2 * Copyright (c) 2018 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
17 * @brief NAT44 hairpinning
20 #include <vlib/vlib.h>
21 #include <vnet/vnet.h>
22 #include <vnet/fib/ip4_fib.h>
24 #include <nat/nat_inlines.h>
25 #include <nat/nat_reass.h>
29 SNAT_HAIRPIN_SRC_NEXT_DROP,
30 SNAT_HAIRPIN_SRC_NEXT_SNAT_IN2OUT,
31 SNAT_HAIRPIN_SRC_NEXT_SNAT_IN2OUT_WH,
32 SNAT_HAIRPIN_SRC_NEXT_INTERFACE_OUTPUT,
33 SNAT_HAIRPIN_SRC_N_NEXT,
34 } snat_hairpin_src_next_t;
38 NAT_HAIRPIN_NEXT_LOOKUP,
39 NAT_HAIRPIN_NEXT_DROP,
43 #define foreach_nat44_hairpin_error \
44 _(PROCESSED, "NAT44 hairpinning packets processed")
48 #define _(sym,str) NAT44_HAIRPIN_ERROR_##sym,
49 foreach_nat44_hairpin_error
51 NAT44_HAIRPIN_N_ERROR,
52 } nat44_hairpin_error_t;
54 static char *nat44_hairpin_error_strings[] = {
55 #define _(sym,string) string,
56 foreach_nat44_hairpin_error
60 vlib_node_registration_t snat_hairpin_dst_node;
61 vlib_node_registration_t snat_hairpin_src_node;
62 vlib_node_registration_t nat44_hairpinning_node;
63 vlib_node_registration_t nat44_ed_hairpin_dst_node;
64 vlib_node_registration_t nat44_ed_hairpin_src_node;
65 vlib_node_registration_t nat44_ed_hairpinning_node;
67 extern vnet_feature_arc_registration_t vnet_feat_arc_ip4_local;
69 static_always_inline int
70 is_hairpinning (snat_main_t * sm, ip4_address_t * dst_addr)
73 clib_bihash_kv_8_8_t kv, value;
74 snat_session_key_t m_key;
77 vec_foreach (ap, sm->addresses)
79 if (ap->addr.as_u32 == dst_addr->as_u32)
84 m_key.addr.as_u32 = dst_addr->as_u32;
88 kv.key = m_key.as_u64;
89 if (!clib_bihash_search_8_8 (&sm->static_mapping_by_external, &kv, &value))
96 snat_hairpinning (snat_main_t * sm,
100 tcp_header_t * tcp0, u32 proto0, int is_ed)
102 snat_session_key_t key0, sm0;
104 clib_bihash_kv_8_8_t kv0, value0;
106 u32 new_dst_addr0 = 0, old_dst_addr0, ti = 0, si;
107 u16 new_dst_port0, old_dst_port0;
110 key0.addr = ip0->dst_address;
111 key0.port = udp0->dst_port;
112 key0.protocol = proto0;
113 key0.fib_index = sm->outside_fib_index;
114 kv0.key = key0.as_u64;
116 /* Check if destination is static mappings */
117 if (!snat_static_mapping_match (sm, key0, &sm0, 1, 0, 0, 0, 0, 0))
119 new_dst_addr0 = sm0.addr.as_u32;
120 new_dst_port0 = sm0.port;
121 vnet_buffer (b0)->sw_if_index[VLIB_TX] = sm0.fib_index;
123 /* or active session */
126 if (sm->num_workers > 1)
128 (clib_net_to_host_u16 (udp0->dst_port) -
129 1024) / sm->port_per_thread;
131 ti = sm->num_workers;
135 clib_bihash_kv_16_8_t ed_kv, ed_value;
136 make_ed_kv (&ed_kv, &ip0->dst_address, &ip0->src_address,
137 ip0->protocol, sm->outside_fib_index, udp0->dst_port,
139 rv = clib_bihash_search_16_8 (&sm->per_thread_data[ti].out2in_ed,
145 rv = clib_bihash_search_8_8 (&sm->per_thread_data[ti].out2in, &kv0,
152 s0 = pool_elt_at_index (sm->per_thread_data[ti].sessions, si);
153 new_dst_addr0 = s0->in2out.addr.as_u32;
154 new_dst_port0 = s0->in2out.port;
155 vnet_buffer (b0)->sw_if_index[VLIB_TX] = s0->in2out.fib_index;
158 /* Destination is behind the same NAT, use internal address and port */
161 old_dst_addr0 = ip0->dst_address.as_u32;
162 ip0->dst_address.as_u32 = new_dst_addr0;
163 sum0 = ip0->checksum;
164 sum0 = ip_csum_update (sum0, old_dst_addr0, new_dst_addr0,
165 ip4_header_t, dst_address);
166 ip0->checksum = ip_csum_fold (sum0);
168 old_dst_port0 = tcp0->dst;
169 if (PREDICT_TRUE (new_dst_port0 != old_dst_port0))
171 if (PREDICT_TRUE (proto0 == SNAT_PROTOCOL_TCP))
173 tcp0->dst = new_dst_port0;
174 sum0 = tcp0->checksum;
175 sum0 = ip_csum_update (sum0, old_dst_addr0, new_dst_addr0,
176 ip4_header_t, dst_address);
177 sum0 = ip_csum_update (sum0, old_dst_port0, new_dst_port0,
178 ip4_header_t /* cheat */ , length);
179 tcp0->checksum = ip_csum_fold (sum0);
183 udp0->dst_port = new_dst_port0;
189 if (PREDICT_TRUE (proto0 == SNAT_PROTOCOL_TCP))
191 sum0 = tcp0->checksum;
192 sum0 = ip_csum_update (sum0, old_dst_addr0, new_dst_addr0,
193 ip4_header_t, dst_address);
194 tcp0->checksum = ip_csum_fold (sum0);
203 snat_icmp_hairpinning (snat_main_t * sm,
205 ip4_header_t * ip0, icmp46_header_t * icmp0, int is_ed)
207 snat_session_key_t key0;
208 clib_bihash_kv_8_8_t kv0, value0;
209 u32 old_dst_addr0, new_dst_addr0;
210 u32 old_addr0, new_addr0;
211 u16 old_port0, new_port0;
212 u16 old_checksum0, new_checksum0;
216 snat_static_mapping_t *m0;
218 if (icmp_is_error_message (icmp0))
220 ip4_header_t *inner_ip0 = 0;
221 tcp_udp_header_t *l4_header = 0;
223 inner_ip0 = (ip4_header_t *) ((icmp_echo_header_t *) (icmp0 + 1) + 1);
224 l4_header = ip4_next_header (inner_ip0);
225 u32 protocol = ip_proto_to_snat_proto (inner_ip0->protocol);
227 if (protocol != SNAT_PROTOCOL_TCP && protocol != SNAT_PROTOCOL_UDP)
232 clib_bihash_kv_16_8_t ed_kv, ed_value;
233 make_ed_kv (&ed_kv, &ip0->dst_address, &ip0->src_address,
234 inner_ip0->protocol, sm->outside_fib_index,
235 l4_header->src_port, l4_header->dst_port);
236 if (clib_bihash_search_16_8 (&sm->per_thread_data[ti].out2in_ed,
243 key0.addr = ip0->dst_address;
244 key0.port = l4_header->src_port;
245 key0.protocol = protocol;
246 key0.fib_index = sm->outside_fib_index;
247 kv0.key = key0.as_u64;
248 if (clib_bihash_search_8_8 (&sm->per_thread_data[ti].out2in, &kv0,
253 s0 = pool_elt_at_index (sm->per_thread_data[ti].sessions, si);
254 new_dst_addr0 = s0->in2out.addr.as_u32;
255 vnet_buffer (b0)->sw_if_index[VLIB_TX] = s0->in2out.fib_index;
257 /* update inner source IP address */
258 old_addr0 = inner_ip0->src_address.as_u32;
259 inner_ip0->src_address.as_u32 = new_dst_addr0;
260 new_addr0 = inner_ip0->src_address.as_u32;
261 sum0 = icmp0->checksum;
262 sum0 = ip_csum_update (sum0, old_addr0, new_addr0, ip4_header_t,
264 icmp0->checksum = ip_csum_fold (sum0);
266 /* update inner IP header checksum */
267 old_checksum0 = inner_ip0->checksum;
268 sum0 = inner_ip0->checksum;
269 sum0 = ip_csum_update (sum0, old_addr0, new_addr0, ip4_header_t,
271 inner_ip0->checksum = ip_csum_fold (sum0);
272 new_checksum0 = inner_ip0->checksum;
273 sum0 = icmp0->checksum;
274 sum0 = ip_csum_update (sum0, old_checksum0, new_checksum0, ip4_header_t,
276 icmp0->checksum = ip_csum_fold (sum0);
278 /* update inner source port */
279 old_port0 = l4_header->src_port;
280 l4_header->src_port = s0->in2out.port;
281 new_port0 = l4_header->src_port;
282 sum0 = icmp0->checksum;
283 sum0 = ip_csum_update (sum0, old_port0, new_port0, tcp_udp_header_t,
285 icmp0->checksum = ip_csum_fold (sum0);
289 key0.addr = ip0->dst_address;
292 key0.fib_index = sm->outside_fib_index;
293 kv0.key = key0.as_u64;
295 if (clib_bihash_search_8_8
296 (&sm->static_mapping_by_external, &kv0, &value0))
300 icmp_echo_header_t *echo0 = (icmp_echo_header_t *) (icmp0 + 1);
301 u16 icmp_id0 = echo0->identifier;
302 key0.addr = ip0->dst_address;
303 key0.port = icmp_id0;
304 key0.protocol = SNAT_PROTOCOL_ICMP;
305 key0.fib_index = sm->outside_fib_index;
306 kv0.key = key0.as_u64;
307 if (sm->num_workers > 1)
309 (clib_net_to_host_u16 (icmp_id0) -
310 1024) / sm->port_per_thread;
312 ti = sm->num_workers;
314 clib_bihash_search_8_8 (&sm->per_thread_data[ti].out2in, &kv0,
320 pool_elt_at_index (sm->per_thread_data[ti].sessions, si);
321 new_dst_addr0 = s0->in2out.addr.as_u32;
322 vnet_buffer (b0)->sw_if_index[VLIB_TX] =
323 s0->in2out.fib_index;
324 echo0->identifier = s0->in2out.port;
325 sum0 = icmp0->checksum;
326 sum0 = ip_csum_update (sum0, icmp_id0, s0->in2out.port,
327 icmp_echo_header_t, identifier);
328 icmp0->checksum = ip_csum_fold (sum0);
336 m0 = pool_elt_at_index (sm->static_mappings, value0.value);
338 new_dst_addr0 = m0->local_addr.as_u32;
339 if (vnet_buffer (b0)->sw_if_index[VLIB_TX] == ~0)
340 vnet_buffer (b0)->sw_if_index[VLIB_TX] = m0->fib_index;
343 /* Destination is behind the same NAT, use internal address and port */
346 old_dst_addr0 = ip0->dst_address.as_u32;
347 ip0->dst_address.as_u32 = new_dst_addr0;
348 sum0 = ip0->checksum;
349 sum0 = ip_csum_update (sum0, old_dst_addr0, new_dst_addr0,
350 ip4_header_t, dst_address);
351 ip0->checksum = ip_csum_fold (sum0);
357 nat_hairpinning_sm_unknown_proto (snat_main_t * sm,
358 vlib_buffer_t * b, ip4_header_t * ip)
360 clib_bihash_kv_8_8_t kv, value;
361 snat_static_mapping_t *m;
362 u32 old_addr, new_addr;
365 make_sm_kv (&kv, &ip->dst_address, 0, 0, 0);
366 if (clib_bihash_search_8_8 (&sm->static_mapping_by_external, &kv, &value))
369 m = pool_elt_at_index (sm->static_mappings, value.value);
371 old_addr = ip->dst_address.as_u32;
372 new_addr = ip->dst_address.as_u32 = m->local_addr.as_u32;
374 sum = ip_csum_update (sum, old_addr, new_addr, ip4_header_t, dst_address);
375 ip->checksum = ip_csum_fold (sum);
377 if (vnet_buffer (b)->sw_if_index[VLIB_TX] == ~0)
378 vnet_buffer (b)->sw_if_index[VLIB_TX] = m->fib_index;
382 nat44_ed_hairpinning_unknown_proto (snat_main_t * sm,
383 vlib_buffer_t * b, ip4_header_t * ip)
385 u32 old_addr, new_addr = 0, ti = 0;
386 clib_bihash_kv_8_8_t kv, value;
387 clib_bihash_kv_16_8_t s_kv, s_value;
388 snat_static_mapping_t *m;
391 snat_main_per_thread_data_t *tsm;
393 if (sm->num_workers > 1)
394 ti = sm->worker_out2in_cb (ip, sm->outside_fib_index);
396 ti = sm->num_workers;
397 tsm = &sm->per_thread_data[ti];
399 old_addr = ip->dst_address.as_u32;
400 make_ed_kv (&s_kv, &ip->dst_address, &ip->src_address, ip->protocol,
401 sm->outside_fib_index, 0, 0);
402 if (clib_bihash_search_16_8 (&tsm->out2in_ed, &s_kv, &s_value))
404 make_sm_kv (&kv, &ip->dst_address, 0, 0, 0);
405 if (clib_bihash_search_8_8
406 (&sm->static_mapping_by_external, &kv, &value))
409 m = pool_elt_at_index (sm->static_mappings, value.value);
410 if (vnet_buffer (b)->sw_if_index[VLIB_TX] == ~0)
411 vnet_buffer (b)->sw_if_index[VLIB_TX] = m->fib_index;
412 new_addr = ip->dst_address.as_u32 = m->local_addr.as_u32;
416 s = pool_elt_at_index (sm->per_thread_data[ti].sessions, s_value.value);
417 if (vnet_buffer (b)->sw_if_index[VLIB_TX] == ~0)
418 vnet_buffer (b)->sw_if_index[VLIB_TX] = s->in2out.fib_index;
419 new_addr = ip->dst_address.as_u32 = s->in2out.addr.as_u32;
422 sum = ip_csum_update (sum, old_addr, new_addr, ip4_header_t, dst_address);
423 ip->checksum = ip_csum_fold (sum);
427 nat44_reass_hairpinning (snat_main_t * sm,
430 u16 sport, u16 dport, u32 proto0, int is_ed)
432 snat_session_key_t key0, sm0;
434 clib_bihash_kv_8_8_t kv0, value0;
436 u32 new_dst_addr0 = 0, old_dst_addr0, ti = 0, si;
437 u16 new_dst_port0, old_dst_port0;
442 key0.addr = ip0->dst_address;
444 key0.protocol = proto0;
445 key0.fib_index = sm->outside_fib_index;
446 kv0.key = key0.as_u64;
448 udp0 = ip4_next_header (ip0);
450 /* Check if destination is static mappings */
451 if (!snat_static_mapping_match (sm, key0, &sm0, 1, 0, 0, 0, 0, 0))
453 new_dst_addr0 = sm0.addr.as_u32;
454 new_dst_port0 = sm0.port;
455 vnet_buffer (b0)->sw_if_index[VLIB_TX] = sm0.fib_index;
457 /* or active sessions */
460 if (sm->num_workers > 1)
462 (clib_net_to_host_u16 (udp0->dst_port) -
463 1024) / sm->port_per_thread;
465 ti = sm->num_workers;
469 clib_bihash_kv_16_8_t ed_kv, ed_value;
470 make_ed_kv (&ed_kv, &ip0->dst_address, &ip0->src_address,
471 ip0->protocol, sm->outside_fib_index, udp0->dst_port,
473 rv = clib_bihash_search_16_8 (&sm->per_thread_data[ti].out2in_ed,
479 rv = clib_bihash_search_8_8 (&sm->per_thread_data[ti].out2in, &kv0,
485 s0 = pool_elt_at_index (sm->per_thread_data[ti].sessions, si);
486 new_dst_addr0 = s0->in2out.addr.as_u32;
487 new_dst_port0 = s0->in2out.port;
488 vnet_buffer (b0)->sw_if_index[VLIB_TX] = s0->in2out.fib_index;
492 /* Destination is behind the same NAT, use internal address and port */
495 old_dst_addr0 = ip0->dst_address.as_u32;
496 ip0->dst_address.as_u32 = new_dst_addr0;
497 sum0 = ip0->checksum;
498 sum0 = ip_csum_update (sum0, old_dst_addr0, new_dst_addr0,
499 ip4_header_t, dst_address);
500 ip0->checksum = ip_csum_fold (sum0);
502 old_dst_port0 = dport;
503 if (PREDICT_TRUE (new_dst_port0 != old_dst_port0 &&
504 ip4_is_first_fragment (ip0)))
506 if (PREDICT_TRUE (proto0 == SNAT_PROTOCOL_TCP))
508 tcp0 = ip4_next_header (ip0);
509 tcp0->dst = new_dst_port0;
510 sum0 = tcp0->checksum;
511 sum0 = ip_csum_update (sum0, old_dst_addr0, new_dst_addr0,
512 ip4_header_t, dst_address);
513 sum0 = ip_csum_update (sum0, old_dst_port0, new_dst_port0,
514 ip4_header_t /* cheat */ , length);
515 tcp0->checksum = ip_csum_fold (sum0);
519 udp0->dst_port = new_dst_port0;
525 if (PREDICT_TRUE (proto0 == SNAT_PROTOCOL_TCP))
527 tcp0 = ip4_next_header (ip0);
528 sum0 = tcp0->checksum;
529 sum0 = ip_csum_update (sum0, old_dst_addr0, new_dst_addr0,
530 ip4_header_t, dst_address);
531 tcp0->checksum = ip_csum_fold (sum0);
538 nat44_hairpinning_fn_inline (vlib_main_t * vm,
539 vlib_node_runtime_t * node,
540 vlib_frame_t * frame, int is_ed)
542 u32 n_left_from, *from, *to_next, stats_node_index;
543 nat_hairpin_next_t next_index;
544 u32 pkts_processed = 0;
545 snat_main_t *sm = &snat_main;
546 vnet_feature_main_t *fm = &feature_main;
547 u8 arc_index = vnet_feat_arc_ip4_local.feature_arc_index;
548 vnet_feature_config_main_t *cm = &fm->feature_config_mains[arc_index];
550 stats_node_index = is_ed ? nat44_ed_hairpinning_node.index :
551 nat44_hairpinning_node.index;
552 from = vlib_frame_vector_args (frame);
553 n_left_from = frame->n_vectors;
554 next_index = node->cached_next_index;
556 while (n_left_from > 0)
560 vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
562 while (n_left_from > 0 && n_left_to_next > 0)
572 /* speculatively enqueue b0 to the current next frame */
580 b0 = vlib_get_buffer (vm, bi0);
581 ip0 = vlib_buffer_get_current (b0);
582 udp0 = ip4_next_header (ip0);
583 tcp0 = (tcp_header_t *) udp0;
585 proto0 = ip_proto_to_snat_proto (ip0->protocol);
587 vnet_get_config_data (&cm->config_main, &b0->current_config_index,
590 if (snat_hairpinning (sm, b0, ip0, udp0, tcp0, proto0, is_ed))
591 next0 = NAT_HAIRPIN_NEXT_LOOKUP;
593 pkts_processed += next0 != NAT_HAIRPIN_NEXT_DROP;
595 /* verify speculative enqueue, maybe switch current next frame */
596 vlib_validate_buffer_enqueue_x1 (vm, node, next_index,
597 to_next, n_left_to_next,
601 vlib_put_next_frame (vm, node, next_index, n_left_to_next);
604 vlib_node_increment_counter (vm, stats_node_index,
605 NAT44_HAIRPIN_ERROR_PROCESSED, pkts_processed);
606 return frame->n_vectors;
610 nat44_hairpinning_fn (vlib_main_t * vm,
611 vlib_node_runtime_t * node, vlib_frame_t * frame)
613 return nat44_hairpinning_fn_inline (vm, node, frame, 0);
617 VLIB_REGISTER_NODE (nat44_hairpinning_node) = {
618 .function = nat44_hairpinning_fn,
619 .name = "nat44-hairpinning",
620 .vector_size = sizeof (u32),
621 .type = VLIB_NODE_TYPE_INTERNAL,
622 .n_errors = ARRAY_LEN(nat44_hairpin_error_strings),
623 .error_strings = nat44_hairpin_error_strings,
624 .n_next_nodes = NAT_HAIRPIN_N_NEXT,
626 [NAT_HAIRPIN_NEXT_DROP] = "error-drop",
627 [NAT_HAIRPIN_NEXT_LOOKUP] = "ip4-lookup",
632 VLIB_NODE_FUNCTION_MULTIARCH (nat44_hairpinning_node, nat44_hairpinning_fn);
635 nat44_ed_hairpinning_fn (vlib_main_t * vm,
636 vlib_node_runtime_t * node, vlib_frame_t * frame)
638 return nat44_hairpinning_fn_inline (vm, node, frame, 1);
642 VLIB_REGISTER_NODE (nat44_ed_hairpinning_node) = {
643 .function = nat44_ed_hairpinning_fn,
644 .name = "nat44-ed-hairpinning",
645 .vector_size = sizeof (u32),
646 .type = VLIB_NODE_TYPE_INTERNAL,
647 .n_errors = ARRAY_LEN(nat44_hairpin_error_strings),
648 .error_strings = nat44_hairpin_error_strings,
649 .n_next_nodes = NAT_HAIRPIN_N_NEXT,
651 [NAT_HAIRPIN_NEXT_DROP] = "error-drop",
652 [NAT_HAIRPIN_NEXT_LOOKUP] = "ip4-lookup",
657 VLIB_NODE_FUNCTION_MULTIARCH (nat44_ed_hairpinning_node,
658 nat44_ed_hairpinning_fn);
661 snat_hairpin_dst_fn_inline (vlib_main_t * vm,
662 vlib_node_runtime_t * node,
663 vlib_frame_t * frame, int is_ed)
665 u32 n_left_from, *from, *to_next, stats_node_index;
666 nat_hairpin_next_t next_index;
667 u32 pkts_processed = 0;
668 snat_main_t *sm = &snat_main;
670 stats_node_index = is_ed ? nat44_ed_hairpin_dst_node.index :
671 snat_hairpin_dst_node.index;
673 from = vlib_frame_vector_args (frame);
674 n_left_from = frame->n_vectors;
675 next_index = node->cached_next_index;
677 while (n_left_from > 0)
681 vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
683 while (n_left_from > 0 && n_left_to_next > 0)
691 /* speculatively enqueue b0 to the current next frame */
699 b0 = vlib_get_buffer (vm, bi0);
700 next0 = NAT_HAIRPIN_NEXT_LOOKUP;
701 ip0 = vlib_buffer_get_current (b0);
703 proto0 = ip_proto_to_snat_proto (ip0->protocol);
705 vnet_buffer (b0)->snat.flags = 0;
706 if (PREDICT_FALSE (is_hairpinning (sm, &ip0->dst_address)))
708 if (proto0 == SNAT_PROTOCOL_TCP || proto0 == SNAT_PROTOCOL_UDP)
710 udp_header_t *udp0 = ip4_next_header (ip0);
711 tcp_header_t *tcp0 = (tcp_header_t *) udp0;
713 snat_hairpinning (sm, b0, ip0, udp0, tcp0, proto0, is_ed);
715 else if (proto0 == SNAT_PROTOCOL_ICMP)
717 icmp46_header_t *icmp0 = ip4_next_header (ip0);
719 snat_icmp_hairpinning (sm, b0, ip0, icmp0, is_ed);
724 nat44_ed_hairpinning_unknown_proto (sm, b0, ip0);
726 nat_hairpinning_sm_unknown_proto (sm, b0, ip0);
729 vnet_buffer (b0)->snat.flags = SNAT_FLAG_HAIRPINNING;
732 pkts_processed += next0 != NAT_HAIRPIN_NEXT_DROP;
734 /* verify speculative enqueue, maybe switch current next frame */
735 vlib_validate_buffer_enqueue_x1 (vm, node, next_index,
736 to_next, n_left_to_next,
740 vlib_put_next_frame (vm, node, next_index, n_left_to_next);
743 vlib_node_increment_counter (vm, stats_node_index,
744 NAT44_HAIRPIN_ERROR_PROCESSED, pkts_processed);
745 return frame->n_vectors;
749 snat_hairpin_dst_fn (vlib_main_t * vm,
750 vlib_node_runtime_t * node, vlib_frame_t * frame)
752 return snat_hairpin_dst_fn_inline (vm, node, frame, 0);
756 VLIB_REGISTER_NODE (snat_hairpin_dst_node) = {
757 .function = snat_hairpin_dst_fn,
758 .name = "nat44-hairpin-dst",
759 .vector_size = sizeof (u32),
760 .type = VLIB_NODE_TYPE_INTERNAL,
761 .n_errors = ARRAY_LEN(nat44_hairpin_error_strings),
762 .error_strings = nat44_hairpin_error_strings,
763 .n_next_nodes = NAT_HAIRPIN_N_NEXT,
765 [NAT_HAIRPIN_NEXT_DROP] = "error-drop",
766 [NAT_HAIRPIN_NEXT_LOOKUP] = "ip4-lookup",
771 VLIB_NODE_FUNCTION_MULTIARCH (snat_hairpin_dst_node, snat_hairpin_dst_fn);
774 nat44_ed_hairpin_dst_fn (vlib_main_t * vm,
775 vlib_node_runtime_t * node, vlib_frame_t * frame)
777 return snat_hairpin_dst_fn_inline (vm, node, frame, 1);
781 VLIB_REGISTER_NODE (nat44_ed_hairpin_dst_node) = {
782 .function = nat44_ed_hairpin_dst_fn,
783 .name = "nat44-ed-hairpin-dst",
784 .vector_size = sizeof (u32),
785 .type = VLIB_NODE_TYPE_INTERNAL,
786 .n_errors = ARRAY_LEN(nat44_hairpin_error_strings),
787 .error_strings = nat44_hairpin_error_strings,
788 .n_next_nodes = NAT_HAIRPIN_N_NEXT,
790 [NAT_HAIRPIN_NEXT_DROP] = "error-drop",
791 [NAT_HAIRPIN_NEXT_LOOKUP] = "ip4-lookup",
796 VLIB_NODE_FUNCTION_MULTIARCH (nat44_ed_hairpin_dst_node,
797 nat44_ed_hairpin_dst_fn);
800 snat_hairpin_src_fn_inline (vlib_main_t * vm,
801 vlib_node_runtime_t * node,
802 vlib_frame_t * frame, int is_ed)
804 u32 n_left_from, *from, *to_next, stats_node_index;
805 snat_hairpin_src_next_t next_index;
806 u32 pkts_processed = 0;
807 snat_main_t *sm = &snat_main;
809 stats_node_index = is_ed ? nat44_ed_hairpin_src_node.index :
810 snat_hairpin_src_node.index;
812 from = vlib_frame_vector_args (frame);
813 n_left_from = frame->n_vectors;
814 next_index = node->cached_next_index;
816 while (n_left_from > 0)
820 vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
822 while (n_left_from > 0 && n_left_to_next > 0)
830 /* speculatively enqueue b0 to the current next frame */
838 b0 = vlib_get_buffer (vm, bi0);
839 sw_if_index0 = vnet_buffer (b0)->sw_if_index[VLIB_RX];
840 next0 = SNAT_HAIRPIN_SRC_NEXT_INTERFACE_OUTPUT;
843 pool_foreach (i, sm->output_feature_interfaces,
845 /* Only packets from NAT inside interface */
846 if ((nat_interface_is_inside(i)) && (sw_if_index0 == i->sw_if_index))
848 if (PREDICT_FALSE ((vnet_buffer (b0)->snat.flags) &
849 SNAT_FLAG_HAIRPINNING))
851 if (PREDICT_TRUE (sm->num_workers > 1))
852 next0 = SNAT_HAIRPIN_SRC_NEXT_SNAT_IN2OUT_WH;
854 next0 = SNAT_HAIRPIN_SRC_NEXT_SNAT_IN2OUT;
861 pkts_processed += next0 != SNAT_HAIRPIN_SRC_NEXT_DROP;
863 /* verify speculative enqueue, maybe switch current next frame */
864 vlib_validate_buffer_enqueue_x1 (vm, node, next_index,
865 to_next, n_left_to_next,
869 vlib_put_next_frame (vm, node, next_index, n_left_to_next);
872 vlib_node_increment_counter (vm, stats_node_index,
873 NAT44_HAIRPIN_ERROR_PROCESSED, pkts_processed);
874 return frame->n_vectors;
878 snat_hairpin_src_fn (vlib_main_t * vm,
879 vlib_node_runtime_t * node, vlib_frame_t * frame)
881 return snat_hairpin_src_fn_inline (vm, node, frame, 0);
885 VLIB_REGISTER_NODE (snat_hairpin_src_node) = {
886 .function = snat_hairpin_src_fn,
887 .name = "nat44-hairpin-src",
888 .vector_size = sizeof (u32),
889 .type = VLIB_NODE_TYPE_INTERNAL,
890 .n_errors = ARRAY_LEN(nat44_hairpin_error_strings),
891 .error_strings = nat44_hairpin_error_strings,
892 .n_next_nodes = SNAT_HAIRPIN_SRC_N_NEXT,
894 [SNAT_HAIRPIN_SRC_NEXT_DROP] = "error-drop",
895 [SNAT_HAIRPIN_SRC_NEXT_SNAT_IN2OUT] = "nat44-in2out-output",
896 [SNAT_HAIRPIN_SRC_NEXT_INTERFACE_OUTPUT] = "interface-output",
897 [SNAT_HAIRPIN_SRC_NEXT_SNAT_IN2OUT_WH] = "nat44-in2out-output-worker-handoff",
902 VLIB_NODE_FUNCTION_MULTIARCH (snat_hairpin_src_node, snat_hairpin_src_fn);
905 nat44_ed_hairpin_src_fn (vlib_main_t * vm,
906 vlib_node_runtime_t * node, vlib_frame_t * frame)
908 return snat_hairpin_src_fn_inline (vm, node, frame, 1);
912 VLIB_REGISTER_NODE (nat44_ed_hairpin_src_node) = {
913 .function = nat44_ed_hairpin_src_fn,
914 .name = "nat44-ed-hairpin-src",
915 .vector_size = sizeof (u32),
916 .type = VLIB_NODE_TYPE_INTERNAL,
917 .n_errors = ARRAY_LEN(nat44_hairpin_error_strings),
918 .error_strings = nat44_hairpin_error_strings,
919 .n_next_nodes = SNAT_HAIRPIN_SRC_N_NEXT,
921 [SNAT_HAIRPIN_SRC_NEXT_DROP] = "error-drop",
922 [SNAT_HAIRPIN_SRC_NEXT_SNAT_IN2OUT] = "nat44-ed-in2out-output",
923 [SNAT_HAIRPIN_SRC_NEXT_INTERFACE_OUTPUT] = "interface-output",
924 [SNAT_HAIRPIN_SRC_NEXT_SNAT_IN2OUT_WH] = "nat44-in2out-output-worker-handoff",
929 VLIB_NODE_FUNCTION_MULTIARCH (nat44_ed_hairpin_src_node,
930 nat44_ed_hairpin_src_fn);
933 * fd.io coding-style-patch-verification: ON
936 * eval: (c-set-style "gnu")
Code Review / vpp.git / blob