Code Review
/
vpp.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
review
|
tree
raw
|
inline
| side by side
NAT44: improve expired sessions reuse (VPP-1503)
[vpp.git]
/
src
/
plugins
/
nat
/
in2out_ed.c
diff --git
a/src/plugins/nat/in2out_ed.c
b/src/plugins/nat/in2out_ed.c
index
f3999f0
..
c42d4e7
100644
(file)
--- a/
src/plugins/nat/in2out_ed.c
+++ b/
src/plugins/nat/in2out_ed.c
@@
-255,7
+255,8
@@
slow_path_ed (snat_main_t * sm,
u32 rx_fib_index,
clib_bihash_kv_16_8_t * kv,
snat_session_t ** sessionp,
u32 rx_fib_index,
clib_bihash_kv_16_8_t * kv,
snat_session_t ** sessionp,
- vlib_node_runtime_t * node, u32 next, u32 thread_index, f64 now)
+ vlib_node_runtime_t * node, u32 next, u32 thread_index, f64 now,
+ tcp_header_t * tcp)
{
snat_session_t *s = 0;
snat_user_t *u;
{
snat_session_t *s = 0;
snat_user_t *u;
@@
-315,6
+316,15
@@
slow_path_ed (snat_main_t * sm,
is_sm = 1;
}
is_sm = 1;
}
+ if (proto == SNAT_PROTOCOL_TCP)
+ {
+ if (!tcp_is_init (tcp))
+ {
+ b->error = node->errors[NAT_IN2OUT_ED_ERROR_NON_SYN];
+ return NAT_IN2OUT_ED_NEXT_DROP;
+ }
+ }
+
u = nat_user_get_or_create (sm, &key->l_addr, rx_fib_index, thread_index);
if (!u)
{
u = nat_user_get_or_create (sm, &key->l_addr, rx_fib_index, thread_index);
if (!u)
{
@@
-626,7
+636,7
@@
icmp_match_in2out_ed (snat_main_t * sm, vlib_node_runtime_t * node,
}
next = slow_path_ed (sm, b, rx_fib_index, &kv, &s, node, next,
}
next = slow_path_ed (sm, b, rx_fib_index, &kv, &s, node, next,
- thread_index, vlib_time_now (sm->vlib_main));
+ thread_index, vlib_time_now (sm->vlib_main)
, 0
);
if (PREDICT_FALSE (next == NAT_IN2OUT_ED_NEXT_DROP))
goto out;
if (PREDICT_FALSE (next == NAT_IN2OUT_ED_NEXT_DROP))
goto out;
@@
-1034,16
+1044,9
@@
nat44_ed_in2out_node_fn_inline (vlib_main_t * vm,
goto trace00;
}
goto trace00;
}
- if ((proto0 == SNAT_PROTOCOL_TCP) && !tcp_is_init (tcp0))
- {
- b0->error = node->errors[NAT_IN2OUT_ED_ERROR_NON_SYN];
- next0 = NAT_IN2OUT_ED_NEXT_DROP;
- goto trace00;
- }
-
next0 =
slow_path_ed (sm, b0, rx_fib_index0, &kv0, &s0, node,
next0 =
slow_path_ed (sm, b0, rx_fib_index0, &kv0, &s0, node,
- next0, thread_index, now);
+ next0, thread_index, now
, tcp0
);
if (PREDICT_FALSE (next0 == NAT_IN2OUT_ED_NEXT_DROP))
goto trace00;
if (PREDICT_FALSE (next0 == NAT_IN2OUT_ED_NEXT_DROP))
goto trace00;
@@
-1245,16
+1248,9
@@
nat44_ed_in2out_node_fn_inline (vlib_main_t * vm,
goto trace01;
}
goto trace01;
}
- if ((proto1 == SNAT_PROTOCOL_TCP) && !tcp_is_init (tcp1))
- {
- b1->error = node->errors[NAT_IN2OUT_ED_ERROR_NON_SYN];
- next1 = NAT_IN2OUT_ED_NEXT_DROP;
- goto trace01;
- }
-
next1 =
slow_path_ed (sm, b1, rx_fib_index1, &kv1, &s1, node,
next1 =
slow_path_ed (sm, b1, rx_fib_index1, &kv1, &s1, node,
- next1, thread_index, now);
+ next1, thread_index, now
, tcp1
);
if (PREDICT_FALSE (next1 == NAT_IN2OUT_ED_NEXT_DROP))
goto trace01;
if (PREDICT_FALSE (next1 == NAT_IN2OUT_ED_NEXT_DROP))
goto trace01;
@@
-1485,16
+1481,9
@@
nat44_ed_in2out_node_fn_inline (vlib_main_t * vm,
goto trace0;
}
goto trace0;
}
- if ((proto0 == SNAT_PROTOCOL_TCP) && !tcp_is_init (tcp0))
- {
- b0->error = node->errors[NAT_IN2OUT_ED_ERROR_NON_SYN];
- next0 = NAT_IN2OUT_ED_NEXT_DROP;
- goto trace0;
- }
-
next0 =
slow_path_ed (sm, b0, rx_fib_index0, &kv0, &s0, node,
next0 =
slow_path_ed (sm, b0, rx_fib_index0, &kv0, &s0, node,
- next0, thread_index, now);
+ next0, thread_index, now
, tcp0
);
if (PREDICT_FALSE (next0 == NAT_IN2OUT_ED_NEXT_DROP))
goto trace0;
if (PREDICT_FALSE (next0 == NAT_IN2OUT_ED_NEXT_DROP))
goto trace0;
@@
-1892,15
+1881,9
@@
nat44_ed_in2out_reass_node_fn_inline (vlib_main_t * vm,
}
}
}
}
- if ((proto0 == SNAT_PROTOCOL_TCP) && !tcp_is_init (tcp0))
- {
- b0->error = node->errors[NAT_IN2OUT_ED_ERROR_NON_SYN];
- next0 = NAT_IN2OUT_ED_NEXT_DROP;
- goto trace0;
- }
-
next0 = slow_path_ed (sm, b0, rx_fib_index0, &kv0,
next0 = slow_path_ed (sm, b0, rx_fib_index0, &kv0,
- &s0, node, next0, thread_index, now);
+ &s0, node, next0, thread_index, now,
+ tcp0);
if (PREDICT_FALSE (next0 == NAT_IN2OUT_ED_NEXT_DROP))
goto trace0;
if (PREDICT_FALSE (next0 == NAT_IN2OUT_ED_NEXT_DROP))
goto trace0;