2 * Copyright (c) 2018 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
17 * @brief NAT44 endpoint-dependent outside to inside network translation
20 #include <vlib/vlib.h>
21 #include <vnet/vnet.h>
22 #include <vnet/ip/ip.h>
23 #include <vnet/ethernet/ethernet.h>
24 #include <vnet/fib/ip4_fib.h>
25 #include <vnet/udp/udp_local.h>
26 #include <vppinfra/error.h>
28 #include <nat/lib/ipfix_logging.h>
29 #include <nat/nat_inlines.h>
30 #include <nat/nat44/inlines.h>
31 #include <nat/lib/nat_syslog.h>
32 #include <nat/nat_ha.h>
33 #include <nat/nat44/ed_inlines.h>
35 static char *nat_out2in_ed_error_strings[] = {
36 #define _(sym,string) string,
37 foreach_nat_out2in_ed_error
47 } nat44_ed_out2in_trace_t;
52 } nat44_ed_out2in_handoff_trace_t;
55 format_nat44_ed_out2in_trace (u8 * s, va_list * args)
57 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
58 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
59 nat44_ed_out2in_trace_t *t = va_arg (*args, nat44_ed_out2in_trace_t *);
63 t->is_slow_path ? "NAT44_OUT2IN_ED_SLOW_PATH" :
64 "NAT44_OUT2IN_ED_FAST_PATH";
66 s = format (s, "%s: sw_if_index %d, next index %d, session %d", tag,
67 t->sw_if_index, t->next_index, t->session_index);
73 icmp_out2in_ed_slow_path (snat_main_t * sm, vlib_buffer_t * b0,
74 ip4_header_t * ip0, icmp46_header_t * icmp0,
75 u32 sw_if_index0, u32 rx_fib_index0,
76 vlib_node_runtime_t * node, u32 next0, f64 now,
77 u32 thread_index, snat_session_t ** p_s0)
79 vlib_main_t *vm = vlib_get_main ();
81 next0 = icmp_out2in (sm, b0, ip0, icmp0, sw_if_index0, rx_fib_index0, node,
82 next0, thread_index, p_s0, 0);
83 snat_session_t *s0 = *p_s0;
84 if (PREDICT_TRUE (next0 != NAT_NEXT_DROP && s0))
87 nat44_session_update_counters (s0, now,
88 vlib_buffer_length_in_chain
89 (vm, b0), thread_index);
90 /* Per-user LRU list maintenance */
91 nat44_session_update_lru (sm, s0, thread_index);
96 #ifndef CLIB_MARCH_VARIANT
98 nat44_o2i_ed_is_idle_session_cb (clib_bihash_kv_16_8_t * kv, void *arg)
100 snat_main_t *sm = &snat_main;
101 nat44_is_idle_session_ctx_t *ctx = arg;
103 u64 sess_timeout_time;
106 ip4_address_t *l_addr, *r_addr;
108 clib_bihash_kv_16_8_t ed_kv;
111 snat_main_per_thread_data_t *tsm = vec_elt_at_index (sm->per_thread_data,
114 s = pool_elt_at_index (tsm->sessions, kv->value);
115 sess_timeout_time = s->last_heard + (f64) nat44_session_get_timeout (sm, s);
116 if (ctx->now >= sess_timeout_time)
118 l_addr = &s->in2out.addr;
119 r_addr = &s->ext_host_addr;
120 fib_index = s->in2out.fib_index;
121 if (snat_is_unk_proto_session (s))
123 proto = s->in2out.port;
129 proto = nat_proto_to_ip_proto (s->nat_proto);
130 l_port = s->in2out.port;
131 r_port = s->ext_host_port;
133 if (is_twice_nat_session (s))
135 r_addr = &s->ext_host_nat_addr;
136 r_port = s->ext_host_nat_port;
138 init_ed_k (&ed_kv, *l_addr, l_port, *r_addr, r_port, fib_index, proto);
139 if (clib_bihash_add_del_16_8 (&tsm->in2out_ed, &ed_kv, 0))
140 nat_elog_warn ("in2out_ed key del failed");
142 if (snat_is_unk_proto_session (s))
145 nat_ipfix_logging_nat44_ses_delete (ctx->thread_index,
146 s->in2out.addr.as_u32,
147 s->out2in.addr.as_u32,
151 s->in2out.fib_index);
153 nat_syslog_nat44_sdel (s->user_index, s->in2out.fib_index,
154 &s->in2out.addr, s->in2out.port,
155 &s->ext_host_nat_addr, s->ext_host_nat_port,
156 &s->out2in.addr, s->out2in.port,
157 &s->ext_host_addr, s->ext_host_port,
158 s->nat_proto, is_twice_nat_session (s));
160 nat_ha_sdel (&s->out2in.addr, s->out2in.port, &s->ext_host_addr,
161 s->ext_host_port, s->nat_proto, s->out2in.fib_index,
164 if (is_twice_nat_session (s))
166 for (i = 0; i < vec_len (sm->twice_nat_addresses); i++)
168 // FIXME TODO this is obviously wrong code ... needs fix!
169 // key.protocol = s->nat_proto;
170 // key.port = s->ext_host_nat_port;
171 // a = sm->twice_nat_addresses + i;
172 // if (a->addr.as_u32 == s->ext_host_nat_addr.as_u32)
174 // snat_free_outside_address_and_port (sm->twice_nat_addresses,
175 // ctx->thread_index,
182 if (snat_is_session_static (s))
185 snat_free_outside_address_and_port (sm->addresses, ctx->thread_index,
186 &s->out2in.addr, s->out2in.port,
189 nat_ed_session_delete (sm, s, ctx->thread_index, 1);
197 // allocate exact address based on preference
198 static_always_inline int
199 nat_alloc_addr_and_port_exact (snat_address_t * a,
201 nat_protocol_t proto,
202 ip4_address_t * addr,
204 u16 port_per_thread, u32 snat_thread_index)
210 #define _(N, j, n, s) \
211 case NAT_PROTOCOL_##N: \
212 if (a->busy_##n##_ports_per_thread[thread_index] < port_per_thread) \
216 portnum = (port_per_thread * \
217 snat_thread_index) + \
218 snat_random_port(0, port_per_thread - 1) + 1024; \
219 if (a->busy_##n##_port_refcounts[portnum]) \
221 --a->busy_##n##_port_refcounts[portnum]; \
222 a->busy_##n##_ports_per_thread[thread_index]++; \
223 a->busy_##n##_ports++; \
225 *port = clib_host_to_net_u16(portnum); \
233 nat_elog_info ("unknown protocol");
237 /* Totally out of translations to use... */
238 nat_ipfix_logging_addresses_exhausted (thread_index, 0);
243 static snat_session_t *
244 create_session_for_static_mapping_ed (snat_main_t * sm,
246 ip4_address_t i2o_addr,
249 ip4_address_t o2i_addr,
252 nat_protocol_t nat_proto,
253 vlib_node_runtime_t * node,
256 twice_nat_type_t twice_nat,
257 lb_nat_type_t lb_nat, f64 now,
258 snat_static_mapping_t * mapping)
263 snat_main_per_thread_data_t *tsm = &sm->per_thread_data[thread_index];
264 clib_bihash_kv_16_8_t kv;
265 nat44_is_idle_session_ctx_t ctx;
268 (nat44_ed_maximum_sessions_exceeded (sm, rx_fib_index, thread_index)))
270 b->error = node->errors[NAT_OUT2IN_ED_ERROR_MAX_SESSIONS_EXCEEDED];
271 nat_elog_notice ("maximum sessions exceeded");
275 s = nat_ed_session_alloc (sm, thread_index, now, nat_proto);
278 b->error = node->errors[NAT_OUT2IN_ED_ERROR_MAX_USER_SESS_EXCEEDED];
279 nat_elog_warn ("create NAT session failed");
283 ip = vlib_buffer_get_current (b);
284 udp = ip4_next_header (ip);
286 s->ext_host_addr.as_u32 = ip->src_address.as_u32;
287 s->ext_host_port = nat_proto == NAT_PROTOCOL_ICMP ? 0 : udp->src_port;
288 s->flags |= SNAT_SESSION_FLAG_STATIC_MAPPING;
290 s->flags |= SNAT_SESSION_FLAG_LOAD_BALANCING;
291 if (lb_nat == AFFINITY_LB_NAT)
292 s->flags |= SNAT_SESSION_FLAG_AFFINITY;
293 s->flags |= SNAT_SESSION_FLAG_ENDPOINT_DEPENDENT;
294 s->out2in.addr = o2i_addr;
295 s->out2in.port = o2i_port;
296 s->out2in.fib_index = o2i_fib_index;
297 s->in2out.addr = i2o_addr;
298 s->in2out.port = i2o_port;
299 s->in2out.fib_index = i2o_fib_index;
300 s->nat_proto = nat_proto;
302 /* Add to lookup tables */
303 init_ed_kv (&kv, o2i_addr, o2i_port, s->ext_host_addr, s->ext_host_port,
304 o2i_fib_index, ip->protocol, thread_index, s - tsm->sessions);
306 ctx.thread_index = thread_index;
307 if (clib_bihash_add_or_overwrite_stale_16_8 (&sm->out2in_ed, &kv,
308 nat44_o2i_ed_is_idle_session_cb,
310 nat_elog_notice ("out2in-ed key add failed");
312 if (twice_nat == TWICE_NAT || (twice_nat == TWICE_NAT_SELF &&
313 ip->src_address.as_u32 == i2o_addr.as_u32))
316 snat_address_t *filter = 0;
318 // if exact address is specified use this address
319 if (is_exact_address (mapping))
322 vec_foreach (ap, sm->twice_nat_addresses)
324 if (mapping->pool_addr.as_u32 == ap->addr.as_u32)
334 rc = nat_alloc_addr_and_port_exact (filter,
337 &s->ext_host_nat_addr,
338 &s->ext_host_nat_port,
340 tsm->snat_thread_index);
341 s->flags |= SNAT_SESSION_FLAG_EXACT_ADDRESS;
346 snat_alloc_outside_address_and_port (sm->twice_nat_addresses, 0,
347 thread_index, nat_proto,
348 &s->ext_host_nat_addr,
349 &s->ext_host_nat_port,
351 tsm->snat_thread_index);
356 b->error = node->errors[NAT_OUT2IN_ED_ERROR_OUT_OF_PORTS];
357 nat_ed_session_delete (sm, s, thread_index, 1);
358 if (clib_bihash_add_del_16_8 (&sm->out2in_ed, &kv, 0))
359 nat_elog_notice ("out2in-ed key del failed");
363 s->flags |= SNAT_SESSION_FLAG_TWICE_NAT;
364 init_ed_kv (&kv, i2o_addr, i2o_port, s->ext_host_nat_addr,
365 s->ext_host_nat_port, i2o_fib_index, ip->protocol,
366 thread_index, s - tsm->sessions);
370 init_ed_kv (&kv, i2o_addr, i2o_port, s->ext_host_addr,
371 s->ext_host_port, i2o_fib_index, ip->protocol,
372 thread_index, s - tsm->sessions);
374 if (clib_bihash_add_or_overwrite_stale_16_8 (&tsm->in2out_ed, &kv,
375 nat44_i2o_ed_is_idle_session_cb,
377 nat_elog_notice ("in2out-ed key add failed");
379 nat_ipfix_logging_nat44_ses_create (thread_index,
380 s->in2out.addr.as_u32,
381 s->out2in.addr.as_u32,
384 s->out2in.port, s->in2out.fib_index);
386 nat_syslog_nat44_sadd (s->user_index, s->in2out.fib_index,
387 &s->in2out.addr, s->in2out.port,
388 &s->ext_host_nat_addr, s->ext_host_nat_port,
389 &s->out2in.addr, s->out2in.port,
390 &s->ext_host_addr, s->ext_host_port,
391 s->nat_proto, is_twice_nat_session (s));
393 nat_ha_sadd (&s->in2out.addr, s->in2out.port, &s->out2in.addr,
394 s->out2in.port, &s->ext_host_addr, s->ext_host_port,
395 &s->ext_host_nat_addr, s->ext_host_nat_port,
396 s->nat_proto, s->in2out.fib_index, s->flags, thread_index, 0);
398 per_vrf_sessions_register_session (s, thread_index);
404 next_src_nat (snat_main_t * sm, ip4_header_t * ip, u16 src_port,
405 u16 dst_port, u32 thread_index, u32 rx_fib_index)
407 clib_bihash_kv_16_8_t kv, value;
408 snat_main_per_thread_data_t *tsm = &sm->per_thread_data[thread_index];
410 init_ed_k (&kv, ip->src_address, src_port, ip->dst_address, dst_port,
411 rx_fib_index, ip->protocol);
412 if (!clib_bihash_search_16_8 (&tsm->in2out_ed, &kv, &value))
419 create_bypass_for_fwd (snat_main_t * sm, vlib_buffer_t * b, ip4_header_t * ip,
420 u32 rx_fib_index, u32 thread_index)
422 clib_bihash_kv_16_8_t kv, value;
424 snat_session_t *s = 0;
425 snat_main_per_thread_data_t *tsm = &sm->per_thread_data[thread_index];
426 vlib_main_t *vm = vlib_get_main ();
427 f64 now = vlib_time_now (vm);
430 if (ip->protocol == IP_PROTOCOL_ICMP)
432 if (get_icmp_o2i_ed_key
433 (b, ip, rx_fib_index, ~0, ~0, 0, &l_port, &r_port, &kv))
438 if (ip->protocol == IP_PROTOCOL_UDP || ip->protocol == IP_PROTOCOL_TCP)
440 udp = ip4_next_header (ip);
441 l_port = udp->dst_port;
442 r_port = udp->src_port;
449 init_ed_k (&kv, ip->dst_address, l_port, ip->src_address, r_port,
450 rx_fib_index, ip->protocol);
453 if (!clib_bihash_search_16_8 (&tsm->in2out_ed, &kv, &value))
455 ASSERT (thread_index == ed_value_get_thread_index (&value));
457 pool_elt_at_index (tsm->sessions,
458 ed_value_get_session_index (&value));
460 else if (ip->protocol == IP_PROTOCOL_ICMP &&
461 icmp_type_is_error_message
462 (vnet_buffer (b)->ip.reass.icmp_type_or_tcp_flags))
471 (nat44_ed_maximum_sessions_exceeded
472 (sm, rx_fib_index, thread_index)))
475 s = nat_ed_session_alloc (sm, thread_index, now, ip->protocol);
478 nat_elog_warn ("create NAT session failed");
482 proto = ip_proto_to_nat_proto (ip->protocol);
484 s->ext_host_addr = ip->src_address;
485 s->ext_host_port = r_port;
486 s->flags |= SNAT_SESSION_FLAG_FWD_BYPASS;
487 s->out2in.addr = ip->dst_address;
488 s->out2in.port = l_port;
489 s->nat_proto = proto;
490 if (proto == NAT_PROTOCOL_OTHER)
492 s->flags |= SNAT_SESSION_FLAG_UNKNOWN_PROTO;
493 s->out2in.port = ip->protocol;
495 s->out2in.fib_index = rx_fib_index;
496 s->in2out.addr = s->out2in.addr;
497 s->in2out.port = s->out2in.port;
498 s->in2out.fib_index = s->out2in.fib_index;
500 kv.value = s - tsm->sessions;
501 if (clib_bihash_add_del_16_8 (&tsm->in2out_ed, &kv, 1))
502 nat_elog_notice ("in2out_ed key add failed");
504 per_vrf_sessions_register_session (s, thread_index);
507 if (ip->protocol == IP_PROTOCOL_TCP)
509 tcp_header_t *tcp = ip4_next_header (ip);
510 nat44_set_tcp_session_state_o2i (sm, now, s, tcp->flags,
511 tcp->ack_number, tcp->seq_number,
516 nat44_session_update_counters (s, now, 0, thread_index);
517 /* Per-user LRU list maintenance */
518 nat44_session_update_lru (sm, s, thread_index);
521 static_always_inline int
522 create_bypass_for_fwd_worker (snat_main_t * sm,
523 vlib_buffer_t * b, ip4_header_t * ip,
524 u32 rx_fib_index, u32 thread_index)
527 .src_address = ip->dst_address,
529 u32 index = sm->worker_in2out_cb (&tmp, rx_fib_index, 0);
531 if (index != thread_index)
533 vnet_buffer2 (b)->nat.thread_next = index;
537 create_bypass_for_fwd (sm, b, ip, rx_fib_index, thread_index);
541 #ifndef CLIB_MARCH_VARIANT
543 icmp_match_out2in_ed (snat_main_t * sm, vlib_node_runtime_t * node,
544 u32 thread_index, vlib_buffer_t * b,
545 ip4_header_t * ip, ip4_address_t * addr,
546 u16 * port, u32 * fib_index, nat_protocol_t * proto,
547 void *d, void *e, u8 * dont_translate)
549 u32 next = ~0, sw_if_index, rx_fib_index;
550 clib_bihash_kv_16_8_t kv, value;
551 snat_main_per_thread_data_t *tsm = &sm->per_thread_data[thread_index];
552 snat_session_t *s = 0;
553 u8 is_addr_only, identity_nat;
555 vlib_main_t *vm = vlib_get_main ();
556 ip4_address_t sm_addr;
560 snat_static_mapping_t *m;
562 sw_if_index = vnet_buffer (b)->sw_if_index[VLIB_RX];
563 rx_fib_index = ip4_fib_table_get_index_for_sw_if_index (sw_if_index);
565 if (get_icmp_o2i_ed_key
566 (b, ip, rx_fib_index, ~0, ~0, proto, &l_port, &r_port, &kv))
568 b->error = node->errors[NAT_OUT2IN_ED_ERROR_UNSUPPORTED_PROTOCOL];
569 next = NAT_NEXT_DROP;
573 if (clib_bihash_search_16_8 (&sm->out2in_ed, &kv, &value))
575 if (snat_static_mapping_match
576 (sm, ip->dst_address, l_port, rx_fib_index,
577 ip_proto_to_nat_proto (ip->protocol), &sm_addr, &sm_port,
578 &sm_fib_index, 1, &is_addr_only, 0, 0, 0, &identity_nat, &m))
580 // static mapping not matched
581 if (!sm->forwarding_enabled)
583 /* Don't NAT packet aimed at the intfc address */
584 if (PREDICT_FALSE (is_interface_addr (sm, node, sw_if_index,
585 ip->dst_address.as_u32)))
591 b->error = node->errors[NAT_OUT2IN_ED_ERROR_NO_TRANSLATION];
592 next = NAT_NEXT_DROP;
598 if (next_src_nat (sm, ip, l_port, r_port,
599 thread_index, rx_fib_index))
601 next = NAT_NEXT_IN2OUT_ED_FAST_PATH;
605 if (sm->num_workers > 1)
607 if (create_bypass_for_fwd_worker (sm, b, ip,
611 next = NAT_NEXT_OUT2IN_ED_HANDOFF;
616 create_bypass_for_fwd (sm, b, ip, rx_fib_index,
625 (vnet_buffer (b)->ip.reass.icmp_type_or_tcp_flags !=
627 && (vnet_buffer (b)->ip.reass.icmp_type_or_tcp_flags !=
628 ICMP4_echo_request || !is_addr_only)))
630 b->error = node->errors[NAT_OUT2IN_ED_ERROR_BAD_ICMP_TYPE];
631 next = NAT_NEXT_DROP;
635 if (PREDICT_FALSE (identity_nat))
641 /* Create session initiated by host from external network */
643 create_session_for_static_mapping_ed (sm, b, sm_addr, sm_port,
644 sm_fib_index, ip->dst_address,
645 l_port, rx_fib_index, *proto,
648 vlib_time_now (vm), m);
650 next = NAT_NEXT_DROP;
655 (vnet_buffer (b)->ip.reass.icmp_type_or_tcp_flags !=
657 && vnet_buffer (b)->ip.reass.icmp_type_or_tcp_flags !=
659 && !icmp_type_is_error_message (vnet_buffer (b)->ip.
660 reass.icmp_type_or_tcp_flags)))
662 b->error = node->errors[NAT_OUT2IN_ED_ERROR_BAD_ICMP_TYPE];
663 next = NAT_NEXT_DROP;
667 ASSERT (thread_index == ed_value_get_thread_index (&value));
669 pool_elt_at_index (tsm->sessions,
670 ed_value_get_session_index (&value));
675 *addr = s->in2out.addr;
676 *port = s->in2out.port;
677 *fib_index = s->in2out.fib_index;
680 *(snat_session_t **) d = s;
685 static snat_session_t *
686 nat44_ed_out2in_unknown_proto (snat_main_t * sm,
692 vlib_main_t * vm, vlib_node_runtime_t * node)
694 clib_bihash_kv_8_8_t kv, value;
695 clib_bihash_kv_16_8_t s_kv, s_value;
696 snat_static_mapping_t *m;
697 u32 old_addr, new_addr;
700 snat_main_per_thread_data_t *tsm = &sm->per_thread_data[thread_index];
702 old_addr = ip->dst_address.as_u32;
704 init_ed_k (&s_kv, ip->dst_address, 0, ip->src_address, 0, rx_fib_index,
707 if (!clib_bihash_search_16_8 (&sm->out2in_ed, &s_kv, &s_value))
709 ASSERT (thread_index == ed_value_get_thread_index (&s_value));
711 pool_elt_at_index (tsm->sessions,
712 ed_value_get_session_index (&s_value));
713 new_addr = ip->dst_address.as_u32 = s->in2out.addr.as_u32;
718 (nat44_ed_maximum_sessions_exceeded
719 (sm, rx_fib_index, thread_index)))
721 b->error = node->errors[NAT_OUT2IN_ED_ERROR_MAX_SESSIONS_EXCEEDED];
722 nat_elog_notice ("maximum sessions exceeded");
726 init_nat_k (&kv, ip->dst_address, 0, 0, 0);
727 if (clib_bihash_search_8_8
728 (&sm->static_mapping_by_external, &kv, &value))
730 b->error = node->errors[NAT_OUT2IN_ED_ERROR_NO_TRANSLATION];
734 m = pool_elt_at_index (sm->static_mappings, value.value);
736 new_addr = ip->dst_address.as_u32 = m->local_addr.as_u32;
738 /* Create a new session */
739 s = nat_ed_session_alloc (sm, thread_index, now, ip->protocol);
742 b->error = node->errors[NAT_OUT2IN_ED_ERROR_MAX_USER_SESS_EXCEEDED];
743 nat_elog_warn ("create NAT session failed");
747 s->ext_host_addr.as_u32 = ip->src_address.as_u32;
748 s->flags |= SNAT_SESSION_FLAG_UNKNOWN_PROTO;
749 s->flags |= SNAT_SESSION_FLAG_STATIC_MAPPING;
750 s->flags |= SNAT_SESSION_FLAG_ENDPOINT_DEPENDENT;
751 s->out2in.addr.as_u32 = old_addr;
752 s->out2in.fib_index = rx_fib_index;
753 s->in2out.addr.as_u32 = new_addr;
754 s->in2out.fib_index = m->fib_index;
755 s->in2out.port = s->out2in.port = ip->protocol;
757 /* Add to lookup tables */
758 s_kv.value = s - tsm->sessions;
759 if (clib_bihash_add_del_16_8 (&sm->out2in_ed, &s_kv, 1))
760 nat_elog_notice ("out2in key add failed");
762 init_ed_kv (&s_kv, ip->dst_address, 0, ip->src_address, 0, m->fib_index,
763 ip->protocol, thread_index, s - tsm->sessions);
764 if (clib_bihash_add_del_16_8 (&tsm->in2out_ed, &s_kv, 1))
765 nat_elog_notice ("in2out key add failed");
767 per_vrf_sessions_register_session (s, thread_index);
770 /* Update IP checksum */
772 sum = ip_csum_update (sum, old_addr, new_addr, ip4_header_t, dst_address);
773 ip->checksum = ip_csum_fold (sum);
775 vnet_buffer (b)->sw_if_index[VLIB_TX] = s->in2out.fib_index;
778 nat44_session_update_counters (s, now, vlib_buffer_length_in_chain (vm, b),
780 /* Per-user LRU list maintenance */
781 nat44_session_update_lru (sm, s, thread_index);
787 nat44_ed_out2in_fast_path_node_fn_inline (vlib_main_t * vm,
788 vlib_node_runtime_t * node,
789 vlib_frame_t * frame,
792 u32 n_left_from, *from;
793 snat_main_t *sm = &snat_main;
794 f64 now = vlib_time_now (vm);
795 u32 thread_index = vm->thread_index;
796 snat_main_per_thread_data_t *tsm = &sm->per_thread_data[thread_index];
798 from = vlib_frame_vector_args (frame);
799 n_left_from = frame->n_vectors;
801 vlib_buffer_t *bufs[VLIB_FRAME_SIZE], **b = bufs;
802 u16 nexts[VLIB_FRAME_SIZE], *next = nexts;
803 vlib_get_buffers (vm, from, b, n_left_from);
805 while (n_left_from > 0)
808 u32 sw_if_index0, rx_fib_index0, proto0, old_addr0, new_addr0;
809 u16 old_port0, new_port0;
813 snat_session_t *s0 = 0;
814 clib_bihash_kv_16_8_t kv0, value0;
820 /* Prefetch next iteration. */
821 if (PREDICT_TRUE (n_left_from >= 2))
827 vlib_prefetch_buffer_header (p2, LOAD);
829 CLIB_PREFETCH (p2->data, CLIB_CACHE_LINE_BYTES, LOAD);
832 next[0] = vnet_buffer2 (b0)->nat.arc_next;
834 vnet_buffer (b0)->snat.flags = 0;
835 ip0 = vlib_buffer_get_current (b0);
837 sw_if_index0 = vnet_buffer (b0)->sw_if_index[VLIB_RX];
839 fib_table_get_index_for_sw_if_index (FIB_PROTOCOL_IP4, sw_if_index0);
841 if (PREDICT_FALSE (ip0->ttl == 1))
843 vnet_buffer (b0)->sw_if_index[VLIB_TX] = (u32) ~ 0;
844 icmp4_error_set_vnet_buffer (b0, ICMP4_time_exceeded,
845 ICMP4_time_exceeded_ttl_exceeded_in_transit,
847 next[0] = NAT_NEXT_ICMP_ERROR;
851 udp0 = ip4_next_header (ip0);
852 tcp0 = (tcp_header_t *) udp0;
853 proto0 = ip_proto_to_nat_proto (ip0->protocol);
855 if (PREDICT_FALSE (proto0 == NAT_PROTOCOL_OTHER))
857 next[0] = NAT_NEXT_OUT2IN_ED_SLOW_PATH;
861 if (PREDICT_FALSE (proto0 == NAT_PROTOCOL_ICMP))
863 next[0] = NAT_NEXT_OUT2IN_ED_SLOW_PATH;
867 init_ed_k (&kv0, ip0->dst_address,
868 vnet_buffer (b0)->ip.reass.l4_dst_port, ip0->src_address,
869 vnet_buffer (b0)->ip.reass.l4_src_port, rx_fib_index0,
872 /* there is a stashed index in vnet_buffer2 from handoff node,
873 * see if we can use it */
876 PREDICT_TRUE (!pool_is_free_index
878 vnet_buffer2 (b0)->nat.ed_out2in_nat_session_index)))
880 s0 = pool_elt_at_index (tsm->sessions,
882 nat.ed_out2in_nat_session_index);
884 (s0->out2in.addr.as_u32 == ip0->dst_address.as_u32
885 && s0->out2in.port == vnet_buffer (b0)->ip.reass.l4_dst_port
886 && s0->nat_proto == ip_proto_to_nat_proto (ip0->protocol)
887 && s0->out2in.fib_index == rx_fib_index0
888 && s0->ext_host_addr.as_u32 == ip0->src_address.as_u32
889 && s0->ext_host_port ==
890 vnet_buffer (b0)->ip.reass.l4_src_port))
892 /* yes, this is the droid we're looking for */
897 // lookup for session
898 if (clib_bihash_search_16_8 (&sm->out2in_ed, &kv0, &value0))
900 // session does not exist go slow path
901 next[0] = NAT_NEXT_OUT2IN_ED_SLOW_PATH;
904 ASSERT (thread_index == ed_value_get_thread_index (&value0));
906 pool_elt_at_index (tsm->sessions,
907 ed_value_get_session_index (&value0));
911 if (PREDICT_FALSE (per_vrf_sessions_is_expired (s0, thread_index)))
913 // session is closed, go slow path
914 nat_free_session_data (sm, s0, thread_index, 0);
915 nat_ed_session_delete (sm, s0, thread_index, 1);
916 next[0] = NAT_NEXT_OUT2IN_ED_SLOW_PATH;
920 if (s0->tcp_closed_timestamp)
922 if (now >= s0->tcp_closed_timestamp)
924 // session is closed, go slow path, freed in slow path
925 next[0] = NAT_NEXT_OUT2IN_ED_SLOW_PATH;
929 // session in transitory timeout, drop
930 b0->error = node->errors[NAT_OUT2IN_ED_ERROR_TCP_CLOSED];
931 next[0] = NAT_NEXT_DROP;
936 // drop if session expired
937 u64 sess_timeout_time;
939 s0->last_heard + (f64) nat44_session_get_timeout (sm, s0);
940 if (now >= sess_timeout_time)
942 // session is closed, go slow path
943 nat_free_session_data (sm, s0, thread_index, 0);
944 nat_ed_session_delete (sm, s0, thread_index, 1);
945 next[0] = NAT_NEXT_OUT2IN_ED_SLOW_PATH;
949 old_addr0 = ip0->dst_address.as_u32;
950 new_addr0 = ip0->dst_address.as_u32 = s0->in2out.addr.as_u32;
951 vnet_buffer (b0)->sw_if_index[VLIB_TX] = s0->in2out.fib_index;
953 sum0 = ip0->checksum;
954 sum0 = ip_csum_update (sum0, old_addr0, new_addr0, ip4_header_t,
956 if (PREDICT_FALSE (is_twice_nat_session (s0)))
957 sum0 = ip_csum_update (sum0, ip0->src_address.as_u32,
958 s0->ext_host_nat_addr.as_u32, ip4_header_t,
960 ip0->checksum = ip_csum_fold (sum0);
962 old_port0 = vnet_buffer (b0)->ip.reass.l4_dst_port;
964 if (PREDICT_TRUE (proto0 == NAT_PROTOCOL_TCP))
966 if (!vnet_buffer (b0)->ip.reass.is_non_first_fragment)
968 new_port0 = udp0->dst_port = s0->in2out.port;
969 sum0 = tcp0->checksum;
971 ip_csum_update (sum0, old_addr0, new_addr0, ip4_header_t,
974 ip_csum_update (sum0, old_port0, new_port0, ip4_header_t,
976 if (is_twice_nat_session (s0))
978 sum0 = ip_csum_update (sum0, ip0->src_address.as_u32,
979 s0->ext_host_nat_addr.as_u32,
980 ip4_header_t, dst_address);
982 ip_csum_update (sum0,
983 vnet_buffer (b0)->ip.reass.l4_src_port,
984 s0->ext_host_nat_port, ip4_header_t,
986 tcp0->src_port = s0->ext_host_nat_port;
987 ip0->src_address.as_u32 = s0->ext_host_nat_addr.as_u32;
989 tcp0->checksum = ip_csum_fold (sum0);
991 vlib_increment_simple_counter (&sm->counters.fastpath.out2in_ed.tcp,
992 thread_index, sw_if_index0, 1);
993 nat44_set_tcp_session_state_o2i (sm, now, s0,
994 vnet_buffer (b0)->ip.
995 reass.icmp_type_or_tcp_flags,
996 vnet_buffer (b0)->ip.
997 reass.tcp_ack_number,
998 vnet_buffer (b0)->ip.
999 reass.tcp_seq_number,
1002 else if (!vnet_buffer (b0)->ip.reass.is_non_first_fragment
1005 new_port0 = udp0->dst_port = s0->in2out.port;
1006 sum0 = udp0->checksum;
1008 ip_csum_update (sum0, old_addr0, new_addr0, ip4_header_t,
1011 ip_csum_update (sum0, old_port0, new_port0, ip4_header_t, length);
1012 if (PREDICT_FALSE (is_twice_nat_session (s0)))
1015 ip_csum_update (sum0, ip0->src_address.as_u32,
1016 s0->ext_host_nat_addr.as_u32, ip4_header_t,
1019 ip_csum_update (sum0, vnet_buffer (b0)->ip.reass.l4_src_port,
1020 s0->ext_host_nat_port, ip4_header_t, length);
1021 udp0->src_port = s0->ext_host_nat_port;
1022 ip0->src_address.as_u32 = s0->ext_host_nat_addr.as_u32;
1024 udp0->checksum = ip_csum_fold (sum0);
1025 vlib_increment_simple_counter (&sm->counters.fastpath.out2in_ed.udp,
1026 thread_index, sw_if_index0, 1);
1030 if (!vnet_buffer (b0)->ip.reass.is_non_first_fragment)
1032 new_port0 = udp0->dst_port = s0->in2out.port;
1033 if (PREDICT_FALSE (is_twice_nat_session (s0)))
1035 udp0->src_port = s0->ext_host_nat_port;
1036 ip0->src_address.as_u32 = s0->ext_host_nat_addr.as_u32;
1039 vlib_increment_simple_counter (&sm->counters.fastpath.out2in_ed.udp,
1040 thread_index, sw_if_index0, 1);
1044 nat44_session_update_counters (s0, now,
1045 vlib_buffer_length_in_chain (vm, b0),
1047 /* Per-user LRU list maintenance */
1048 nat44_session_update_lru (sm, s0, thread_index);
1051 if (PREDICT_FALSE ((node->flags & VLIB_NODE_FLAG_TRACE)
1052 && (b0->flags & VLIB_BUFFER_IS_TRACED)))
1054 nat44_ed_out2in_trace_t *t =
1055 vlib_add_trace (vm, node, b0, sizeof (*t));
1056 t->sw_if_index = sw_if_index0;
1057 t->next_index = next[0];
1058 t->is_slow_path = 0;
1061 t->session_index = s0 - tsm->sessions;
1063 t->session_index = ~0;
1066 if (next[0] == NAT_NEXT_DROP)
1068 vlib_increment_simple_counter (&sm->counters.fastpath.
1069 out2in_ed.drops, thread_index,
1077 vlib_buffer_enqueue_to_next (vm, node, from, (u16 *) nexts,
1079 return frame->n_vectors;
1083 nat44_ed_out2in_slow_path_node_fn_inline (vlib_main_t * vm,
1084 vlib_node_runtime_t * node,
1085 vlib_frame_t * frame)
1087 u32 n_left_from, *from;
1088 snat_main_t *sm = &snat_main;
1089 f64 now = vlib_time_now (vm);
1090 u32 thread_index = vm->thread_index;
1091 snat_main_per_thread_data_t *tsm = &sm->per_thread_data[thread_index];
1092 snat_static_mapping_t *m;
1094 from = vlib_frame_vector_args (frame);
1095 n_left_from = frame->n_vectors;
1097 vlib_buffer_t *bufs[VLIB_FRAME_SIZE], **b = bufs;
1098 u16 nexts[VLIB_FRAME_SIZE], *next = nexts;
1099 vlib_get_buffers (vm, from, b, n_left_from);
1101 while (n_left_from > 0)
1104 u32 sw_if_index0, rx_fib_index0, proto0, old_addr0, new_addr0;
1105 u16 old_port0, new_port0;
1109 icmp46_header_t *icmp0;
1110 snat_session_t *s0 = 0;
1111 clib_bihash_kv_16_8_t kv0, value0;
1113 lb_nat_type_t lb_nat0;
1114 twice_nat_type_t twice_nat0;
1116 ip4_address_t sm_addr;
1121 next[0] = vnet_buffer2 (b0)->nat.arc_next;
1123 vnet_buffer (b0)->snat.flags = 0;
1124 ip0 = vlib_buffer_get_current (b0);
1126 sw_if_index0 = vnet_buffer (b0)->sw_if_index[VLIB_RX];
1128 fib_table_get_index_for_sw_if_index (FIB_PROTOCOL_IP4, sw_if_index0);
1130 if (PREDICT_FALSE (ip0->ttl == 1))
1132 vnet_buffer (b0)->sw_if_index[VLIB_TX] = (u32) ~ 0;
1133 icmp4_error_set_vnet_buffer (b0, ICMP4_time_exceeded,
1134 ICMP4_time_exceeded_ttl_exceeded_in_transit,
1136 next[0] = NAT_NEXT_ICMP_ERROR;
1140 udp0 = ip4_next_header (ip0);
1141 tcp0 = (tcp_header_t *) udp0;
1142 icmp0 = (icmp46_header_t *) udp0;
1143 proto0 = ip_proto_to_nat_proto (ip0->protocol);
1145 if (PREDICT_FALSE (proto0 == NAT_PROTOCOL_OTHER))
1148 nat44_ed_out2in_unknown_proto (sm, b0, ip0, rx_fib_index0,
1149 thread_index, now, vm, node);
1150 if (!sm->forwarding_enabled)
1153 next[0] = NAT_NEXT_DROP;
1155 vlib_increment_simple_counter (&sm->counters.slowpath.
1156 out2in_ed.other, thread_index,
1161 if (PREDICT_FALSE (proto0 == NAT_PROTOCOL_ICMP))
1163 next[0] = icmp_out2in_ed_slow_path
1164 (sm, b0, ip0, icmp0, sw_if_index0, rx_fib_index0, node,
1165 next[0], now, thread_index, &s0);
1166 vlib_increment_simple_counter (&sm->counters.slowpath.
1167 out2in_ed.icmp, thread_index,
1172 init_ed_k (&kv0, ip0->dst_address,
1173 vnet_buffer (b0)->ip.reass.l4_dst_port, ip0->src_address,
1174 vnet_buffer (b0)->ip.reass.l4_src_port, rx_fib_index0,
1178 if (!clib_bihash_search_16_8 (&sm->out2in_ed, &kv0, &value0))
1180 ASSERT (thread_index == ed_value_get_thread_index (&value0));
1182 pool_elt_at_index (tsm->sessions,
1183 ed_value_get_session_index (&value0));
1185 if (s0->tcp_closed_timestamp && now >= s0->tcp_closed_timestamp)
1187 nat_free_session_data (sm, s0, thread_index, 0);
1188 nat_ed_session_delete (sm, s0, thread_index, 1);
1195 /* Try to match static mapping by external address and port,
1196 destination address and port in packet */
1198 if (snat_static_mapping_match
1199 (sm, ip0->dst_address,
1200 vnet_buffer (b0)->ip.reass.l4_dst_port, rx_fib_index0,
1201 proto0, &sm_addr, &sm_port, &sm_fib_index, 1, 0,
1202 &twice_nat0, &lb_nat0, &ip0->src_address, &identity_nat0, &m))
1205 * Send DHCP packets to the ipv4 stack, or we won't
1206 * be able to use dhcp client on the outside interface
1208 if (PREDICT_FALSE (proto0 == NAT_PROTOCOL_UDP
1209 && (vnet_buffer (b0)->ip.reass.l4_dst_port ==
1210 clib_host_to_net_u16
1211 (UDP_DST_PORT_dhcp_to_client))))
1216 if (!sm->forwarding_enabled)
1219 node->errors[NAT_OUT2IN_ED_ERROR_NO_TRANSLATION];
1220 next[0] = NAT_NEXT_DROP;
1225 (sm, ip0, vnet_buffer (b0)->ip.reass.l4_src_port,
1226 vnet_buffer (b0)->ip.reass.l4_dst_port,
1227 thread_index, rx_fib_index0))
1229 next[0] = NAT_NEXT_IN2OUT_ED_FAST_PATH;
1233 if ((sm->num_workers > 1)
1234 && create_bypass_for_fwd_worker (sm, b0, ip0,
1238 next[0] = NAT_NEXT_OUT2IN_ED_HANDOFF;
1242 create_bypass_for_fwd (sm, b0, ip0, rx_fib_index0,
1250 if (PREDICT_FALSE (identity_nat0))
1253 if ((proto0 == NAT_PROTOCOL_TCP)
1254 && !tcp_flags_is_init (vnet_buffer (b0)->ip.
1255 reass.icmp_type_or_tcp_flags))
1257 b0->error = node->errors[NAT_OUT2IN_ED_ERROR_NON_SYN];
1258 next[0] = NAT_NEXT_DROP;
1262 /* Create session initiated by host from external network */
1263 s0 = create_session_for_static_mapping_ed (sm, b0,
1268 ip.reass.l4_dst_port,
1269 rx_fib_index0, proto0,
1270 node, rx_fib_index0,
1271 thread_index, twice_nat0,
1275 next[0] = NAT_NEXT_DROP;
1280 old_addr0 = ip0->dst_address.as_u32;
1281 new_addr0 = ip0->dst_address.as_u32 = s0->in2out.addr.as_u32;
1282 vnet_buffer (b0)->sw_if_index[VLIB_TX] = s0->in2out.fib_index;
1284 sum0 = ip0->checksum;
1285 sum0 = ip_csum_update (sum0, old_addr0, new_addr0, ip4_header_t,
1287 if (PREDICT_FALSE (is_twice_nat_session (s0)))
1288 sum0 = ip_csum_update (sum0, ip0->src_address.as_u32,
1289 s0->ext_host_nat_addr.as_u32, ip4_header_t,
1291 ip0->checksum = ip_csum_fold (sum0);
1293 old_port0 = vnet_buffer (b0)->ip.reass.l4_dst_port;
1295 if (PREDICT_TRUE (proto0 == NAT_PROTOCOL_TCP))
1297 if (!vnet_buffer (b0)->ip.reass.is_non_first_fragment)
1299 new_port0 = udp0->dst_port = s0->in2out.port;
1300 sum0 = tcp0->checksum;
1302 ip_csum_update (sum0, old_addr0, new_addr0, ip4_header_t,
1305 ip_csum_update (sum0, old_port0, new_port0, ip4_header_t,
1307 if (is_twice_nat_session (s0))
1309 sum0 = ip_csum_update (sum0, ip0->src_address.as_u32,
1310 s0->ext_host_nat_addr.as_u32,
1311 ip4_header_t, dst_address);
1313 ip_csum_update (sum0,
1314 vnet_buffer (b0)->ip.reass.l4_src_port,
1315 s0->ext_host_nat_port, ip4_header_t,
1317 tcp0->src_port = s0->ext_host_nat_port;
1318 ip0->src_address.as_u32 = s0->ext_host_nat_addr.as_u32;
1320 tcp0->checksum = ip_csum_fold (sum0);
1322 vlib_increment_simple_counter (&sm->counters.slowpath.out2in_ed.tcp,
1323 thread_index, sw_if_index0, 1);
1324 nat44_set_tcp_session_state_o2i (sm, now, s0,
1325 vnet_buffer (b0)->ip.
1326 reass.icmp_type_or_tcp_flags,
1327 vnet_buffer (b0)->ip.
1328 reass.tcp_ack_number,
1329 vnet_buffer (b0)->ip.
1330 reass.tcp_seq_number,
1333 else if (!vnet_buffer (b0)->ip.reass.is_non_first_fragment
1336 new_port0 = udp0->dst_port = s0->in2out.port;
1337 sum0 = udp0->checksum;
1338 sum0 = ip_csum_update (sum0, old_addr0, new_addr0, ip4_header_t,
1340 sum0 = ip_csum_update (sum0, old_port0, new_port0, ip4_header_t,
1342 if (PREDICT_FALSE (is_twice_nat_session (s0)))
1344 sum0 = ip_csum_update (sum0, ip0->src_address.as_u32,
1345 s0->ext_host_nat_addr.as_u32,
1346 ip4_header_t, dst_address);
1348 ip_csum_update (sum0,
1349 vnet_buffer (b0)->ip.reass.l4_src_port,
1350 s0->ext_host_nat_port, ip4_header_t, length);
1351 udp0->src_port = s0->ext_host_nat_port;
1352 ip0->src_address.as_u32 = s0->ext_host_nat_addr.as_u32;
1354 udp0->checksum = ip_csum_fold (sum0);
1355 vlib_increment_simple_counter (&sm->counters.slowpath.out2in_ed.udp,
1356 thread_index, sw_if_index0, 1);
1360 if (!vnet_buffer (b0)->ip.reass.is_non_first_fragment)
1362 new_port0 = udp0->dst_port = s0->in2out.port;
1363 if (PREDICT_FALSE (is_twice_nat_session (s0)))
1365 udp0->src_port = s0->ext_host_nat_port;
1366 ip0->src_address.as_u32 = s0->ext_host_nat_addr.as_u32;
1369 vlib_increment_simple_counter (&sm->counters.slowpath.out2in_ed.udp,
1370 thread_index, sw_if_index0, 1);
1374 nat44_session_update_counters (s0, now,
1375 vlib_buffer_length_in_chain (vm, b0),
1377 /* Per-user LRU list maintenance */
1378 nat44_session_update_lru (sm, s0, thread_index);
1381 if (PREDICT_FALSE ((node->flags & VLIB_NODE_FLAG_TRACE)
1382 && (b0->flags & VLIB_BUFFER_IS_TRACED)))
1384 nat44_ed_out2in_trace_t *t =
1385 vlib_add_trace (vm, node, b0, sizeof (*t));
1386 t->sw_if_index = sw_if_index0;
1387 t->next_index = next[0];
1388 t->is_slow_path = 1;
1391 t->session_index = s0 - tsm->sessions;
1393 t->session_index = ~0;
1396 if (next[0] == NAT_NEXT_DROP)
1398 vlib_increment_simple_counter (&sm->counters.slowpath.
1399 out2in_ed.drops, thread_index,
1408 vlib_buffer_enqueue_to_next (vm, node, from, (u16 *) nexts,
1411 return frame->n_vectors;
1415 nat_handoff_node_fn_inline (vlib_main_t * vm,
1416 vlib_node_runtime_t * node,
1417 vlib_frame_t * frame, u32 fq_index)
1419 u32 n_enq, n_left_from, *from;
1421 u16 thread_indices[VLIB_FRAME_SIZE], *ti = thread_indices;
1422 vlib_buffer_t *bufs[VLIB_FRAME_SIZE], **b = bufs;
1424 from = vlib_frame_vector_args (frame);
1425 n_left_from = frame->n_vectors;
1427 vlib_get_buffers (vm, from, b, n_left_from);
1429 while (n_left_from >= 4)
1431 if (PREDICT_TRUE (n_left_from >= 8))
1433 vlib_prefetch_buffer_header (b[4], LOAD);
1434 vlib_prefetch_buffer_header (b[5], LOAD);
1435 vlib_prefetch_buffer_header (b[6], LOAD);
1436 vlib_prefetch_buffer_header (b[7], LOAD);
1437 CLIB_PREFETCH (&b[4]->data, CLIB_CACHE_LINE_BYTES, LOAD);
1438 CLIB_PREFETCH (&b[5]->data, CLIB_CACHE_LINE_BYTES, LOAD);
1439 CLIB_PREFETCH (&b[6]->data, CLIB_CACHE_LINE_BYTES, LOAD);
1440 CLIB_PREFETCH (&b[7]->data, CLIB_CACHE_LINE_BYTES, LOAD);
1443 ti[0] = vnet_buffer2 (b[0])->nat.thread_next;
1444 ti[1] = vnet_buffer2 (b[1])->nat.thread_next;
1445 ti[2] = vnet_buffer2 (b[2])->nat.thread_next;
1446 ti[3] = vnet_buffer2 (b[3])->nat.thread_next;
1453 while (n_left_from > 0)
1455 ti[0] = vnet_buffer2 (b[0])->nat.thread_next;
1462 if (PREDICT_FALSE ((node->flags & VLIB_NODE_FLAG_TRACE)))
1466 ti = thread_indices;
1468 for (i = 0; i < frame->n_vectors; i++)
1470 if (b[0]->flags & VLIB_BUFFER_IS_TRACED)
1472 nat44_ed_out2in_handoff_trace_t *t =
1473 vlib_add_trace (vm, node, b[0], sizeof (*t));
1474 t->thread_next = ti[0];
1483 n_enq = vlib_buffer_enqueue_to_thread (vm, fq_index, from, thread_indices,
1484 frame->n_vectors, 1);
1486 if (n_enq < frame->n_vectors)
1488 vlib_node_increment_counter (vm, node->node_index,
1489 NAT44_HANDOFF_ERROR_CONGESTION_DROP,
1490 frame->n_vectors - n_enq);
1493 return frame->n_vectors;
1496 VLIB_NODE_FN (nat44_ed_out2in_node) (vlib_main_t * vm,
1497 vlib_node_runtime_t * node,
1498 vlib_frame_t * frame)
1500 if (snat_main.num_workers > 1)
1502 return nat44_ed_out2in_fast_path_node_fn_inline (vm, node, frame, 1);
1506 return nat44_ed_out2in_fast_path_node_fn_inline (vm, node, frame, 0);
1511 VLIB_REGISTER_NODE (nat44_ed_out2in_node) = {
1512 .name = "nat44-ed-out2in",
1513 .vector_size = sizeof (u32),
1514 .sibling_of = "nat-default",
1515 .format_trace = format_nat44_ed_out2in_trace,
1516 .type = VLIB_NODE_TYPE_INTERNAL,
1517 .n_errors = ARRAY_LEN(nat_out2in_ed_error_strings),
1518 .error_strings = nat_out2in_ed_error_strings,
1519 .runtime_data_bytes = sizeof (snat_runtime_t),
1523 VLIB_NODE_FN (nat44_ed_out2in_slowpath_node) (vlib_main_t * vm,
1524 vlib_node_runtime_t * node,
1525 vlib_frame_t * frame)
1527 return nat44_ed_out2in_slow_path_node_fn_inline (vm, node, frame);
1531 VLIB_REGISTER_NODE (nat44_ed_out2in_slowpath_node) = {
1532 .name = "nat44-ed-out2in-slowpath",
1533 .vector_size = sizeof (u32),
1534 .sibling_of = "nat-default",
1535 .format_trace = format_nat44_ed_out2in_trace,
1536 .type = VLIB_NODE_TYPE_INTERNAL,
1537 .n_errors = ARRAY_LEN(nat_out2in_ed_error_strings),
1538 .error_strings = nat_out2in_ed_error_strings,
1539 .runtime_data_bytes = sizeof (snat_runtime_t),
1544 format_nat44_ed_out2in_handoff_trace (u8 * s, va_list * args)
1546 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
1547 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
1548 nat44_ed_out2in_handoff_trace_t *t =
1549 va_arg (*args, nat44_ed_out2in_handoff_trace_t *);
1550 return format (s, "out2in ed handoff thread_next index %d", t->thread_next);
1553 VLIB_NODE_FN (nat44_ed_out2in_handoff_node) (vlib_main_t * vm,
1554 vlib_node_runtime_t * node,
1555 vlib_frame_t * frame)
1557 return nat_handoff_node_fn_inline (vm, node, frame,
1558 snat_main.ed_out2in_node_index);
1562 VLIB_REGISTER_NODE (nat44_ed_out2in_handoff_node) = {
1563 .name = "nat44-ed-out2in-handoff",
1564 .vector_size = sizeof (u32),
1565 .sibling_of = "nat-default",
1566 .format_trace = format_nat44_ed_out2in_handoff_trace,
1567 .type = VLIB_NODE_TYPE_INTERNAL,
1573 format_nat_pre_trace (u8 * s, va_list * args)
1575 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
1576 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
1577 nat_pre_trace_t *t = va_arg (*args, nat_pre_trace_t *);
1578 return format (s, "out2in next_index %d arc_next_index %d", t->next_index,
1582 VLIB_NODE_FN (nat_pre_out2in_node) (vlib_main_t * vm,
1583 vlib_node_runtime_t * node,
1584 vlib_frame_t * frame)
1586 return nat_pre_node_fn_inline (vm, node, frame,
1587 NAT_NEXT_OUT2IN_ED_FAST_PATH);
1591 VLIB_REGISTER_NODE (nat_pre_out2in_node) = {
1592 .name = "nat-pre-out2in",
1593 .vector_size = sizeof (u32),
1594 .sibling_of = "nat-default",
1595 .format_trace = format_nat_pre_trace,
1596 .type = VLIB_NODE_TYPE_INTERNAL,
1602 * fd.io coding-style-patch-verification: ON
1605 * eval: (c-set-style "gnu")
Code Review / vpp.git / blob