+ if (!ip4_is_fragment (ip0) || ip4_is_first_fragment (ip0))
+ {
+ /* process leading fragment/whole packet (with L4 header) */
+ sw_if_index0 = vnet_buffer(b0)->sw_if_index[VLIB_RX];
+ rx_fib_index0 =
+ fib_table_get_index_for_sw_if_index (FIB_PROTOCOL_IP4,
+ sw_if_index0);
+ make_ed_kv (&ed_kv0, &ip0->src_address, &ip0->dst_address,
+ ip0->protocol, rx_fib_index0, udp0->src_port,
+ udp0->dst_port);
+ if (ip4_is_fragment (ip0))
+ {
+ reass0 = nat_ip4_reass_find_or_create (ip0->src_address,
+ ip0->dst_address,
+ ip0->fragment_id,
+ ip0->protocol,
+ 1,
+ &fragments_to_drop);
+ if (PREDICT_FALSE (!reass0))
+ {
+ next0 = NAT44_CLASSIFY_NEXT_DROP;
+ b0->error = node->errors[NAT44_CLASSIFY_ERROR_MAX_REASS];
+ nat_log_notice ("maximum reassemblies exceeded");
+ goto enqueue0;
+ }
+ if (!clib_bihash_search_16_8 (&tsm->in2out_ed, &ed_kv0,
+ &ed_value0))
+ {
+ /* session exists so classify as IN2OUT,
+ * save this information for future fragments and set
+ * past fragments to be looped over and reprocessed */
+ reass0->sess_index = ed_value0.value;
+ reass0->classify_next = NAT_REASS_IP4_CLASSIFY_NEXT_IN2OUT;
+ nat_ip4_reass_get_frags (reass0,
+ &fragments_to_loopback);
+ goto enqueue0;
+ }
+ else
+ {
+ /* session doesn't exist so continue in the code,
+ * save this information for future fragments and set
+ * past fragments to be looped over and reprocessed */
+ reass0->flags |= NAT_REASS_FLAG_CLASSIFY_ED_CONTINUE;
+ nat_ip4_reass_get_frags (reass0,
+ &fragments_to_loopback);
+ }
+ }
+ else
+ {
+ /* process whole packet */
+ if (!clib_bihash_search_16_8 (&tsm->in2out_ed, &ed_kv0,
+ &ed_value0))
+ goto enqueue0;
+ /* session doesn't exist so continue in code */
+ }
+ }
+ else
+ {
+ /* process non-first fragment */
+ reass0 = nat_ip4_reass_find_or_create (ip0->src_address,
+ ip0->dst_address,
+ ip0->fragment_id,
+ ip0->protocol,
+ 1,
+ &fragments_to_drop);
+ if (PREDICT_FALSE (!reass0))
+ {
+ next0 = NAT44_CLASSIFY_NEXT_DROP;
+ b0->error = node->errors[NAT44_CLASSIFY_ERROR_MAX_REASS];
+ nat_log_notice ("maximum reassemblies exceeded");
+ goto enqueue0;
+ }
+ /* check if first fragment has arrived */
+ if (reass0->classify_next == NAT_REASS_IP4_CLASSIFY_NONE &&
+ !(reass0->flags & NAT_REASS_FLAG_CLASSIFY_ED_CONTINUE))
+ {
+ /* first fragment still hasn't arrived, cache this fragment */
+ if (nat_ip4_reass_add_fragment (reass0, bi0,
+ &fragments_to_drop))
+ {
+ b0->error = node->errors[NAT44_CLASSIFY_ERROR_MAX_FRAG];
+ nat_log_notice ("maximum fragments per reassembly exceeded");
+ next0 = NAT44_CLASSIFY_NEXT_DROP;
+ goto enqueue0;
+ }
+ cached0 = 1;
+ goto enqueue0;
+ }
+ if (reass0->classify_next == NAT_REASS_IP4_CLASSIFY_NEXT_IN2OUT)
+ goto enqueue0;
+ /* flag NAT_REASS_FLAG_CLASSIFY_ED_CONTINUE is set
+ * so keep the default next0 and continue in code to
+ * potentially find other classification for this packet */
+ }