EI_IN2OUT_ERROR_NO_TRANSLATION];
660 next0 = NAT44_EI_IN2OUT_NEXT_DROP;
665 (vnet_buffer (b0)->ip.reass.icmp_type_or_tcp_flags != ICMP4_echo_request
666 && (vnet_buffer (b0)->ip.reass.icmp_type_or_tcp_flags !=
667 ICMP4_echo_reply || !is_addr_only)
668 && !icmp_type_is_error_message (vnet_buffer (b0)->ip.
669 reass.icmp_type_or_tcp_flags)))
671 b0->error = node->errors[NAT44_EI_IN2OUT_ERROR_BAD_ICMP_TYPE];
672 next0 = NAT44_EI_IN2OUT_NEXT_DROP;
681 u32 nat44_ei_icmp_in2out (vlib_buffer_t *b0, ip4_header_t *ip0,
682 icmp46_header_t *icmp0, u32 sw_if_index0,
683 u32 rx_fib_index0, vlib_node_runtime_t *node,
684 u32 next0, u32 thread_index,
685 nat44_ei_session_t **p_s0);
687 #ifndef CLIB_MARCH_VARIANT
689 nat44_ei_icmp_in2out (vlib_buffer_t *b0, ip4_header_t *ip0,
690 icmp46_header_t *icmp0, u32 sw_if_index0,
691 u32 rx_fib_index0, vlib_node_runtime_t *node, u32 next0,
692 u32 thread_index, nat44_ei_session_t **p_s0)
694 nat44_ei_main_t *nm = &nat44_ei_main;
695 vlib_main_t *vm = vlib_get_main ();
699 nat_protocol_t proto;
700 icmp_echo_header_t *echo0, *inner_echo0 = 0;
701 ip4_header_t *inner_ip0;
703 icmp46_header_t *inner_icmp0;
705 u32 new_addr0, old_addr0;
706 u16 old_id0, new_id0;
707 u16 old_checksum0, new_checksum0;
711 u32 required_thread_index = thread_index;
713 echo0 = (icmp_echo_header_t *) (icmp0 + 1);
715 if (PREDICT_TRUE (nm->pat))
717 next0_tmp = nat44_ei_icmp_match_in2out_slow (
718 node, thread_index, b0, ip0, &addr, &port, &fib_index, &proto, p_s0,
723 next0_tmp = nat44_ei_icmp_match_in2out_fast (
724 node, thread_index, b0, ip0, &addr, &port, &fib_index, &proto, p_s0,
730 if (next0 == NAT44_EI_IN2OUT_NEXT_DROP || dont_translate)
733 if (PREDICT_TRUE (!ip4_is_fragment (ip0)))
736 ip_incremental_checksum_buffer (vm, b0,
738 (u8 *) vlib_buffer_get_current (b0),
739 ntohs (ip0->length) -
740 ip4_header_bytes (ip0), 0);
741 checksum0 = ~ip_csum_fold (sum0);
742 if (PREDICT_FALSE (checksum0 != 0 && checksum0 != 0xffff))
744 next0 = NAT44_EI_IN2OUT_NEXT_DROP;
749 old_addr0 = ip0->src_address.as_u32;
750 new_addr0 = ip0->src_address.as_u32 = addr.as_u32;
752 sum0 = ip0->checksum;
753 sum0 = ip_csum_update (sum0, old_addr0, new_addr0, ip4_header_t,
754 src_address /* changed member */ );
755 ip0->checksum = ip_csum_fold (sum0);
757 if (!vnet_buffer (b0)->ip.reass.is_non_first_fragment)
759 if (icmp0->checksum == 0)
760 icmp0->checksum = 0xffff;
762 if (!icmp_type_is_error_message (icmp0->type))
765 if (PREDICT_FALSE (new_id0 != echo0->identifier))
767 old_id0 = echo0->identifier;
769 echo0->identifier = new_id0;
771 sum0 = icmp0->checksum;
773 ip_csum_update (sum0, old_id0, new_id0, icmp_echo_header_t,
775 icmp0->checksum = ip_csum_fold (sum0);
780 inner_ip0 = (ip4_header_t *) (echo0 + 1);
781 l4_header = ip4_next_header (inner_ip0);
783 if (!ip4_header_checksum_is_valid (inner_ip0))
785 next0 = NAT44_EI_IN2OUT_NEXT_DROP;
789 /* update inner destination IP address */
790 old_addr0 = inner_ip0->dst_address.as_u32;
791 inner_ip0->dst_address = addr;
792 new_addr0 = inner_ip0->dst_address.as_u32;
793 sum0 = icmp0->checksum;
794 sum0 = ip_csum_update (sum0, old_addr0, new_addr0, ip4_header_t,
795 dst_address /* changed member */ );
796 icmp0->checksum = ip_csum_fold (sum0);
798 /* update inner IP header checksum */
799 old_checksum0 = inner_ip0->checksum;
800 sum0 = inner_ip0->checksum;
801 sum0 = ip_csum_update (sum0, old_addr0, new_addr0, ip4_header_t,
802 dst_address /* changed member */ );
803 inner_ip0->checksum = ip_csum_fold (sum0);
804 new_checksum0 = inner_ip0->checksum;
805 sum0 = icmp0->checksum;
807 ip_csum_update (sum0, old_checksum0, new_checksum0, ip4_header_t,
809 icmp0->checksum = ip_csum_fold (sum0);
813 case NAT_PROTOCOL_ICMP:
814 inner_icmp0 = (icmp46_header_t *) l4_header;
815 inner_echo0 = (icmp_echo_header_t *) (inner_icmp0 + 1);
817 old_id0 = inner_echo0->identifier;
819 inner_echo0->identifier = new_id0;
821 sum0 = icmp0->checksum;
823 ip_csum_update (sum0, old_id0, new_id0, icmp_echo_header_t,
825 icmp0->checksum = ip_csum_fold (sum0);
827 case NAT_PROTOCOL_UDP:
828 case NAT_PROTOCOL_TCP:
829 old_id0 = ((tcp_udp_header_t *) l4_header)->dst_port;
831 ((tcp_udp_header_t *) l4_header)->dst_port = new_id0;
833 sum0 = icmp0->checksum;
834 sum0 = ip_csum_update (sum0, old_id0, new_id0, tcp_udp_header_t,
836 icmp0->checksum = ip_csum_fold (sum0);
844 if (vnet_buffer (b0)->sw_if_index[VLIB_TX] == ~0)
846 if (0 != nat44_ei_icmp_hairpinning (nm, b0, thread_index, ip0, icmp0,
847 &required_thread_index))
848 vnet_buffer (b0)->sw_if_index[VLIB_TX] = fib_index;
849 if (thread_index != required_thread_index)
851 vnet_buffer (b0)->snat.required_thread_index = required_thread_index;
852 next0 = NAT44_EI_IN2OUT_NEXT_HAIRPINNING_HANDOFF;
861 static_always_inline u32
862 nat44_ei_icmp_in2out_slow_path (nat44_ei_main_t *nm, vlib_buffer_t *b0,
863 ip4_header_t *ip0, icmp46_header_t *icmp0,
864 u32 sw_if_index0, u32 rx_fib_index0,
865 vlib_node_runtime_t *node, u32 next0, f64 now,
866 u32 thread_index, nat44_ei_session_t **p_s0)
868 vlib_main_t *vm = vlib_get_main ();
870 next0 = nat44_ei_icmp_in2out (b0, ip0, icmp0, sw_if_index0, rx_fib_index0,
871 node, next0, thread_index, p_s0);
872 nat44_ei_session_t *s0 = *p_s0;
873 if (PREDICT_TRUE (next0 != NAT44_EI_IN2OUT_NEXT_DROP && s0))
876 nat44_ei_session_update_counters (
877 s0, now, vlib_buffer_length_in_chain (vm, b0), thread_index);
878 /* Per-user LRU list maintenance */
879 nat44_ei_session_update_lru (nm, s0, thread_index);
885 nat_in2out_sm_unknown_proto (nat44_ei_main_t *nm, vlib_buffer_t *b,
886 ip4_header_t *ip, u32 rx_fib_index)
888 clib_bihash_kv_8_8_t kv, value;
889 nat44_ei_static_mapping_t *m;
890 u32 old_addr, new_addr;
893 init_nat_k (&kv, ip->src_address, 0, rx_fib_index, 0);
894 if (clib_bihash_search_8_8 (&nm->static_mapping_by_local, &kv, &value))
897 m = pool_elt_at_index (nm->static_mappings, value.value);
899 old_addr = ip->src_address.as_u32;
900 new_addr = ip->src_address.as_u32 = m->external_addr.as_u32;
902 sum = ip_csum_update (sum, old_addr, new_addr, ip4_header_t, src_address);
903 ip->checksum = ip_csum_fold (sum);
907 if (vnet_buffer (b)->sw_if_index[VLIB_TX] == ~0)
909 vnet_buffer (b)->sw_if_index[VLIB_TX] = m->fib_index;
910 nat44_ei_hairpinning_sm_unknown_proto (nm, b, ip);
917 nat44_ei_in2out_node_fn_inline (vlib_main_t *vm, vlib_node_runtime_t *node,
918 vlib_frame_t *frame, int is_slow_path,
919 int is_output_feature)
921 u32 n_left_from, *from;
922 nat44_ei_main_t *nm = &nat44_ei_main;
923 f64 now = vlib_time_now (vm);
924 u32 thread_index = vm->thread_index;
926 from = vlib_frame_vector_args (frame);
927 n_left_from = frame->n_vectors;
929 vlib_buffer_t *bufs[VLIB_FRAME_SIZE], **b = bufs;
930 u16 nexts[VLIB_FRAME_SIZE], *next = nexts;
931 vlib_get_buffers (vm, from, b, n_left_from);
933 while (n_left_from >= 2)
935 vlib_buffer_t *b0, *b1;
937 u32 sw_if_index0, sw_if_index1;
938 ip4_header_t *ip0, *ip1;
939 ip_csum_t sum0, sum1;
940 u32 new_addr0, old_addr0, new_addr1, old_addr1;
941 u16 old_port0, new_port0, old_port1, new_port1;
942 udp_header_t *udp0, *udp1;
943 tcp_header_t *tcp0, *tcp1;
944 icmp46_header_t *icmp0, *icmp1;
945 u32 rx_fib_index0, rx_fib_index1;
947 nat44_ei_session_t *s0 = 0, *s1 = 0;
948 clib_bihash_kv_8_8_t kv0, value0, kv1, value1;
949 u32 iph_offset0 = 0, iph_offset1 = 0;
956 /* Prefetch next iteration. */
957 if (PREDICT_TRUE (n_left_from >= 4))
959 vlib_buffer_t *p2, *p3;
964 vlib_prefetch_buffer_header (p2, LOAD);
965 vlib_prefetch_buffer_header (p3, LOAD);
967 CLIB_PREFETCH (p2->data, CLIB_CACHE_LINE_BYTES, LOAD);
968 CLIB_PREFETCH (p3->data, CLIB_CACHE_LINE_BYTES, LOAD);
971 if (is_output_feature)
972 iph_offset0 = vnet_buffer (b0)->ip.reass.save_rewrite_length;
974 ip0 = (ip4_header_t *) ((u8 *) vlib_buffer_get_current (b0) +
977 udp0 = ip4_next_header (ip0);
978 tcp0 = (tcp_header_t *) udp0;
979 icmp0 = (icmp46_header_t *) udp0;
981 sw_if_index0 = vnet_buffer (b0)->sw_if_index[VLIB_RX];
983 vec_elt (nm->ip4_main->fib_index_by_sw_if_index, sw_if_index0);
985 next0 = next1 = NAT44_EI_IN2OUT_NEXT_LOOKUP;
987 if (PREDICT_FALSE (ip0->ttl == 1))
989 vnet_buffer (b0)->sw_if_index[VLIB_TX] = (u32) ~ 0;
990 icmp4_error_set_vnet_buffer (b0, ICMP4_time_exceeded,
991 ICMP4_time_exceeded_ttl_exceeded_in_transit,
993 next0 = NAT44_EI_IN2OUT_NEXT_ICMP_ERROR;
997 proto0 = ip_proto_to_nat_proto (ip0->protocol);
999 /* Next configured feature, probably ip4-lookup */
1002 if (PREDICT_FALSE (proto0 == NAT_PROTOCOL_OTHER))
1004 if (nat_in2out_sm_unknown_proto (nm, b0, ip0, rx_fib_index0))
1006 next0 = NAT44_EI_IN2OUT_NEXT_DROP;
1008 node->errors[NAT44_EI_IN2OUT_ERROR_UNSUPPORTED_PROTOCOL];
1010 vlib_increment_simple_counter (
1011 is_slow_path ? &nm->counters.slowpath.in2out.other :
1012 &nm->counters.fastpath.in2out.other,
1013 thread_index, sw_if_index0, 1);
1017 if (PREDICT_FALSE (proto0 == NAT_PROTOCOL_ICMP))
1019 next0 = nat44_ei_icmp_in2out_slow_path (
1020 nm, b0, ip0, icmp0, sw_if_index0, rx_fib_index0, node, next0,
1021 now, thread_index, &s0);
1022 vlib_increment_simple_counter (
1023 is_slow_path ? &nm->counters.slowpath.in2out.icmp :
1024 &nm->counters.fastpath.in2out.icmp,
1025 thread_index, sw_if_index0, 1);
1031 if (PREDICT_FALSE (proto0 == NAT_PROTOCOL_OTHER))
1033 next0 = NAT44_EI_IN2OUT_NEXT_SLOW_PATH;
1037 if (PREDICT_FALSE (proto0 == NAT_PROTOCOL_ICMP))
1039 next0 = NAT44_EI_IN2OUT_NEXT_SLOW_PATH;
1044 init_nat_k (&kv0, ip0->src_address,
1045 vnet_buffer (b0)->ip.reass.l4_src_port, rx_fib_index0,
1047 if (PREDICT_FALSE (clib_bihash_search_8_8 (&nm->in2out, &kv0, &value0) !=
1052 if (is_output_feature)
1054 if (PREDICT_FALSE (nat44_ei_not_translate_output_feature (
1056 vnet_buffer (b0)->ip.reass.l4_src_port,
1057 vnet_buffer (b0)->ip.reass.l4_dst_port, thread_index,
1062 * Send DHCP packets to the ipv4 stack, or we won't
1063 * be able to use dhcp client on the outside interface
1066 (proto0 == NAT_PROTOCOL_UDP
1067 && (vnet_buffer (b0)->ip.reass.l4_dst_port ==
1068 clib_host_to_net_u16
1069 (UDP_DST_PORT_dhcp_to_server))
1070 && ip0->dst_address.as_u32 == 0xffffffff))
1075 if (PREDICT_FALSE (nat44_ei_not_translate (
1076 nm, node, sw_if_index0, ip0, proto0, rx_fib_index0,
1081 next0 = slow_path (nm, b0, ip0, ip0->src_address,
1082 vnet_buffer (b0)->ip.reass.l4_src_port,
1083 rx_fib_index0, proto0, &s0, node, next0,
1085 if (PREDICT_FALSE (next0 == NAT44_EI_IN2OUT_NEXT_DROP))
1088 if (PREDICT_FALSE (!s0))
1093 next0 = NAT44_EI_IN2OUT_NEXT_SLOW_PATH;
1098 s0 = pool_elt_at_index (nm->per_thread_data[thread_index].sessions,
1099 nat_value_get_session_index (&value0));
1101 b0->flags |= VNET_BUFFER_F_IS_NATED;
1103 old_addr0 = ip0->src_address.as_u32;
1104 ip0->src_address = s0->out2in.addr;
1105 new_addr0 = ip0->src_address.as_u32;
1106 if (!is_output_feature)
1107 vnet_buffer (b0)->sw_if_index[VLIB_TX] = s0->out2in.fib_index;
1109 sum0 = ip0->checksum;
1110 sum0 = ip_csum_update (sum0, old_addr0, new_addr0,
1111 ip4_header_t, src_address /* changed member */ );
1112 ip0->checksum = ip_csum_fold (sum0);
1115 if (PREDICT_TRUE (proto0 == NAT_PROTOCOL_TCP))
1117 if (!vnet_buffer (b0)->ip.reass.is_non_first_fragment)
1119 old_port0 = vnet_buffer (b0)->ip.reass.l4_src_port;
1120 new_port0 = udp0->src_port = s0->out2in.port;
1121 sum0 = tcp0->checksum;
1122 sum0 = ip_csum_update (sum0, old_addr0, new_addr0,
1124 dst_address /* changed member */ );
1125 sum0 = ip_csum_update (sum0, old_port0, new_port0,
1126 ip4_header_t /* cheat */ ,
1127 length /* changed member */ );
1128 mss_clamping (nm->mss_clamping, tcp0, &sum0);
1129 tcp0->checksum = ip_csum_fold (sum0);
1131 vlib_increment_simple_counter (is_slow_path ?
1132 &nm->counters.slowpath.in2out.tcp :
1133 &nm->counters.fastpath.in2out.tcp,
1134 thread_index, sw_if_index0, 1);
1138 if (!vnet_buffer (b0)->ip.reass.is_non_first_fragment)
1140 udp0->src_port = s0->out2in.port;
1141 if (PREDICT_FALSE (udp0->checksum))
1143 old_port0 = vnet_buffer (b0)->ip.reass.l4_src_port;
1144 new_port0 = udp0->src_port;
1145 sum0 = udp0->checksum;
1146 sum0 = ip_csum_update (sum0, old_addr0, new_addr0, ip4_header_t, dst_address /* changed member */
1149 ip_csum_update (sum0, old_port0, new_port0,
1150 ip4_header_t /* cheat */ ,
1151 length /* changed member */ );
1152 udp0->checksum = ip_csum_fold (sum0);
1155 vlib_increment_simple_counter (is_slow_path ?
1156 &nm->counters.slowpath.in2out.udp :
1157 &nm->counters.fastpath.in2out.udp,
1158 thread_index, sw_if_index0, 1);
1162 nat44_ei_session_update_counters (
1163 s0, now, vlib_buffer_length_in_chain (vm, b0), thread_index);
1164 /* Per-user LRU list maintenance */
1165 nat44_ei_session_update_lru (nm, s0, thread_index);
1168 if (PREDICT_FALSE ((node->flags & VLIB_NODE_FLAG_TRACE)
1169 && (b0->flags & VLIB_BUFFER_IS_TRACED)))
1171 nat44_ei_in2out_trace_t *t =
1172 vlib_add_trace (vm, node, b0, sizeof (*t));
1173 t->is_slow_path = is_slow_path;
1174 t->sw_if_index = sw_if_index0;
1175 t->next_index = next0;
1176 t->session_index = ~0;
1178 t->session_index = s0 - nm->per_thread_data[thread_index].sessions;
1181 if (next0 == NAT44_EI_IN2OUT_NEXT_DROP)
1183 vlib_increment_simple_counter (
1184 is_slow_path ? &nm->counters.slowpath.in2out.drops :
1185 &nm->counters.fastpath.in2out.drops,
1186 thread_index, sw_if_index0, 1);
1189 if (is_output_feature)
1190 iph_offset1 = vnet_buffer (b1)->ip.reass.save_rewrite_length;
1192 ip1 = (ip4_header_t *) ((u8 *) vlib_buffer_get_current (b1) +
1195 udp1 = ip4_next_header (ip1);
1196 tcp1 = (tcp_header_t *) udp1;
1197 icmp1 = (icmp46_header_t *) udp1;
1199 sw_if_index1 = vnet_buffer (b1)->sw_if_index[VLIB_RX];
1201 vec_elt (nm->ip4_main->fib_index_by_sw_if_index, sw_if_index1);
1203 if (PREDICT_FALSE (ip1->ttl == 1))
1205 vnet_buffer (b1)->sw_if_index[VLIB_TX] = (u32) ~ 0;
1206 icmp4_error_set_vnet_buffer (b1, ICMP4_time_exceeded,
1207 ICMP4_time_exceeded_ttl_exceeded_in_transit,
1209 next1 = NAT44_EI_IN2OUT_NEXT_ICMP_ERROR;
1213 proto1 = ip_proto_to_nat_proto (ip1->protocol);
1215 /* Next configured feature, probably ip4-lookup */
1218 if (PREDICT_FALSE (proto1 == NAT_PROTOCOL_OTHER))
1220 if (nat_in2out_sm_unknown_proto (nm, b1, ip1, rx_fib_index1))
1222 next1 = NAT44_EI_IN2OUT_NEXT_DROP;
1224 node->errors[NAT44_EI_IN2OUT_ERROR_UNSUPPORTED_PROTOCOL];
1226 vlib_increment_simple_counter (
1227 is_slow_path ? &nm->counters.slowpath.in2out.other :
1228 &nm->counters.fastpath.in2out.other,
1229 thread_index, sw_if_index1, 1);
1233 if (PREDICT_FALSE (proto1 == NAT_PROTOCOL_ICMP))
1235 next1 = nat44_ei_icmp_in2out_slow_path (
1236 nm, b1, ip1, icmp1, sw_if_index1, rx_fib_index1, node, next1,
1237 now, thread_index, &s1);
1238 vlib_increment_simple_counter (
1239 is_slow_path ? &nm->counters.slowpath.in2out.icmp :
1240 &nm->counters.fastpath.in2out.icmp,
1241 thread_index, sw_if_index1, 1);
1247 if (PREDICT_FALSE (proto1 == NAT_PROTOCOL_OTHER))
1249 next1 = NAT44_EI_IN2OUT_NEXT_SLOW_PATH;
1253 if (PREDICT_FALSE (proto1 == NAT_PROTOCOL_ICMP))
1255 next1 = NAT44_EI_IN2OUT_NEXT_SLOW_PATH;
1260 init_nat_k (&kv1, ip1->src_address,
1261 vnet_buffer (b1)->ip.reass.l4_src_port, rx_fib_index1,
1263 if (PREDICT_FALSE (clib_bihash_search_8_8 (&nm->in2out, &kv1, &value1) !=
1268 if (is_output_feature)
1270 if (PREDICT_FALSE (nat44_ei_not_translate_output_feature (
1272 vnet_buffer (b1)->ip.reass.l4_src_port,
1273 vnet_buffer (b1)->ip.reass.l4_dst_port, thread_index,
1278 * Send DHCP packets to the ipv4 stack, or we won't
1279 * be able to use dhcp client on the outside interface
1282 (proto1 == NAT_PROTOCOL_UDP
1283 && (vnet_buffer (b1)->ip.reass.l4_dst_port ==
1284 clib_host_to_net_u16
1285 (UDP_DST_PORT_dhcp_to_server))
1286 && ip1->dst_address.as_u32 == 0xffffffff))
1291 if (PREDICT_FALSE (nat44_ei_not_translate (
1292 nm, node, sw_if_index1, ip1, proto1, rx_fib_index1,
1297 next1 = slow_path (nm, b1, ip1, ip1->src_address,
1298 vnet_buffer (b1)->ip.reass.l4_src_port,
1299 rx_fib_index1, proto1, &s1, node, next1,
1301 if (PREDICT_FALSE (next1 == NAT44_EI_IN2OUT_NEXT_DROP))
1304 if (PREDICT_FALSE (!s1))
1309 next1 = NAT44_EI_IN2OUT_NEXT_SLOW_PATH;
1314 s1 = pool_elt_at_index (nm->per_thread_data[thread_index].sessions,
1315 nat_value_get_session_index (&value1));
1317 b1->flags |= VNET_BUFFER_F_IS_NATED;
1319 old_addr1 = ip1->src_address.as_u32;
1320 ip1->src_address = s1->out2in.addr;
1321 new_addr1 = ip1->src_address.as_u32;
1322 if (!is_output_feature)
1323 vnet_buffer (b1)->sw_if_index[VLIB_TX] = s1->out2in.fib_index;
1325 sum1 = ip1->checksum;
1326 sum1 = ip_csum_update (sum1, old_addr1, new_addr1,
1327 ip4_header_t, src_address /* changed member */ );
1328 ip1->checksum = ip_csum_fold (sum1);
1330 if (PREDICT_TRUE (proto1 == NAT_PROTOCOL_TCP))
1332 if (!vnet_buffer (b1)->ip.reass.is_non_first_fragment)
1334 old_port1 = vnet_buffer (b1)->ip.reass.l4_src_port;
1335 new_port1 = udp1->src_port = s1->out2in.port;
1336 sum1 = tcp1->checksum;
1337 sum1 = ip_csum_update (sum1, old_addr1, new_addr1,
1339 dst_address /* changed member */ );
1340 sum1 = ip_csum_update (sum1, old_port1, new_port1,
1341 ip4_header_t /* cheat */ ,
1342 length /* changed member */ );
1343 mss_clamping (nm->mss_clamping, tcp1, &sum1);
1344 tcp1->checksum = ip_csum_fold (sum1);
1346 vlib_increment_simple_counter (is_slow_path ?
1347 &nm->counters.slowpath.in2out.tcp :
1348 &nm->counters.fastpath.in2out.tcp,
1349 thread_index, sw_if_index1, 1);
1353 if (!vnet_buffer (b1)->ip.reass.is_non_first_fragment)
1355 udp1->src_port = s1->out2in.port;
1356 if (PREDICT_FALSE (udp1->checksum))
1358 old_port1 = vnet_buffer (b1)->ip.reass.l4_src_port;
1359 new_port1 = udp1->src_port;
1360 sum1 = udp1->checksum;
1361 sum1 = ip_csum_update (sum1, old_addr1, new_addr1, ip4_header_t, dst_address /* changed member */
1364 ip_csum_update (sum1, old_port1, new_port1,
1365 ip4_header_t /* cheat */ ,
1366 length /* changed member */ );
1367 udp1->checksum = ip_csum_fold (sum1);
1370 vlib_increment_simple_counter (is_slow_path ?
1371 &nm->counters.slowpath.in2out.udp :
1372 &nm->counters.fastpath.in2out.udp,
1373 thread_index, sw_if_index1, 1);
1377 nat44_ei_session_update_counters (
1378 s1, now, vlib_buffer_length_in_chain (vm, b1), thread_index);
1379 /* Per-user LRU list maintenance */
1380 nat44_ei_session_update_lru (nm, s1, thread_index);
1383 if (PREDICT_FALSE ((node->flags & VLIB_NODE_FLAG_TRACE)
1384 && (b1->flags & VLIB_BUFFER_IS_TRACED)))
1386 nat44_ei_in2out_trace_t *t =
1387 vlib_add_trace (vm, node, b1, sizeof (*t));
1388 t->sw_if_index = sw_if_index1;
1389 t->next_index = next1;
1390 t->session_index = ~0;
1392 t->session_index = s1 - nm->per_thread_data[thread_index].sessions;
1395 if (next1 == NAT44_EI_IN2OUT_NEXT_DROP)
1397 vlib_increment_simple_counter (
1398 is_slow_path ? &nm->counters.slowpath.in2out.drops :
1399 &nm->counters.fastpath.in2out.drops,
1400 thread_index, sw_if_index1, 1);
1409 while (n_left_from > 0)
1416 u32 new_addr0, old_addr0;
1417 u16 old_port0, new_port0;
1420 icmp46_header_t *icmp0;
1423 nat44_ei_session_t *s0 = 0;
1424 clib_bihash_kv_8_8_t kv0, value0;
1425 u32 iph_offset0 = 0;
1429 next0 = NAT44_EI_IN2OUT_NEXT_LOOKUP;
1431 if (is_output_feature)
1432 iph_offset0 = vnet_buffer (b0)->ip.reass.save_rewrite_length;
1434 ip0 = (ip4_header_t *) ((u8 *) vlib_buffer_get_current (b0) +
1437 udp0 = ip4_next_header (ip0);
1438 tcp0 = (tcp_header_t *) udp0;
1439 icmp0 = (icmp46_header_t *) udp0;
1441 sw_if_index0 = vnet_buffer (b0)->sw_if_index[VLIB_RX];
1443 vec_elt (nm->ip4_main->fib_index_by_sw_if_index, sw_if_index0);
1445 if (PREDICT_FALSE (ip0->ttl == 1))
1447 vnet_buffer (b0)->sw_if_index[VLIB_TX] = (u32) ~ 0;
1448 icmp4_error_set_vnet_buffer (b0, ICMP4_time_exceeded,
1449 ICMP4_time_exceeded_ttl_exceeded_in_transit,
1451 next0 = NAT44_EI_IN2OUT_NEXT_ICMP_ERROR;
1455 proto0 = ip_proto_to_nat_proto (ip0->protocol);
1457 /* Next configured feature, probably ip4-lookup */
1460 if (PREDICT_FALSE (proto0 == NAT_PROTOCOL_OTHER))
1462 if (nat_in2out_sm_unknown_proto (nm, b0, ip0, rx_fib_index0))
1464 next0 = NAT44_EI_IN2OUT_NEXT_DROP;
1466 node->errors[NAT44_EI_IN2OUT_ERROR_UNSUPPORTED_PROTOCOL];
1468 vlib_increment_simple_counter (
1469 is_slow_path ? &nm->counters.slowpath.in2out.other :
1470 &nm->counters.fastpath.in2out.other,
1471 thread_index, sw_if_index0, 1);
1475 if (PREDICT_FALSE (proto0 == NAT_PROTOCOL_ICMP))
1477 next0 = nat44_ei_icmp_in2out_slow_path (
1478 nm, b0, ip0, icmp0, sw_if_index0, rx_fib_index0, node, next0,
1479 now, thread_index, &s0);
1480 vlib_increment_simple_counter (
1481 is_slow_path ? &nm->counters.slowpath.in2out.icmp :
1482 &nm->counters.fastpath.in2out.icmp,
1483 thread_index, sw_if_index0, 1);
1489 if (PREDICT_FALSE (proto0 == NAT_PROTOCOL_OTHER))
1491 next0 = NAT44_EI_IN2OUT_NEXT_SLOW_PATH;
1495 if (PREDICT_FALSE (proto0 == NAT_PROTOCOL_ICMP))
1497 next0 = NAT44_EI_IN2OUT_NEXT_SLOW_PATH;
1502 init_nat_k (&kv0, ip0->src_address,
1503 vnet_buffer (b0)->ip.reass.l4_src_port, rx_fib_index0,
1506 if (clib_bihash_search_8_8 (&nm->in2out, &kv0, &value0))
1510 if (is_output_feature)
1512 if (PREDICT_FALSE (nat44_ei_not_translate_output_feature (
1514 vnet_buffer (b0)->ip.reass.l4_src_port,
1515 vnet_buffer (b0)->ip.reass.l4_dst_port, thread_index,
1520 * Send DHCP packets to the ipv4 stack, or we won't
1521 * be able to use dhcp client on the outside interface
1524 (proto0 == NAT_PROTOCOL_UDP
1525 && (vnet_buffer (b0)->ip.reass.l4_dst_port ==
1526 clib_host_to_net_u16
1527 (UDP_DST_PORT_dhcp_to_server))
1528 && ip0->dst_address.as_u32 == 0xffffffff))
1533 if (PREDICT_FALSE (nat44_ei_not_translate (
1534 nm, node, sw_if_index0, ip0, proto0, rx_fib_index0,
1539 next0 = slow_path (nm, b0, ip0, ip0->src_address,
1540 vnet_buffer (b0)->ip.reass.l4_src_port,
1541 rx_fib_index0, proto0, &s0, node, next0,
1544 if (PREDICT_FALSE (next0 == NAT44_EI_IN2OUT_NEXT_DROP))
1547 if (PREDICT_FALSE (!s0))
1552 next0 = NAT44_EI_IN2OUT_NEXT_SLOW_PATH;
1557 s0 = pool_elt_at_index (nm->per_thread_data[thread_index].sessions,
1558 nat_value_get_session_index (&value0));
1560 b0->flags |= VNET_BUFFER_F_IS_NATED;
1562 old_addr0 = ip0->src_address.as_u32;
1563 ip0->src_address = s0->out2in.addr;
1564 new_addr0 = ip0->src_address.as_u32;
1565 if (!is_output_feature)
1566 vnet_buffer (b0)->sw_if_index[VLIB_TX] = s0->out2in.fib_index;
1568 sum0 = ip0->checksum;
1569 sum0 = ip_csum_update (sum0, old_addr0, new_addr0,
1570 ip4_header_t, src_address /* changed member */ );
1571 ip0->checksum = ip_csum_fold (sum0);
1573 if (PREDICT_TRUE (proto0 == NAT_PROTOCOL_TCP))
1575 if (!vnet_buffer (b0)->ip.reass.is_non_first_fragment)
1577 old_port0 = vnet_buffer (b0)->ip.reass.l4_src_port;
1578 new_port0 = udp0->src_port = s0->out2in.port;
1579 sum0 = tcp0->checksum;
1581 ip_csum_update (sum0, old_addr0, new_addr0, ip4_header_t,
1582 dst_address /* changed member */ );
1584 ip_csum_update (sum0, old_port0, new_port0,
1585 ip4_header_t /* cheat */ ,
1586 length /* changed member */ );
1587 mss_clamping (nm->mss_clamping, tcp0, &sum0);
1588 tcp0->checksum = ip_csum_fold (sum0);
1590 vlib_increment_simple_counter (is_slow_path ?
1591 &nm->counters.slowpath.in2out.tcp :
1592 &nm->counters.fastpath.in2out.tcp,
1593 thread_index, sw_if_index0, 1);
1597 if (!vnet_buffer (b0)->ip.reass.is_non_first_fragment)
1599 udp0->src_port = s0->out2in.port;
1600 if (PREDICT_FALSE (udp0->checksum))
1602 old_port0 = vnet_buffer (b0)->ip.reass.l4_src_port;
1603 new_port0 = udp0->src_port;
1604 sum0 = udp0->checksum;
1606 ip_csum_update (sum0, old_addr0, new_addr0, ip4_header_t,
1607 dst_address /* changed member */ );
1609 ip_csum_update (sum0, old_port0, new_port0,
1610 ip4_header_t /* cheat */ ,
1611 length /* changed member */ );
1612 udp0->checksum = ip_csum_fold (sum0);
1615 vlib_increment_simple_counter (is_slow_path ?
1616 &nm->counters.slowpath.in2out.udp :
1617 &nm->counters.fastpath.in2out.udp,
1618 thread_index, sw_if_index0, 1);
1622 nat44_ei_session_update_counters (
1623 s0, now, vlib_buffer_length_in_chain (vm, b0), thread_index);
1624 /* Per-user LRU list maintenance */
1625 nat44_ei_session_update_lru (nm, s0, thread_index);
1628 if (PREDICT_FALSE ((node->flags & VLIB_NODE_FLAG_TRACE)
1629 && (b0->flags & VLIB_BUFFER_IS_TRACED)))
1631 nat44_ei_in2out_trace_t *t =
1632 vlib_add_trace (vm, node, b0, sizeof (*t));
1633 t->is_slow_path = is_slow_path;
1634 t->sw_if_index = sw_if_index0;
1635 t->next_index = next0;
1636 t->session_index = ~0;
1638 t->session_index = s0 - nm->per_thread_data[thread_index].sessions;
1641 if (next0 == NAT44_EI_IN2OUT_NEXT_DROP)
1643 vlib_increment_simple_counter (
1644 is_slow_path ? &nm->counters.slowpath.in2out.drops :
1645 &nm->counters.fastpath.in2out.drops,
1646 thread_index, sw_if_index0, 1);
1654 vlib_buffer_enqueue_to_next (vm, node, from, (u16 *) nexts,
1656 return frame->n_vectors;
1659 VLIB_NODE_FN (nat44_ei_in2out_node)
1660 (vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame)
1662 return nat44_ei_in2out_node_fn_inline (vm, node, frame, 0 /* is_slow_path */,
1666 VLIB_REGISTER_NODE (nat44_ei_in2out_node) = {
1667 .name = "nat44-ei-in2out",
1668 .vector_size = sizeof (u32),
1669 .format_trace = format_nat44_ei_in2out_trace,
1670 .type = VLIB_NODE_TYPE_INTERNAL,
1672 .n_errors = ARRAY_LEN(nat44_ei_in2out_error_strings),
1673 .error_strings = nat44_ei_in2out_error_strings,
1675 .runtime_data_bytes = sizeof (nat44_ei_runtime_t),
1677 .n_next_nodes = NAT44_EI_IN2OUT_N_NEXT,
1679 /* edit / add dispositions here */
1681 [NAT44_EI_IN2OUT_NEXT_DROP] = "error-drop",
1682 [NAT44_EI_IN2OUT_NEXT_LOOKUP] = "ip4-lookup",
1683 [NAT44_EI_IN2OUT_NEXT_SLOW_PATH] = "nat44-ei-in2out-slowpath",
1684 [NAT44_EI_IN2OUT_NEXT_ICMP_ERROR] = "ip4-icmp-error",
1685 [NAT44_EI_IN2OUT_NEXT_HAIRPINNING_HANDOFF] = "nat44-ei-in2out-hairpinning-handoff-ip4-lookup",
1689 VLIB_NODE_FN (nat44_ei_in2out_output_node)
1690 (vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame)
1692 return nat44_ei_in2out_node_fn_inline (vm, node, frame, 0 /* is_slow_path */,
1696 VLIB_REGISTER_NODE (nat44_ei_in2out_output_node) = {
1697 .name = "nat44-ei-in2out-output",
1698 .vector_size = sizeof (u32),
1699 .format_trace = format_nat44_ei_in2out_trace,
1700 .type = VLIB_NODE_TYPE_INTERNAL,
1702 .n_errors = ARRAY_LEN(nat44_ei_in2out_error_strings),
1703 .error_strings = nat44_ei_in2out_error_strings,
1705 .runtime_data_bytes = sizeof (nat44_ei_runtime_t),
1707 .n_next_nodes = NAT44_EI_IN2OUT_N_NEXT,
1709 /* edit / add dispositions here */
1711 [NAT44_EI_IN2OUT_NEXT_DROP] = "error-drop",
1712 [NAT44_EI_IN2OUT_NEXT_LOOKUP] = "interface-output",
1713 [NAT44_EI_IN2OUT_NEXT_SLOW_PATH] = "nat44-ei-in2out-output-slowpath",
1714 [NAT44_EI_IN2OUT_NEXT_ICMP_ERROR] = "ip4-icmp-error",
1715 [NAT44_EI_IN2OUT_NEXT_HAIRPINNING_HANDOFF] = "nat44-ei-in2out-hairpinning-handoff-interface-output",
1719 VLIB_NODE_FN (nat44_ei_in2out_slowpath_node)
1720 (vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame)
1722 return nat44_ei_in2out_node_fn_inline (vm, node, frame, 1 /* is_slow_path */,
1726 VLIB_REGISTER_NODE (nat44_ei_in2out_slowpath_node) = {
1727 .name = "nat44-ei-in2out-slowpath",
1728 .vector_size = sizeof (u32),
1729 .format_trace = format_nat44_ei_in2out_trace,
1730 .type = VLIB_NODE_TYPE_INTERNAL,
1732 .n_errors = ARRAY_LEN(nat44_ei_in2out_error_strings),
1733 .error_strings = nat44_ei_in2out_error_strings,
1735 .runtime_data_bytes = sizeof (nat44_ei_runtime_t),
1737 .n_next_nodes = NAT44_EI_IN2OUT_N_NEXT,
1739 /* edit / add dispositions here */
1741 [NAT44_EI_IN2OUT_NEXT_DROP] = "error-drop",
1742 [NAT44_EI_IN2OUT_NEXT_LOOKUP] = "ip4-lookup",
1743 [NAT44_EI_IN2OUT_NEXT_SLOW_PATH] = "nat44-ei-in2out-slowpath",
1744 [NAT44_EI_IN2OUT_NEXT_ICMP_ERROR] = "ip4-icmp-error",
1745 [NAT44_EI_IN2OUT_NEXT_HAIRPINNING_HANDOFF] = "nat44-ei-in2out-hairpinning-handoff-ip4-lookup",
1749 VLIB_NODE_FN (nat44_ei_in2out_output_slowpath_node)
1750 (vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame)
1752 return nat44_ei_in2out_node_fn_inline (vm, node, frame, 1 /* is_slow_path */,
1756 VLIB_REGISTER_NODE (nat44_ei_in2out_output_slowpath_node) = {
1757 .name = "nat44-ei-in2out-output-slowpath",
1758 .vector_size = sizeof (u32),
1759 .format_trace = format_nat44_ei_in2out_trace,
1760 .type = VLIB_NODE_TYPE_INTERNAL,
1762 .n_errors = ARRAY_LEN(nat44_ei_in2out_error_strings),
1763 .error_strings = nat44_ei_in2out_error_strings,
1765 .runtime_data_bytes = sizeof (nat44_ei_runtime_t),
1767 .n_next_nodes = NAT44_EI_IN2OUT_N_NEXT,
1769 /* edit / add dispositions here */
1771 [NAT44_EI_IN2OUT_NEXT_DROP] = "error-drop",
1772 [NAT44_EI_IN2OUT_NEXT_LOOKUP] = "interface-output",
1773 [NAT44_EI_IN2OUT_NEXT_SLOW_PATH] = "nat44-ei-in2out-output-slowpath",
1774 [NAT44_EI_IN2OUT_NEXT_ICMP_ERROR] = "ip4-icmp-error",
1775 [NAT44_EI_IN2OUT_NEXT_HAIRPINNING_HANDOFF] = "nat44-ei-in2out-hairpinning-handoff-interface-output",
1779 VLIB_NODE_FN (nat44_ei_in2out_fast_node)
1780 (vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame)
1782 u32 n_left_from, *from, *to_next;
1783 u32 thread_index = vm->thread_index;
1784 nat44_ei_in2out_next_t next_index;
1785 nat44_ei_main_t *nm = &nat44_ei_main;
1786 int is_hairpinning = 0;
1788 from = vlib_frame_vector_args (frame);
1789 n_left_from = frame->n_vectors;
1790 next_index = node->cached_next_index;
1792 while (n_left_from > 0)
1796 vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
1798 while (n_left_from > 0 && n_left_to_next > 0)
1806 u32 new_addr0, old_addr0;
1807 u16 old_port0, new_port0;
1810 icmp46_header_t *icmp0;
1813 ip4_address_t sm0_addr;
1816 u32 required_thread_index = thread_index;
1818 /* speculatively enqueue b0 to the current next frame */
1824 n_left_to_next -= 1;
1826 b0 = vlib_get_buffer (vm, bi0);
1827 next0 = NAT44_EI_IN2OUT_NEXT_LOOKUP;
1829 ip0 = vlib_buffer_get_current (b0);
1830 udp0 = ip4_next_header (ip0);
1831 tcp0 = (tcp_header_t *) udp0;
1832 icmp0 = (icmp46_header_t *) udp0;
1834 sw_if_index0 = vnet_buffer (b0)->sw_if_index[VLIB_RX];
1836 ip4_fib_table_get_index_for_sw_if_index (sw_if_index0);
1838 if (PREDICT_FALSE (ip0->ttl == 1))
1840 vnet_buffer (b0)->sw_if_index[VLIB_TX] = (u32) ~ 0;
1841 icmp4_error_set_vnet_buffer (b0, ICMP4_time_exceeded,
1842 ICMP4_time_exceeded_ttl_exceeded_in_transit,
1844 next0 = NAT44_EI_IN2OUT_NEXT_ICMP_ERROR;
1848 proto0 = ip_proto_to_nat_proto (ip0->protocol);
1850 if (PREDICT_FALSE (proto0 == NAT_PROTOCOL_OTHER))
1853 if (PREDICT_FALSE (proto0 == NAT_PROTOCOL_ICMP))
1855 next0 = nat44_ei_icmp_in2out (b0, ip0, icmp0, sw_if_index0,
1856 rx_fib_index0, node, next0, ~0, 0);
1860 if (nat44_ei_static_mapping_match (
1861 ip0->src_address, udp0->src_port, rx_fib_index0, proto0,
1862 &sm0_addr, &sm0_port, &sm0_fib_index, 0, 0, 0))
1864 b0->error = node->errors[NAT44_EI_IN2OUT_ERROR_NO_TRANSLATION];
1865 next0 = NAT44_EI_IN2OUT_NEXT_DROP;
1869 new_addr0 = sm0_addr.as_u32;
1870 new_port0 = sm0_port;
1871 vnet_buffer (b0)->sw_if_index[VLIB_TX] = sm0_fib_index;
1872 old_addr0 = ip0->src_address.as_u32;
1873 ip0->src_address.as_u32 = new_addr0;
1875 sum0 = ip0->checksum;
1876 sum0 = ip_csum_update (sum0, old_addr0, new_addr0,
1878 src_address /* changed member */ );
1879 ip0->checksum = ip_csum_fold (sum0);
1881 if (PREDICT_FALSE (new_port0 != udp0->dst_port))
1883 old_port0 = udp0->src_port;
1884 udp0->src_port = new_port0;
1886 if (PREDICT_TRUE (proto0 == NAT_PROTOCOL_TCP))
1888 sum0 = tcp0->checksum;
1889 sum0 = ip_csum_update (sum0, old_addr0, new_addr0,
1891 dst_address /* changed member */ );
1892 sum0 = ip_csum_update (sum0, old_port0, new_port0,
1893 ip4_header_t /* cheat */ ,
1894 length /* changed member */ );
1895 mss_clamping (nm->mss_clamping, tcp0, &sum0);
1896 tcp0->checksum = ip_csum_fold (sum0);
1898 else if (udp0->checksum)
1900 sum0 = udp0->checksum;
1901 sum0 = ip_csum_update (sum0, old_addr0, new_addr0,
1903 dst_address /* changed member */ );
1904 sum0 = ip_csum_update (sum0, old_port0, new_port0,
1905 ip4_header_t /* cheat */ ,
1906 length /* changed member */ );
1907 udp0->checksum = ip_csum_fold (sum0);
1912 if (PREDICT_TRUE (proto0 == NAT_PROTOCOL_TCP))
1914 sum0 = tcp0->checksum;
1915 sum0 = ip_csum_update (sum0, old_addr0, new_addr0,
1917 dst_address /* changed member */ );
1918 mss_clamping (nm->mss_clamping, tcp0, &sum0);
1919 tcp0->checksum = ip_csum_fold (sum0);
1921 else if (udp0->checksum)
1923 sum0 = udp0->checksum;
1924 sum0 = ip_csum_update (sum0, old_addr0, new_addr0,
1926 dst_address /* changed member */ );
1927 udp0->checksum = ip_csum_fold (sum0);
1932 is_hairpinning = nat44_ei_hairpinning (
1933 vm, node, nm, thread_index, b0, ip0, udp0, tcp0, proto0,
1934 0 /* do_trace */, &required_thread_index);
1936 if (thread_index != required_thread_index)
1938 vnet_buffer (b0)->snat.required_thread_index =
1939 required_thread_index;
1940 next0 = NAT44_EI_IN2OUT_NEXT_HAIRPINNING_HANDOFF;
1944 if (PREDICT_FALSE ((node->flags & VLIB_NODE_FLAG_TRACE)
1945 && (b0->flags & VLIB_BUFFER_IS_TRACED)))
1947 nat44_ei_in2out_trace_t *t =
1948 vlib_add_trace (vm, node, b0, sizeof (*t));
1949 t->sw_if_index = sw_if_index0;
1950 t->next_index = next0;
1951 t->is_hairpinning = is_hairpinning;
1954 if (next0 != NAT44_EI_IN2OUT_NEXT_DROP)
1957 vlib_increment_simple_counter (
1958 &nm->counters.fastpath.in2out.other, sw_if_index0,
1959 vm->thread_index, 1);
1962 /* verify speculative enqueue, maybe switch current next frame */
1963 vlib_validate_buffer_enqueue_x1 (vm, node, next_index,
1964 to_next, n_left_to_next,
1968 vlib_put_next_frame (vm, node, next_index, n_left_to_next);
1971 return frame->n_vectors;
1974 VLIB_REGISTER_NODE (nat44_ei_in2out_fast_node) = {
1975 .name = "nat44-ei-in2out-fast",
1976 .vector_size = sizeof (u32),
1977 .format_trace = format_nat44_ei_in2out_fast_trace,
1978 .type = VLIB_NODE_TYPE_INTERNAL,
1980 .n_errors = ARRAY_LEN(nat44_ei_in2out_error_strings),
1981 .error_strings = nat44_ei_in2out_error_strings,
1983 .runtime_data_bytes = sizeof (nat44_ei_runtime_t),
1985 .n_next_nodes = NAT44_EI_IN2OUT_N_NEXT,
1987 /* edit / add dispositions here */
1989 [NAT44_EI_IN2OUT_NEXT_DROP] = "error-drop",
1990 [NAT44_EI_IN2OUT_NEXT_LOOKUP] = "ip4-lookup",
1991 [NAT44_EI_IN2OUT_NEXT_SLOW_PATH] = "nat44-ei-in2out-slowpath",
1992 [NAT44_EI_IN2OUT_NEXT_ICMP_ERROR] = "ip4-icmp-error",
1993 [NAT44_EI_IN2OUT_NEXT_HAIRPINNING_HANDOFF] = "nat44-ei-in2out-hairpinning-handoff-ip4-lookup",
1997 VLIB_NODE_FN (nat44_ei_in2out_hairpinning_handoff_ip4_lookup_node)
1998 (vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame)
2000 return nat44_ei_hairpinning_handoff_fn_inline (
2002 nat44_ei_main.in2out_hairpinning_finish_ip4_lookup_node_fq_index);
2005 VLIB_REGISTER_NODE (nat44_ei_in2out_hairpinning_handoff_ip4_lookup_node) = {
2006 .name = "nat44-ei-in2out-hairpinning-handoff-ip4-lookup",
2007 .vector_size = sizeof (u32),
2008 .n_errors = ARRAY_LEN(nat44_ei_hairpinning_handoff_error_strings),
2009 .error_strings = nat44_ei_hairpinning_handoff_error_strings,
2010 .format_trace = format_nat44_ei_hairpinning_handoff_trace,
2019 VLIB_NODE_FN (nat44_ei_in2out_hairpinning_handoff_interface_output_node)
2020 (vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame)
2022 return nat44_ei_hairpinning_handoff_fn_inline (
2024 nat44_ei_main.in2out_hairpinning_finish_interface_output_node_fq_index);
2027 VLIB_REGISTER_NODE (nat44_ei_in2out_hairpinning_handoff_interface_output_node) = {
2028 .name = "nat44-ei-in2out-hairpinning-handoff-interface-output",
2029 .vector_size = sizeof (u32),
2030 .n_errors = ARRAY_LEN(nat44_ei_hairpinning_handoff_error_strings),
2031 .error_strings = nat44_ei_hairpinning_handoff_error_strings,
2032 .format_trace = format_nat44_ei_hairpinning_handoff_trace,
2041 static_always_inline int
2042 nat44_ei_in2out_hairpinning_finish_inline (vlib_main_t *vm,
2043 vlib_node_runtime_t *node,
2044 vlib_frame_t *frame)
2046 u32 n_left_from, *from, *to_next;
2047 u32 thread_index = vm->thread_index;
2048 nat44_ei_in2out_next_t next_index;
2049 nat44_ei_main_t *nm = &nat44_ei_main;
2050 int is_hairpinning = 0;
2052 from = vlib_frame_vector_args (frame);
2053 n_left_from = frame->n_vectors;
2054 next_index = node->cached_next_index;
2056 while (n_left_from > 0)
2060 vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
2062 while (n_left_from > 0 && n_left_to_next > 0)
2071 icmp46_header_t *icmp0;
2073 u32 required_thread_index = thread_index;
2075 /* speculatively enqueue b0 to the current next frame */
2081 n_left_to_next -= 1;
2083 b0 = vlib_get_buffer (vm, bi0);
2084 next0 = NAT44_EI_IN2OUT_HAIRPINNING_FINISH_NEXT_LOOKUP;
2086 ip0 = vlib_buffer_get_current (b0);
2087 udp0 = ip4_next_header (ip0);
2088 tcp0 = (tcp_header_t *) udp0;
2089 icmp0 = (icmp46_header_t *) udp0;
2091 sw_if_index0 = vnet_buffer (b0)->sw_if_index[VLIB_RX];
2092 proto0 = ip_proto_to_nat_proto (ip0->protocol);
2096 case NAT_PROTOCOL_TCP:
2098 case NAT_PROTOCOL_UDP:
2099 is_hairpinning = nat44_ei_hairpinning (
2100 vm, node, nm, thread_index, b0, ip0, udp0, tcp0, proto0,
2101 0 /* do_trace */, &required_thread_index);
2103 case NAT_PROTOCOL_ICMP:
2104 is_hairpinning = (0 == nat44_ei_icmp_hairpinning (
2105 nm, b0, thread_index, ip0, icmp0,
2106 &required_thread_index));
2108 case NAT_PROTOCOL_OTHER:
2109 // this should never happen
2110 next0 = NAT44_EI_IN2OUT_HAIRPINNING_FINISH_NEXT_DROP;
2114 if (thread_index != required_thread_index)
2116 // but we already did a handoff ...
2117 next0 = NAT44_EI_IN2OUT_HAIRPINNING_FINISH_NEXT_DROP;
2120 if (PREDICT_FALSE ((node->flags & VLIB_NODE_FLAG_TRACE) &&
2121 (b0->flags & VLIB_BUFFER_IS_TRACED)))
2123 nat44_ei_in2out_trace_t *t =
2124 vlib_add_trace (vm, node, b0, sizeof (*t));
2125 t->sw_if_index = sw_if_index0;
2126 t->next_index = next0;
2127 t->is_hairpinning = is_hairpinning;
2130 if (next0 != NAT44_EI_IN2OUT_HAIRPINNING_FINISH_NEXT_DROP)
2132 vlib_increment_simple_counter (
2133 &nm->counters.fastpath.in2out.other, sw_if_index0,
2134 vm->thread_index, 1);
2137 /* verify speculative enqueue, maybe switch current next frame */
2138 vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next,
2139 n_left_to_next, bi0, next0);
2142 vlib_put_next_frame (vm, node, next_index, n_left_to_next);
2145 return frame->n_vectors;
2148 VLIB_NODE_FN (nat44_ei_in2out_hairpinning_finish_ip4_lookup_node)
2149 (vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame)
2151 return nat44_ei_in2out_hairpinning_finish_inline (vm, node, frame);
2154 VLIB_REGISTER_NODE (nat44_ei_in2out_hairpinning_finish_ip4_lookup_node) = {
2155 .name = "nat44-ei-in2out-hairpinning-finish-ip4-lookup",
2156 .vector_size = sizeof (u32),
2157 .format_trace = format_nat44_ei_in2out_fast_trace,
2158 .type = VLIB_NODE_TYPE_INTERNAL,
2160 .n_errors = ARRAY_LEN(nat44_ei_in2out_error_strings),
2161 .error_strings = nat44_ei_in2out_error_strings,
2163 .runtime_data_bytes = sizeof (nat44_ei_runtime_t),
2165 .n_next_nodes = NAT44_EI_IN2OUT_HAIRPINNING_FINISH_N_NEXT,
2167 /* edit / add dispositions here */
2169 [NAT44_EI_IN2OUT_HAIRPINNING_FINISH_NEXT_DROP] = "error-drop",
2170 [NAT44_EI_IN2OUT_HAIRPINNING_FINISH_NEXT_LOOKUP] = "ip4-lookup",
2174 VLIB_NODE_FN (nat44_ei_in2out_hairpinning_finish_interface_output_node)
2175 (vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame)
2177 return nat44_ei_in2out_hairpinning_finish_inline (vm, node, frame);
2180 VLIB_REGISTER_NODE (nat44_ei_in2out_hairpinning_finish_interface_output_node) = {
2181 .name = "nat44-ei-in2out-hairpinning-finish-interface-output",
2182 .vector_size = sizeof (u32),
2183 .format_trace = format_nat44_ei_in2out_fast_trace,
2184 .type = VLIB_NODE_TYPE_INTERNAL,
2186 .n_errors = ARRAY_LEN(nat44_ei_in2out_error_strings),
2187 .error_strings = nat44_ei_in2out_error_strings,
2189 .runtime_data_bytes = sizeof (nat44_ei_runtime_t),
2191 .n_next_nodes = NAT44_EI_IN2OUT_HAIRPINNING_FINISH_N_NEXT,
2193 /* edit / add dispositions here */
2195 [NAT44_EI_IN2OUT_HAIRPINNING_FINISH_NEXT_DROP] = "error-drop",
2196 [NAT44_EI_IN2OUT_HAIRPINNING_FINISH_NEXT_LOOKUP] = "interface-output",
2201 * fd.io coding-style-patch-verification: ON
2204 * eval: (c-set-style "gnu")
Code Review / vpp.git / blob