2 * Copyright (c) 2016 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
16 #include <vlib/vlib.h>
17 #include <vnet/vnet.h>
18 #include <vnet/pg/pg.h>
19 #include <vnet/handoff.h>
21 #include <vnet/ip/ip.h>
22 #include <vnet/ethernet/ethernet.h>
23 #include <vnet/fib/ip4_fib.h>
24 #include <snat/snat.h>
26 #include <vppinfra/hash.h>
27 #include <vppinfra/error.h>
28 #include <vppinfra/elog.h>
34 } snat_out2in_trace_t;
37 u32 next_worker_index;
39 } snat_out2in_worker_handoff_trace_t;
41 /* packet trace format function */
42 static u8 * format_snat_out2in_trace (u8 * s, va_list * args)
44 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
45 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
46 snat_out2in_trace_t * t = va_arg (*args, snat_out2in_trace_t *);
48 s = format (s, "SNAT_OUT2IN: sw_if_index %d, next index %d, session index %d",
49 t->sw_if_index, t->next_index, t->session_index);
53 static u8 * format_snat_out2in_fast_trace (u8 * s, va_list * args)
55 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
56 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
57 snat_out2in_trace_t * t = va_arg (*args, snat_out2in_trace_t *);
59 s = format (s, "SNAT_OUT2IN_FAST: sw_if_index %d, next index %d",
60 t->sw_if_index, t->next_index);
64 static u8 * format_snat_out2in_worker_handoff_trace (u8 * s, va_list * args)
66 CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
67 CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
68 snat_out2in_worker_handoff_trace_t * t =
69 va_arg (*args, snat_out2in_worker_handoff_trace_t *);
72 m = t->do_handoff ? "next worker" : "same worker";
73 s = format (s, "SNAT_OUT2IN_WORKER_HANDOFF: %s %d", m, t->next_worker_index);
78 vlib_node_registration_t snat_out2in_node;
79 vlib_node_registration_t snat_out2in_fast_node;
80 vlib_node_registration_t snat_out2in_worker_handoff_node;
82 #define foreach_snat_out2in_error \
83 _(UNSUPPORTED_PROTOCOL, "Unsupported protocol") \
84 _(OUT2IN_PACKETS, "Good out2in packets processed") \
85 _(BAD_ICMP_TYPE, "icmp type not echo-reply") \
86 _(NO_TRANSLATION, "No translation")
89 #define _(sym,str) SNAT_OUT2IN_ERROR_##sym,
90 foreach_snat_out2in_error
93 } snat_out2in_error_t;
95 static char * snat_out2in_error_strings[] = {
96 #define _(sym,string) string,
97 foreach_snat_out2in_error
102 SNAT_OUT2IN_NEXT_DROP,
103 SNAT_OUT2IN_NEXT_LOOKUP,
105 } snat_out2in_next_t;
108 * @brief Create session for static mapping.
110 * Create NAT session initiated by host from external network with static
113 * @param sm SNAT main.
114 * @param b0 Vlib buffer.
115 * @param in2out In2out SNAT session key.
116 * @param out2in Out2in SNAT session key.
117 * @param node Vlib node.
119 * @returns SNAT session if successfully created otherwise 0.
121 static inline snat_session_t *
122 create_session_for_static_mapping (snat_main_t *sm,
124 snat_session_key_t in2out,
125 snat_session_key_t out2in,
126 vlib_node_runtime_t * node,
130 snat_user_key_t user_key;
132 clib_bihash_kv_8_8_t kv0, value0;
133 dlist_elt_t * per_user_translation_list_elt;
134 dlist_elt_t * per_user_list_head_elt;
136 user_key.addr = in2out.addr;
137 user_key.fib_index = in2out.fib_index;
138 kv0.key = user_key.as_u64;
140 /* Ever heard of the "user" = inside ip4 address before? */
141 if (clib_bihash_search_8_8 (&sm->user_hash, &kv0, &value0))
143 /* no, make a new one */
144 pool_get (sm->per_thread_data[cpu_index].users, u);
145 memset (u, 0, sizeof (*u));
146 u->addr = in2out.addr;
148 pool_get (sm->per_thread_data[cpu_index].list_pool,
149 per_user_list_head_elt);
151 u->sessions_per_user_list_head_index = per_user_list_head_elt -
152 sm->per_thread_data[cpu_index].list_pool;
154 clib_dlist_init (sm->per_thread_data[cpu_index].list_pool,
155 u->sessions_per_user_list_head_index);
157 kv0.value = u - sm->per_thread_data[cpu_index].users;
160 clib_bihash_add_del_8_8 (&sm->user_hash, &kv0, 1 /* is_add */);
162 /* add non-traslated packets worker lookup */
163 kv0.value = cpu_index;
164 clib_bihash_add_del_8_8 (&sm->worker_by_in, &kv0, 1);
168 u = pool_elt_at_index (sm->per_thread_data[cpu_index].users,
172 pool_get (sm->per_thread_data[cpu_index].sessions, s);
173 memset (s, 0, sizeof (*s));
175 s->outside_address_index = ~0;
176 s->flags |= SNAT_SESSION_FLAG_STATIC_MAPPING;
177 u->nstaticsessions++;
179 /* Create list elts */
180 pool_get (sm->per_thread_data[cpu_index].list_pool,
181 per_user_translation_list_elt);
182 clib_dlist_init (sm->per_thread_data[cpu_index].list_pool,
183 per_user_translation_list_elt -
184 sm->per_thread_data[cpu_index].list_pool);
186 per_user_translation_list_elt->value =
187 s - sm->per_thread_data[cpu_index].sessions;
189 per_user_translation_list_elt - sm->per_thread_data[cpu_index].list_pool;
190 s->per_user_list_head_index = u->sessions_per_user_list_head_index;
192 clib_dlist_addtail (sm->per_thread_data[cpu_index].list_pool,
193 s->per_user_list_head_index,
194 per_user_translation_list_elt -
195 sm->per_thread_data[cpu_index].list_pool);
199 s->in2out.protocol = out2in.protocol;
201 /* Add to translation hashes */
202 kv0.key = s->in2out.as_u64;
203 kv0.value = s - sm->per_thread_data[cpu_index].sessions;
204 if (clib_bihash_add_del_8_8 (&sm->in2out, &kv0, 1 /* is_add */))
205 clib_warning ("in2out key add failed");
207 kv0.key = s->out2in.as_u64;
208 kv0.value = s - sm->per_thread_data[cpu_index].sessions;
210 if (clib_bihash_add_del_8_8 (&sm->out2in, &kv0, 1 /* is_add */))
211 clib_warning ("out2in key add failed");
216 static inline u32 icmp_out2in_slow_path (snat_main_t *sm,
219 icmp46_header_t * icmp0,
222 vlib_node_runtime_t * node,
226 snat_session_key_t key0, sm0;
227 icmp_echo_header_t *echo0;
228 clib_bihash_kv_8_8_t kv0, value0;
230 u32 new_addr0, old_addr0;
231 u16 old_id0, new_id0;
233 snat_runtime_t * rt = (snat_runtime_t *)node->runtime_data;
235 echo0 = (icmp_echo_header_t *)(icmp0+1);
237 key0.addr = ip0->dst_address;
238 key0.port = echo0->identifier;
239 key0.protocol = SNAT_PROTOCOL_ICMP;
240 key0.fib_index = rx_fib_index0;
242 kv0.key = key0.as_u64;
244 if (clib_bihash_search_8_8 (&sm->out2in, &kv0, &value0))
246 /* Try to match static mapping by external address and port,
247 destination address and port in packet */
248 if (snat_static_mapping_match(sm, key0, &sm0, 1))
250 ip4_address_t * first_int_addr;
252 if (PREDICT_FALSE(rt->cached_sw_if_index != sw_if_index0))
255 ip4_interface_first_address (sm->ip4_main, sw_if_index0,
256 0 /* just want the address */);
257 rt->cached_sw_if_index = sw_if_index0;
258 rt->cached_ip4_address = first_int_addr->as_u32;
261 /* Don't NAT packet aimed at the intfc address */
262 if (PREDICT_FALSE(ip0->dst_address.as_u32 ==
263 rt->cached_ip4_address))
266 b0->error = node->errors[SNAT_OUT2IN_ERROR_NO_TRANSLATION];
267 return SNAT_OUT2IN_NEXT_DROP;
270 /* Create session initiated by host from external network */
271 s0 = create_session_for_static_mapping(sm, b0, sm0, key0,
274 return SNAT_OUT2IN_NEXT_DROP;
277 s0 = pool_elt_at_index (sm->per_thread_data[cpu_index].sessions,
280 old_addr0 = ip0->dst_address.as_u32;
281 ip0->dst_address = s0->in2out.addr;
282 new_addr0 = ip0->dst_address.as_u32;
283 vnet_buffer(b0)->sw_if_index[VLIB_TX] = s0->in2out.fib_index;
285 sum0 = ip0->checksum;
286 sum0 = ip_csum_update (sum0, old_addr0, new_addr0,
288 dst_address /* changed member */);
289 ip0->checksum = ip_csum_fold (sum0);
291 old_id0 = echo0->identifier;
292 new_id0 = s0->in2out.port;
293 echo0->identifier = new_id0;
295 sum0 = icmp0->checksum;
296 sum0 = ip_csum_update (sum0, old_id0, new_id0, icmp_echo_header_t,
298 icmp0->checksum = ip_csum_fold (sum0);
301 s0->last_heard = now;
303 s0->total_bytes += vlib_buffer_length_in_chain (sm->vlib_main, b0);
304 /* Per-user LRU list maintenance for dynamic translation */
305 if (!snat_is_session_static (s0))
307 clib_dlist_remove (sm->per_thread_data[cpu_index].list_pool,
309 clib_dlist_addtail (sm->per_thread_data[cpu_index].list_pool,
310 s0->per_user_list_head_index,
318 snat_out2in_node_fn (vlib_main_t * vm,
319 vlib_node_runtime_t * node,
320 vlib_frame_t * frame)
322 u32 n_left_from, * from, * to_next;
323 snat_out2in_next_t next_index;
324 u32 pkts_processed = 0;
325 snat_main_t * sm = &snat_main;
326 f64 now = vlib_time_now (vm);
327 u32 cpu_index = os_get_cpu_number ();
329 from = vlib_frame_vector_args (frame);
330 n_left_from = frame->n_vectors;
331 next_index = node->cached_next_index;
333 while (n_left_from > 0)
337 vlib_get_next_frame (vm, node, next_index,
338 to_next, n_left_to_next);
340 while (n_left_from >= 4 && n_left_to_next >= 2)
343 vlib_buffer_t * b0, * b1;
344 u32 next0 = SNAT_OUT2IN_NEXT_LOOKUP;
345 u32 next1 = SNAT_OUT2IN_NEXT_LOOKUP;
346 u32 sw_if_index0, sw_if_index1;
347 ip4_header_t * ip0, *ip1;
348 ip_csum_t sum0, sum1;
349 u32 new_addr0, old_addr0;
350 u16 new_port0, old_port0;
351 u32 new_addr1, old_addr1;
352 u16 new_port1, old_port1;
353 udp_header_t * udp0, * udp1;
354 tcp_header_t * tcp0, * tcp1;
355 icmp46_header_t * icmp0, * icmp1;
356 snat_session_key_t key0, key1, sm0, sm1;
357 u32 rx_fib_index0, rx_fib_index1;
359 snat_session_t * s0 = 0, * s1 = 0;
360 clib_bihash_kv_8_8_t kv0, kv1, value0, value1;
362 /* Prefetch next iteration. */
364 vlib_buffer_t * p2, * p3;
366 p2 = vlib_get_buffer (vm, from[2]);
367 p3 = vlib_get_buffer (vm, from[3]);
369 vlib_prefetch_buffer_header (p2, LOAD);
370 vlib_prefetch_buffer_header (p3, LOAD);
372 CLIB_PREFETCH (p2->data, CLIB_CACHE_LINE_BYTES, STORE);
373 CLIB_PREFETCH (p3->data, CLIB_CACHE_LINE_BYTES, STORE);
376 /* speculatively enqueue b0 and b1 to the current next frame */
377 to_next[0] = bi0 = from[0];
378 to_next[1] = bi1 = from[1];
384 b0 = vlib_get_buffer (vm, bi0);
385 b1 = vlib_get_buffer (vm, bi1);
387 ip0 = vlib_buffer_get_current (b0);
388 udp0 = ip4_next_header (ip0);
389 tcp0 = (tcp_header_t *) udp0;
390 icmp0 = (icmp46_header_t *) udp0;
392 sw_if_index0 = vnet_buffer(b0)->sw_if_index[VLIB_RX];
393 rx_fib_index0 = vec_elt (sm->ip4_main->fib_index_by_sw_if_index,
397 proto0 = (ip0->protocol == IP_PROTOCOL_UDP)
398 ? SNAT_PROTOCOL_UDP : proto0;
399 proto0 = (ip0->protocol == IP_PROTOCOL_TCP)
400 ? SNAT_PROTOCOL_TCP : proto0;
401 proto0 = (ip0->protocol == IP_PROTOCOL_ICMP)
402 ? SNAT_PROTOCOL_ICMP : proto0;
404 if (PREDICT_FALSE (proto0 == ~0))
407 if (PREDICT_FALSE (proto0 == SNAT_PROTOCOL_ICMP))
409 next0 = icmp_out2in_slow_path
410 (sm, b0, ip0, icmp0, sw_if_index0, rx_fib_index0, node,
411 next0, now, cpu_index);
415 key0.addr = ip0->dst_address;
416 key0.port = udp0->dst_port;
417 key0.protocol = proto0;
418 key0.fib_index = rx_fib_index0;
420 kv0.key = key0.as_u64;
422 if (clib_bihash_search_8_8 (&sm->out2in, &kv0, &value0))
424 /* Try to match static mapping by external address and port,
425 destination address and port in packet */
426 if (snat_static_mapping_match(sm, key0, &sm0, 1))
428 b0->error = node->errors[SNAT_OUT2IN_ERROR_NO_TRANSLATION];
432 /* Create session initiated by host from external network */
433 s0 = create_session_for_static_mapping(sm, b0, sm0, key0, node,
439 s0 = pool_elt_at_index (sm->per_thread_data[cpu_index].sessions,
442 old_addr0 = ip0->dst_address.as_u32;
443 ip0->dst_address = s0->in2out.addr;
444 new_addr0 = ip0->dst_address.as_u32;
445 vnet_buffer(b0)->sw_if_index[VLIB_TX] = s0->in2out.fib_index;
447 sum0 = ip0->checksum;
448 sum0 = ip_csum_update (sum0, old_addr0, new_addr0,
450 dst_address /* changed member */);
451 ip0->checksum = ip_csum_fold (sum0);
453 if (PREDICT_TRUE(proto0 == SNAT_PROTOCOL_TCP))
455 old_port0 = tcp0->ports.dst;
456 tcp0->ports.dst = s0->in2out.port;
457 new_port0 = tcp0->ports.dst;
459 sum0 = tcp0->checksum;
460 sum0 = ip_csum_update (sum0, old_addr0, new_addr0,
462 dst_address /* changed member */);
464 sum0 = ip_csum_update (sum0, old_port0, new_port0,
465 ip4_header_t /* cheat */,
466 length /* changed member */);
467 tcp0->checksum = ip_csum_fold(sum0);
471 old_port0 = udp0->dst_port;
472 udp0->dst_port = s0->in2out.port;
477 s0->last_heard = now;
479 s0->total_bytes += vlib_buffer_length_in_chain (vm, b0);
480 /* Per-user LRU list maintenance for dynamic translation */
481 if (!snat_is_session_static (s0))
483 clib_dlist_remove (sm->per_thread_data[cpu_index].list_pool,
485 clib_dlist_addtail (sm->per_thread_data[cpu_index].list_pool,
486 s0->per_user_list_head_index,
491 if (PREDICT_FALSE((node->flags & VLIB_NODE_FLAG_TRACE)
492 && (b0->flags & VLIB_BUFFER_IS_TRACED)))
494 snat_out2in_trace_t *t =
495 vlib_add_trace (vm, node, b0, sizeof (*t));
496 t->sw_if_index = sw_if_index0;
497 t->next_index = next0;
498 t->session_index = ~0;
500 t->session_index = s0 - sm->per_thread_data[cpu_index].sessions;
503 pkts_processed += next0 != SNAT_OUT2IN_NEXT_DROP;
506 ip1 = vlib_buffer_get_current (b1);
507 udp1 = ip4_next_header (ip1);
508 tcp1 = (tcp_header_t *) udp1;
509 icmp1 = (icmp46_header_t *) udp1;
511 sw_if_index1 = vnet_buffer(b1)->sw_if_index[VLIB_RX];
512 rx_fib_index1 = vec_elt (sm->ip4_main->fib_index_by_sw_if_index,
516 proto1 = (ip1->protocol == IP_PROTOCOL_UDP)
517 ? SNAT_PROTOCOL_UDP : proto1;
518 proto1 = (ip1->protocol == IP_PROTOCOL_TCP)
519 ? SNAT_PROTOCOL_TCP : proto1;
520 proto1 = (ip1->protocol == IP_PROTOCOL_ICMP)
521 ? SNAT_PROTOCOL_ICMP : proto1;
523 if (PREDICT_FALSE (proto1 == ~0))
526 if (PREDICT_FALSE (proto1 == SNAT_PROTOCOL_ICMP))
528 next1 = icmp_out2in_slow_path
529 (sm, b1, ip1, icmp1, sw_if_index1, rx_fib_index1, node,
530 next1, now, cpu_index);
534 key1.addr = ip1->dst_address;
535 key1.port = udp1->dst_port;
536 key1.protocol = proto1;
537 key1.fib_index = rx_fib_index1;
539 kv1.key = key1.as_u64;
541 if (clib_bihash_search_8_8 (&sm->out2in, &kv1, &value1))
543 /* Try to match static mapping by external address and port,
544 destination address and port in packet */
545 if (snat_static_mapping_match(sm, key1, &sm1, 1))
547 b1->error = node->errors[SNAT_OUT2IN_ERROR_NO_TRANSLATION];
551 /* Create session initiated by host from external network */
552 s1 = create_session_for_static_mapping(sm, b1, sm1, key1, node,
558 s1 = pool_elt_at_index (sm->per_thread_data[cpu_index].sessions,
561 old_addr1 = ip1->dst_address.as_u32;
562 ip1->dst_address = s1->in2out.addr;
563 new_addr1 = ip1->dst_address.as_u32;
564 vnet_buffer(b1)->sw_if_index[VLIB_TX] = s1->in2out.fib_index;
566 sum1 = ip1->checksum;
567 sum1 = ip_csum_update (sum1, old_addr1, new_addr1,
569 dst_address /* changed member */);
570 ip1->checksum = ip_csum_fold (sum1);
572 if (PREDICT_TRUE(proto1 == SNAT_PROTOCOL_TCP))
574 old_port1 = tcp1->ports.dst;
575 tcp1->ports.dst = s1->in2out.port;
576 new_port1 = tcp1->ports.dst;
578 sum1 = tcp1->checksum;
579 sum1 = ip_csum_update (sum1, old_addr1, new_addr1,
581 dst_address /* changed member */);
583 sum1 = ip_csum_update (sum1, old_port1, new_port1,
584 ip4_header_t /* cheat */,
585 length /* changed member */);
586 tcp1->checksum = ip_csum_fold(sum1);
590 old_port1 = udp1->dst_port;
591 udp1->dst_port = s1->in2out.port;
596 s1->last_heard = now;
598 s1->total_bytes += vlib_buffer_length_in_chain (vm, b1);
599 /* Per-user LRU list maintenance for dynamic translation */
600 if (!snat_is_session_static (s1))
602 clib_dlist_remove (sm->per_thread_data[cpu_index].list_pool,
604 clib_dlist_addtail (sm->per_thread_data[cpu_index].list_pool,
605 s1->per_user_list_head_index,
610 if (PREDICT_FALSE((node->flags & VLIB_NODE_FLAG_TRACE)
611 && (b1->flags & VLIB_BUFFER_IS_TRACED)))
613 snat_out2in_trace_t *t =
614 vlib_add_trace (vm, node, b1, sizeof (*t));
615 t->sw_if_index = sw_if_index1;
616 t->next_index = next1;
617 t->session_index = ~0;
619 t->session_index = s1 - sm->per_thread_data[cpu_index].sessions;
622 pkts_processed += next1 != SNAT_OUT2IN_NEXT_DROP;
624 /* verify speculative enqueues, maybe switch current next frame */
625 vlib_validate_buffer_enqueue_x2 (vm, node, next_index,
626 to_next, n_left_to_next,
627 bi0, bi1, next0, next1);
630 while (n_left_from > 0 && n_left_to_next > 0)
634 u32 next0 = SNAT_OUT2IN_NEXT_LOOKUP;
638 u32 new_addr0, old_addr0;
639 u16 new_port0, old_port0;
642 icmp46_header_t * icmp0;
643 snat_session_key_t key0, sm0;
646 snat_session_t * s0 = 0;
647 clib_bihash_kv_8_8_t kv0, value0;
649 /* speculatively enqueue b0 to the current next frame */
657 b0 = vlib_get_buffer (vm, bi0);
659 ip0 = vlib_buffer_get_current (b0);
660 udp0 = ip4_next_header (ip0);
661 tcp0 = (tcp_header_t *) udp0;
662 icmp0 = (icmp46_header_t *) udp0;
664 sw_if_index0 = vnet_buffer(b0)->sw_if_index[VLIB_RX];
665 rx_fib_index0 = vec_elt (sm->ip4_main->fib_index_by_sw_if_index,
669 proto0 = (ip0->protocol == IP_PROTOCOL_UDP)
670 ? SNAT_PROTOCOL_UDP : proto0;
671 proto0 = (ip0->protocol == IP_PROTOCOL_TCP)
672 ? SNAT_PROTOCOL_TCP : proto0;
673 proto0 = (ip0->protocol == IP_PROTOCOL_ICMP)
674 ? SNAT_PROTOCOL_ICMP : proto0;
676 if (PREDICT_FALSE (proto0 == ~0))
679 if (PREDICT_FALSE (proto0 == SNAT_PROTOCOL_ICMP))
681 next0 = icmp_out2in_slow_path
682 (sm, b0, ip0, icmp0, sw_if_index0, rx_fib_index0, node,
683 next0, now, cpu_index);
687 key0.addr = ip0->dst_address;
688 key0.port = udp0->dst_port;
689 key0.protocol = proto0;
690 key0.fib_index = rx_fib_index0;
692 kv0.key = key0.as_u64;
694 if (clib_bihash_search_8_8 (&sm->out2in, &kv0, &value0))
696 /* Try to match static mapping by external address and port,
697 destination address and port in packet */
698 if (snat_static_mapping_match(sm, key0, &sm0, 1))
700 b0->error = node->errors[SNAT_OUT2IN_ERROR_NO_TRANSLATION];
704 /* Create session initiated by host from external network */
705 s0 = create_session_for_static_mapping(sm, b0, sm0, key0, node,
711 s0 = pool_elt_at_index (sm->per_thread_data[cpu_index].sessions,
714 old_addr0 = ip0->dst_address.as_u32;
715 ip0->dst_address = s0->in2out.addr;
716 new_addr0 = ip0->dst_address.as_u32;
717 vnet_buffer(b0)->sw_if_index[VLIB_TX] = s0->in2out.fib_index;
719 sum0 = ip0->checksum;
720 sum0 = ip_csum_update (sum0, old_addr0, new_addr0,
722 dst_address /* changed member */);
723 ip0->checksum = ip_csum_fold (sum0);
725 if (PREDICT_TRUE(proto0 == SNAT_PROTOCOL_TCP))
727 old_port0 = tcp0->ports.dst;
728 tcp0->ports.dst = s0->in2out.port;
729 new_port0 = tcp0->ports.dst;
731 sum0 = tcp0->checksum;
732 sum0 = ip_csum_update (sum0, old_addr0, new_addr0,
734 dst_address /* changed member */);
736 sum0 = ip_csum_update (sum0, old_port0, new_port0,
737 ip4_header_t /* cheat */,
738 length /* changed member */);
739 tcp0->checksum = ip_csum_fold(sum0);
743 old_port0 = udp0->dst_port;
744 udp0->dst_port = s0->in2out.port;
749 s0->last_heard = now;
751 s0->total_bytes += vlib_buffer_length_in_chain (vm, b0);
752 /* Per-user LRU list maintenance for dynamic translation */
753 if (!snat_is_session_static (s0))
755 clib_dlist_remove (sm->per_thread_data[cpu_index].list_pool,
757 clib_dlist_addtail (sm->per_thread_data[cpu_index].list_pool,
758 s0->per_user_list_head_index,
763 if (PREDICT_FALSE((node->flags & VLIB_NODE_FLAG_TRACE)
764 && (b0->flags & VLIB_BUFFER_IS_TRACED)))
766 snat_out2in_trace_t *t =
767 vlib_add_trace (vm, node, b0, sizeof (*t));
768 t->sw_if_index = sw_if_index0;
769 t->next_index = next0;
770 t->session_index = ~0;
772 t->session_index = s0 - sm->per_thread_data[cpu_index].sessions;
775 pkts_processed += next0 != SNAT_OUT2IN_NEXT_DROP;
777 /* verify speculative enqueue, maybe switch current next frame */
778 vlib_validate_buffer_enqueue_x1 (vm, node, next_index,
779 to_next, n_left_to_next,
783 vlib_put_next_frame (vm, node, next_index, n_left_to_next);
786 vlib_node_increment_counter (vm, snat_out2in_node.index,
787 SNAT_OUT2IN_ERROR_OUT2IN_PACKETS,
789 return frame->n_vectors;
792 VLIB_REGISTER_NODE (snat_out2in_node) = {
793 .function = snat_out2in_node_fn,
794 .name = "snat-out2in",
795 .vector_size = sizeof (u32),
796 .format_trace = format_snat_out2in_trace,
797 .type = VLIB_NODE_TYPE_INTERNAL,
799 .n_errors = ARRAY_LEN(snat_out2in_error_strings),
800 .error_strings = snat_out2in_error_strings,
802 .runtime_data_bytes = sizeof (snat_runtime_t),
804 .n_next_nodes = SNAT_OUT2IN_N_NEXT,
806 /* edit / add dispositions here */
808 [SNAT_OUT2IN_NEXT_DROP] = "error-drop",
809 [SNAT_OUT2IN_NEXT_LOOKUP] = "ip4-lookup",
812 VLIB_NODE_FUNCTION_MULTIARCH (snat_out2in_node, snat_out2in_node_fn);
815 snat_out2in_worker_handoff_fn (vlib_main_t * vm,
816 vlib_node_runtime_t * node,
817 vlib_frame_t * frame)
819 snat_main_t *sm = &snat_main;
820 vlib_thread_main_t *tm = vlib_get_thread_main ();
821 u32 n_left_from, *from, *to_next = 0;
822 static __thread vlib_frame_queue_elt_t **handoff_queue_elt_by_worker_index;
823 static __thread vlib_frame_queue_t **congested_handoff_queue_by_worker_index
825 vlib_frame_queue_elt_t *hf = 0;
828 u32 n_left_to_next_worker = 0, *to_next_worker = 0;
829 u32 next_worker_index = 0;
830 u32 current_worker_index = ~0;
831 u32 cpu_index = os_get_cpu_number ();
833 ASSERT (vec_len (sm->workers));
835 if (PREDICT_FALSE (handoff_queue_elt_by_worker_index == 0))
837 vec_validate (handoff_queue_elt_by_worker_index, tm->n_vlib_mains - 1);
839 vec_validate_init_empty (congested_handoff_queue_by_worker_index,
840 sm->first_worker_index + sm->num_workers - 1,
841 (vlib_frame_queue_t *) (~0));
844 from = vlib_frame_vector_args (frame);
845 n_left_from = frame->n_vectors;
847 while (n_left_from > 0)
855 snat_static_mapping_key_t key0;
856 clib_bihash_kv_8_8_t kv0, value0;
863 b0 = vlib_get_buffer (vm, bi0);
865 sw_if_index0 = vnet_buffer (b0)->sw_if_index[VLIB_RX];
866 rx_fib_index0 = ip4_fib_table_get_index_for_sw_if_index(sw_if_index0);
868 ip0 = vlib_buffer_get_current (b0);
869 udp0 = ip4_next_header (ip0);
871 key0.addr = ip0->dst_address;
872 key0.port = udp0->dst_port;
873 key0.fib_index = rx_fib_index0;
875 kv0.key = key0.as_u64;
877 /* Ever heard of of the "user" before? */
878 if (clib_bihash_search_8_8 (&sm->worker_by_out, &kv0, &value0))
881 kv0.key = key0.as_u64;
883 if (clib_bihash_search_8_8 (&sm->worker_by_out, &kv0, &value0))
885 /* No, assign next available worker (RR) */
886 next_worker_index = sm->first_worker_index +
887 sm->workers[sm->next_worker++ % vec_len (sm->workers)];
891 /* Static mapping without port */
892 next_worker_index = value0.value;
895 /* Add to translated packets worker lookup */
896 kv0.value = next_worker_index;
897 clib_bihash_add_del_8_8 (&sm->worker_by_out, &kv0, 1);
900 next_worker_index = value0.value;
902 if (PREDICT_FALSE (next_worker_index != cpu_index))
906 if (next_worker_index != current_worker_index)
909 hf->n_vectors = VLIB_FRAME_SIZE - n_left_to_next_worker;
911 hf = vlib_get_worker_handoff_queue_elt (sm->fq_out2in_index,
913 handoff_queue_elt_by_worker_index);
915 n_left_to_next_worker = VLIB_FRAME_SIZE - hf->n_vectors;
916 to_next_worker = &hf->buffer_index[hf->n_vectors];
917 current_worker_index = next_worker_index;
920 /* enqueue to correct worker thread */
921 to_next_worker[0] = bi0;
923 n_left_to_next_worker--;
925 if (n_left_to_next_worker == 0)
927 hf->n_vectors = VLIB_FRAME_SIZE;
928 vlib_put_frame_queue_elt (hf);
929 current_worker_index = ~0;
930 handoff_queue_elt_by_worker_index[next_worker_index] = 0;
937 /* if this is 1st frame */
940 f = vlib_get_frame_to_node (vm, snat_out2in_node.index);
941 to_next = vlib_frame_vector_args (f);
949 if (PREDICT_FALSE ((node->flags & VLIB_NODE_FLAG_TRACE)
950 && (b0->flags & VLIB_BUFFER_IS_TRACED)))
952 snat_out2in_worker_handoff_trace_t *t =
953 vlib_add_trace (vm, node, b0, sizeof (*t));
954 t->next_worker_index = next_worker_index;
955 t->do_handoff = do_handoff;
960 vlib_put_frame_to_node (vm, snat_out2in_node.index, f);
963 hf->n_vectors = VLIB_FRAME_SIZE - n_left_to_next_worker;
965 /* Ship frames to the worker nodes */
966 for (i = 0; i < vec_len (handoff_queue_elt_by_worker_index); i++)
968 if (handoff_queue_elt_by_worker_index[i])
970 hf = handoff_queue_elt_by_worker_index[i];
972 * It works better to let the handoff node
973 * rate-adapt, always ship the handoff queue element.
975 if (1 || hf->n_vectors == hf->last_n_vectors)
977 vlib_put_frame_queue_elt (hf);
978 handoff_queue_elt_by_worker_index[i] = 0;
981 hf->last_n_vectors = hf->n_vectors;
983 congested_handoff_queue_by_worker_index[i] =
984 (vlib_frame_queue_t *) (~0);
987 current_worker_index = ~0;
988 return frame->n_vectors;
991 VLIB_REGISTER_NODE (snat_out2in_worker_handoff_node) = {
992 .function = snat_out2in_worker_handoff_fn,
993 .name = "snat-out2in-worker-handoff",
994 .vector_size = sizeof (u32),
995 .format_trace = format_snat_out2in_worker_handoff_trace,
996 .type = VLIB_NODE_TYPE_INTERNAL,
1005 VLIB_NODE_FUNCTION_MULTIARCH (snat_out2in_worker_handoff_node, snat_out2in_worker_handoff_fn);
1007 static inline u32 icmp_out2in_fast (snat_main_t *sm,
1010 icmp46_header_t * icmp0,
1012 vlib_node_runtime_t * node,
1016 snat_session_key_t key0, sm0;
1017 icmp_echo_header_t *echo0;
1018 u32 new_addr0, old_addr0;
1019 u16 old_id0, new_id0;
1021 snat_runtime_t * rt = (snat_runtime_t *)node->runtime_data;
1023 echo0 = (icmp_echo_header_t *)(icmp0+1);
1025 key0.addr = ip0->dst_address;
1026 key0.port = echo0->identifier;
1027 key0.fib_index = rx_fib_index0;
1029 if (snat_static_mapping_match(sm, key0, &sm0, 1))
1031 ip4_address_t * first_int_addr;
1033 if (PREDICT_FALSE(rt->cached_sw_if_index != sw_if_index0))
1036 ip4_interface_first_address (sm->ip4_main, sw_if_index0,
1037 0 /* just want the address */);
1038 rt->cached_sw_if_index = sw_if_index0;
1039 rt->cached_ip4_address = first_int_addr->as_u32;
1042 /* Don't NAT packet aimed at the intfc address */
1043 if (PREDICT_FALSE(ip0->dst_address.as_u32 ==
1044 rt->cached_ip4_address))
1047 b0->error = node->errors[SNAT_OUT2IN_ERROR_NO_TRANSLATION];
1048 return SNAT_OUT2IN_NEXT_DROP;
1051 new_addr0 = sm0.addr.as_u32;
1053 vnet_buffer(b0)->sw_if_index[VLIB_TX] = sm0.fib_index;
1055 old_addr0 = ip0->dst_address.as_u32;
1056 ip0->dst_address.as_u32 = new_addr0;
1058 sum0 = ip0->checksum;
1059 sum0 = ip_csum_update (sum0, old_addr0, new_addr0,
1061 dst_address /* changed member */);
1062 ip0->checksum = ip_csum_fold (sum0);
1064 if (PREDICT_FALSE(new_id0 != echo0->identifier))
1066 old_id0 = echo0->identifier;
1067 echo0->identifier = new_id0;
1069 sum0 = icmp0->checksum;
1070 sum0 = ip_csum_update (sum0, old_id0, new_id0, icmp_echo_header_t,
1072 icmp0->checksum = ip_csum_fold (sum0);
1079 snat_out2in_fast_node_fn (vlib_main_t * vm,
1080 vlib_node_runtime_t * node,
1081 vlib_frame_t * frame)
1083 u32 n_left_from, * from, * to_next;
1084 snat_out2in_next_t next_index;
1085 u32 pkts_processed = 0;
1086 snat_main_t * sm = &snat_main;
1088 from = vlib_frame_vector_args (frame);
1089 n_left_from = frame->n_vectors;
1090 next_index = node->cached_next_index;
1092 while (n_left_from > 0)
1096 vlib_get_next_frame (vm, node, next_index,
1097 to_next, n_left_to_next);
1099 while (n_left_from > 0 && n_left_to_next > 0)
1103 u32 next0 = SNAT_OUT2IN_NEXT_DROP;
1107 u32 new_addr0, old_addr0;
1108 u16 new_port0, old_port0;
1109 udp_header_t * udp0;
1110 tcp_header_t * tcp0;
1111 icmp46_header_t * icmp0;
1112 snat_session_key_t key0, sm0;
1116 /* speculatively enqueue b0 to the current next frame */
1122 n_left_to_next -= 1;
1124 b0 = vlib_get_buffer (vm, bi0);
1126 ip0 = vlib_buffer_get_current (b0);
1127 udp0 = ip4_next_header (ip0);
1128 tcp0 = (tcp_header_t *) udp0;
1129 icmp0 = (icmp46_header_t *) udp0;
1131 sw_if_index0 = vnet_buffer(b0)->sw_if_index[VLIB_RX];
1132 rx_fib_index0 = ip4_fib_table_get_index_for_sw_if_index(sw_if_index0);
1134 vnet_feature_next (sw_if_index0, &next0, b0);
1137 proto0 = (ip0->protocol == IP_PROTOCOL_UDP)
1138 ? SNAT_PROTOCOL_UDP : proto0;
1139 proto0 = (ip0->protocol == IP_PROTOCOL_TCP)
1140 ? SNAT_PROTOCOL_TCP : proto0;
1141 proto0 = (ip0->protocol == IP_PROTOCOL_ICMP)
1142 ? SNAT_PROTOCOL_ICMP : proto0;
1144 if (PREDICT_FALSE (proto0 == ~0))
1147 if (PREDICT_FALSE (proto0 == SNAT_PROTOCOL_ICMP))
1149 next0 = icmp_out2in_fast
1150 (sm, b0, ip0, icmp0, sw_if_index0, node, next0, rx_fib_index0);
1154 key0.addr = ip0->dst_address;
1155 key0.port = udp0->dst_port;
1156 key0.fib_index = rx_fib_index0;
1158 if (snat_static_mapping_match(sm, key0, &sm0, 1))
1160 b0->error = node->errors[SNAT_OUT2IN_ERROR_NO_TRANSLATION];
1164 new_addr0 = sm0.addr.as_u32;
1165 new_port0 = sm0.port;
1166 vnet_buffer(b0)->sw_if_index[VLIB_TX] = sm0.fib_index;
1167 old_addr0 = ip0->dst_address.as_u32;
1168 ip0->dst_address.as_u32 = new_addr0;
1170 sum0 = ip0->checksum;
1171 sum0 = ip_csum_update (sum0, old_addr0, new_addr0,
1173 dst_address /* changed member */);
1174 ip0->checksum = ip_csum_fold (sum0);
1176 if (PREDICT_FALSE(new_port0 != udp0->dst_port))
1178 if (PREDICT_TRUE(proto0 == SNAT_PROTOCOL_TCP))
1180 old_port0 = tcp0->ports.dst;
1181 tcp0->ports.dst = new_port0;
1183 sum0 = tcp0->checksum;
1184 sum0 = ip_csum_update (sum0, old_addr0, new_addr0,
1186 dst_address /* changed member */);
1188 sum0 = ip_csum_update (sum0, old_port0, new_port0,
1189 ip4_header_t /* cheat */,
1190 length /* changed member */);
1191 tcp0->checksum = ip_csum_fold(sum0);
1195 old_port0 = udp0->dst_port;
1196 udp0->dst_port = new_port0;
1202 if (PREDICT_TRUE(proto0 == SNAT_PROTOCOL_TCP))
1204 sum0 = tcp0->checksum;
1205 sum0 = ip_csum_update (sum0, old_addr0, new_addr0,
1207 dst_address /* changed member */);
1209 tcp0->checksum = ip_csum_fold(sum0);
1215 if (PREDICT_FALSE((node->flags & VLIB_NODE_FLAG_TRACE)
1216 && (b0->flags & VLIB_BUFFER_IS_TRACED)))
1218 snat_out2in_trace_t *t =
1219 vlib_add_trace (vm, node, b0, sizeof (*t));
1220 t->sw_if_index = sw_if_index0;
1221 t->next_index = next0;
1224 pkts_processed += next0 != SNAT_OUT2IN_NEXT_DROP;
1226 /* verify speculative enqueue, maybe switch current next frame */
1227 vlib_validate_buffer_enqueue_x1 (vm, node, next_index,
1228 to_next, n_left_to_next,
1232 vlib_put_next_frame (vm, node, next_index, n_left_to_next);
1235 vlib_node_increment_counter (vm, snat_out2in_fast_node.index,
1236 SNAT_OUT2IN_ERROR_OUT2IN_PACKETS,
1238 return frame->n_vectors;
1241 VLIB_REGISTER_NODE (snat_out2in_fast_node) = {
1242 .function = snat_out2in_fast_node_fn,
1243 .name = "snat-out2in-fast",
1244 .vector_size = sizeof (u32),
1245 .format_trace = format_snat_out2in_fast_trace,
1246 .type = VLIB_NODE_TYPE_INTERNAL,
1248 .n_errors = ARRAY_LEN(snat_out2in_error_strings),
1249 .error_strings = snat_out2in_error_strings,
1251 .runtime_data_bytes = sizeof (snat_runtime_t),
1253 .n_next_nodes = SNAT_OUT2IN_N_NEXT,
1255 /* edit / add dispositions here */
1257 [SNAT_OUT2IN_NEXT_LOOKUP] = "ip4-lookup",
1258 [SNAT_OUT2IN_NEXT_DROP] = "error-drop",
1261 VLIB_NODE_FUNCTION_MULTIARCH (snat_out2in_fast_node, snat_out2in_fast_node_fn);
Code Review / vpp.git / blob