#include <nat/nat64.h>
#include <nat/nat64_db.h>
-#include <nat/nat_reass.h>
#include <nat/nat_inlines.h>
#include <vnet/fib/ip4_fib.h>
#include <vppinfra/crc32.h>
+#include <vnet/ip/reass/ip4_sv_reass.h>
+#include <vnet/ip/reass/ip6_sv_reass.h>
nat64_main_t nat64_main;
.arc_name = "ip6-unicast",
.node_name = "nat64-in2out",
.runs_before = VNET_FEATURES ("ip6-lookup"),
+ .runs_after = VNET_FEATURES ("ip6-sv-reassembly-feature"),
};
VNET_FEATURE_INIT (nat64_out2in, static) = {
.arc_name = "ip4-unicast",
.node_name = "nat64-out2in",
.runs_before = VNET_FEATURES ("ip4-lookup"),
+ .runs_after = VNET_FEATURES ("ip4-sv-reassembly-feature"),
};
VNET_FEATURE_INIT (nat64_in2out_handoff, static) = {
.arc_name = "ip6-unicast",
.node_name = "nat64-in2out-handoff",
.runs_before = VNET_FEATURES ("ip6-lookup"),
+ .runs_after = VNET_FEATURES ("ip6-sv-reassembly-feature"),
};
VNET_FEATURE_INIT (nat64_out2in_handoff, static) = {
.arc_name = "ip4-unicast",
.node_name = "nat64-out2in-handoff",
.runs_before = VNET_FEATURES ("ip4-lookup"),
+ .runs_after = VNET_FEATURES ("ip4-sv-reassembly-feature"),
};
}
u32
-nat64_get_worker_out2in (ip4_header_t * ip)
+nat64_get_worker_out2in (vlib_buffer_t * b, ip4_header_t * ip)
{
nat64_main_t *nm = &nat64_main;
snat_main_t *sm = nm->sm;
udp = ip4_next_header (ip);
port = udp->dst_port;
- /* fragments */
- if (PREDICT_FALSE (ip4_is_fragment (ip)))
- {
- if (PREDICT_FALSE (nat_reass_is_drop_frag (0)))
- return vlib_get_thread_index ();
-
- nat_reass_ip4_t *reass;
- reass = nat_ip4_reass_find (ip->src_address, ip->dst_address,
- ip->fragment_id, ip->protocol);
-
- if (reass && (reass->thread_index != (u32) ~ 0))
- return reass->thread_index;
-
- if (ip4_is_first_fragment (ip))
- {
- reass =
- nat_ip4_reass_create (ip->src_address, ip->dst_address,
- ip->fragment_id, ip->protocol);
- if (!reass)
- goto no_reass;
-
- port = clib_net_to_host_u16 (port);
- if (port > 1024)
- reass->thread_index =
- nm->sm->first_worker_index +
- ((port - 1024) / sm->port_per_thread);
- else
- reass->thread_index = vlib_get_thread_index ();
- return reass->thread_index;
- }
- else
- return vlib_get_thread_index ();
- }
-
-no_reass:
/* unknown protocol */
if (PREDICT_FALSE (proto == ~0))
{
{
icmp46_header_t *icmp = (icmp46_header_t *) udp;
icmp_echo_header_t *echo = (icmp_echo_header_t *) (icmp + 1);
- if (!icmp_is_error_message (icmp))
- port = echo->identifier;
+ if (!icmp_type_is_error_message
+ (vnet_buffer (b)->ip.reass.icmp_type_or_tcp_flags))
+ port = vnet_buffer (b)->ip.reass.l4_src_port;
else
{
+ /* if error message, then it's not fragmented and we can access it */
ip4_header_t *inner_ip = (ip4_header_t *) (echo + 1);
proto = ip_proto_to_snat_proto (inner_ip->protocol);
void *l4_header = ip4_next_header (inner_ip);
node = vlib_get_node_by_name (vm, (u8 *) "nat64-in2out-slowpath");
nm->in2out_slowpath_node_index = node->index;
- node = vlib_get_node_by_name (vm, (u8 *) "nat64-in2out-reass");
- nm->in2out_reass_node_index = node->index;
-
node = vlib_get_node_by_name (vm, (u8 *) "nat64-out2in");
nm->out2in_node_index = node->index;
- node = vlib_get_node_by_name (vm, (u8 *) "nat64-out2in-reass");
- nm->out2in_reass_node_index = node->index;
-
/* set session timeouts to default values */
nm->udp_timeout = SNAT_UDP_TIMEOUT;
nm->icmp_timeout = SNAT_ICMP_TIMEOUT;
u8 protocol);
void
-nat64_set_hash (u32 bib_buckets, u32 bib_memory_size, u32 st_buckets,
- u32 st_memory_size)
+nat64_set_hash (u32 bib_buckets, uword bib_memory_size, u32 st_buckets,
+ uword st_memory_size)
{
nat64_main_t *nm = &nat64_main;
nat64_db_t *db;
fib_table_find_or_create_and_lock (FIB_PROTOCOL_IP6, vrf_id,
nat_fib_src_hi);
#define _(N, id, n, s) \
- clib_bitmap_alloc (a->busy_##n##_port_bitmap, 65535); \
+ clib_memset (a->busy_##n##_port_refcounts, 0, sizeof(a->busy_##n##_port_refcounts)); \
a->busy_##n##_ports = 0; \
vec_validate_init_empty (a->busy_##n##_ports_per_thread, tm->n_vlib_mains - 1, 0);
foreach_snat_protocol
vlib_set_simple_counter (&nm->total_sessions, db - nm->db, 0,
db->st.st_entries_num);
}
-#define _(N, id, n, s) \
- clib_bitmap_free (a->busy_##n##_port_bitmap);
- foreach_snat_protocol
-#undef _
/* *INDENT-ON* */
vec_del1 (nm->addr_pool, i);
}
arc_name = is_inside ? "ip6-unicast" : "ip4-unicast";
+ if (is_inside)
+ {
+ int rv = ip6_sv_reass_enable_disable_with_refcnt (sw_if_index, is_add);
+ if (rv)
+ return rv;
+ }
+ else
+ {
+ int rv = ip4_sv_reass_enable_disable_with_refcnt (sw_if_index, is_add);
+ if (rv)
+ return rv;
+ }
+
return vnet_feature_enable_disable (arc_name, feature_name, sw_if_index,
is_add, 0, 0);
}
{
#define _(N, j, n, s) \
case SNAT_PROTOCOL_##N: \
- ASSERT (clib_bitmap_get_no_check (a->busy_##n##_port_bitmap, \
- port_host_byte_order) == 1); \
- clib_bitmap_set_no_check (a->busy_##n##_port_bitmap, port_host_byte_order, 0); \
+ ASSERT (a->busy_##n##_port_refcounts[port_host_byte_order] >= 1); \
+ --a->busy_##n##_port_refcounts[port_host_byte_order]; \
a->busy_##n##_ports--; \
a->busy_##n##_ports_per_thread[thread_index]--; \
break;
{
#define _(N, j, n, s) \
case SNAT_PROTOCOL_##N: \
- if (clib_bitmap_get_no_check (a->busy_##n##_port_bitmap, \
- out_port)) \
+ if (a->busy_##n##_port_refcounts[out_port]) \
return VNET_API_ERROR_INVALID_VALUE; \
- clib_bitmap_set_no_check (a->busy_##n##_port_bitmap, \
- out_port, 1); \
+ ++a->busy_##n##_port_refcounts[out_port]; \
if (out_port > 1024) \
{ \
a->busy_##n##_ports++; \
Code Review / vpp.git / blobdiff