s->flags |= SNAT_SESSION_FLAG_STATIC_MAPPING;
s->ext_host_addr.as_u32 = ip0->src_address.as_u32;
s->ext_host_port = udp0->src_port;
- u->nstaticsessions++;
+ user_session_increment (sm, u, 1 /* static */);
s->in2out = in2out;
s->out2in = out2in;
s->in2out.protocol = out2in.protocol;
}
static void
-create_bypass_for_fwd(snat_main_t * sm, ip4_header_t * ip)
+create_bypass_for_fwd(snat_main_t * sm, ip4_header_t * ip, u32 rx_fib_index,
+ u32 thread_index)
{
nat_ed_ses_key_t key;
- clib_bihash_kv_16_8_t kv;
+ clib_bihash_kv_16_8_t kv, value;
udp_header_t *udp;
+ snat_user_t *u;
+ snat_session_t *s = 0;
+ snat_main_per_thread_data_t *tsm = &sm->per_thread_data[thread_index];
if (ip->protocol == IP_PROTOCOL_ICMP)
{
key.fib_index = 0;
kv.key[0] = key.as_u64[0];
kv.key[1] = key.as_u64[1];
- kv.value = ~0ULL;
- if (clib_bihash_add_del_16_8 (&sm->in2out_ed, &kv, 1))
- clib_warning ("in2out_ed key add failed");
+ if (!clib_bihash_search_16_8 (&sm->in2out_ed, &kv, &value))
+ {
+ s = pool_elt_at_index (tsm->sessions, value.value);
+ }
+ else
+ {
+ if (PREDICT_FALSE (maximum_sessions_exceeded(sm, thread_index)))
+ return;
+
+ u = nat_user_get_or_create (sm, &ip->dst_address, sm->inside_fib_index, thread_index);
+ if (!u)
+ {
+ clib_warning ("create NAT user failed");
+ return;
+ }
+
+ s = nat_session_alloc_or_recycle (sm, u, thread_index);
+ if (!s)
+ {
+ clib_warning ("create NAT session failed");
+ return;
+ }
+
+ s->ext_host_addr = key.r_addr;
+ s->ext_host_port = key.r_port;
+ s->flags |= SNAT_SESSION_FLAG_FWD_BYPASS;
+ s->outside_address_index = ~0;
+ s->out2in.addr = key.l_addr;
+ s->out2in.port = key.l_port;
+ s->out2in.protocol = ip_proto_to_snat_proto (key.proto);
+ s->out2in.fib_index = 0;
+ s->in2out = s->out2in;
+ user_session_increment (sm, u, 0);
+
+ kv.value = s - tsm->sessions;
+ if (clib_bihash_add_del_16_8 (&sm->in2out_ed, &kv, 1))
+ clib_warning ("in2out_ed key add failed");
+ }
+
+ if (ip->protocol == IP_PROTOCOL_TCP)
+ {
+ tcp_header_t *tcp = ip4_next_header(ip);
+ nat44_set_tcp_session_state (sm, s, tcp, thread_index);
+ }
+ /* Per-user LRU list maintenance */
+ clib_dlist_remove (tsm->list_pool, s->per_user_index);
+ clib_dlist_addtail (tsm->list_pool, s->per_user_list_head_index,
+ s->per_user_index);
}
/**
{
/* Try to match static mapping by external address and port,
destination address and port in packet */
- if (snat_static_mapping_match(sm, key0, &sm0, 1, &is_addr_only, 0))
+ if (snat_static_mapping_match(sm, key0, &sm0, 1, &is_addr_only, 0, 0))
{
if (!sm->forwarding_enabled)
{
next0 = SNAT_OUT2IN_NEXT_IN2OUT;
goto out;
}
- create_bypass_for_fwd(sm, ip0);
+ create_bypass_for_fwd(sm, ip0, rx_fib_index0, thread_index);
goto out;
}
}
}
key0.fib_index = rx_fib_index0;
- if (snat_static_mapping_match(sm, key0, &sm0, 1, &is_addr_only, 0))
+ if (snat_static_mapping_match(sm, key0, &sm0, 1, &is_addr_only, 0, 0))
{
/* Don't NAT packet aimed at the intfc address */
if (is_interface_addr(sm, node, sw_if_index0, ip0->dst_address.as_u32))
s->ext_host_addr.as_u32 = ip->src_address.as_u32;
s->flags |= SNAT_SESSION_FLAG_UNKNOWN_PROTO;
s->flags |= SNAT_SESSION_FLAG_STATIC_MAPPING;
+ s->flags |= SNAT_SESSION_FLAG_ENDPOINT_DEPENDENT;
s->outside_address_index = ~0;
s->out2in.addr.as_u32 = old_addr;
s->out2in.fib_index = rx_fib_index;
s->in2out.addr.as_u32 = new_addr;
s->in2out.fib_index = m->fib_index;
s->in2out.port = s->out2in.port = ip->protocol;
- u->nstaticsessions++;
+ user_session_increment (sm, u, 1 /* static */);
/* Add to lookup tables */
s_kv.value = s - tsm->sessions;
snat_user_t *u;
u32 address_index;
snat_session_key_t eh_key;
- u8 twice_nat;
+ twice_nat_type_t twice_nat;
+ u8 lb;
old_addr = ip->dst_address.as_u32;
e_key.port = udp->dst_port;
e_key.protocol = proto;
e_key.fib_index = rx_fib_index;
- if (snat_static_mapping_match(sm, e_key, &l_key, 1, 0, &twice_nat))
+ if (snat_static_mapping_match(sm, e_key, &l_key, 1, 0, &twice_nat, &lb))
return 0;
u = nat_user_get_or_create (sm, &l_key.addr, l_key.fib_index,
s->ext_host_addr.as_u32 = ip->src_address.as_u32;
s->ext_host_port = udp->src_port;
s->flags |= SNAT_SESSION_FLAG_STATIC_MAPPING;
- s->flags |= SNAT_SESSION_FLAG_LOAD_BALANCING;
+ if (lb)
+ s->flags |= SNAT_SESSION_FLAG_LOAD_BALANCING;
+ s->flags |= SNAT_SESSION_FLAG_ENDPOINT_DEPENDENT;
s->outside_address_index = ~0;
s->out2in = e_key;
s->in2out = l_key;
- u->nstaticsessions++;
+ user_session_increment (sm, u, 1 /* static */);
/* Add to lookup tables */
s_kv.value = s - tsm->sessions;
if (clib_bihash_add_del_16_8 (&sm->out2in_ed, &s_kv, 1))
clib_warning ("out2in-ed key add failed");
- if (twice_nat)
+ if (twice_nat == TWICE_NAT ||
+ (twice_nat == TWICE_NAT_SELF &&
+ ip->src_address.as_u32 == l_key.addr.as_u32))
{
eh_key.protocol = proto;
if (snat_alloc_outside_address_and_port (sm->twice_nat_addresses, 0,
ip->src_address.as_u32 = s->ext_host_nat_addr.as_u32;
}
tcp->checksum = ip_csum_fold(sum);
+ nat44_set_tcp_session_state (sm, s, tcp, thread_index);
}
else
{
{
/* Try to match static mapping by external address and port,
destination address and port in packet */
- if (snat_static_mapping_match(sm, key0, &sm0, 1, 0, 0))
+ if (snat_static_mapping_match(sm, key0, &sm0, 1, 0, 0, 0))
{
+ /*
+ * Send DHCP packets to the ipv4 stack, or we won't
+ * be able to use dhcp client on the outside interface
+ */
+ if (PREDICT_FALSE (proto0 == SNAT_PROTOCOL_UDP
+ && (udp0->dst_port ==
+ clib_host_to_net_u16(UDP_DST_PORT_dhcp_to_client))))
+ {
+ vnet_feature_next
+ (vnet_buffer (b0)->sw_if_index[VLIB_RX], &next0, b0);
+ goto trace0;
+ }
+
if (!sm->forwarding_enabled)
{
b0->error = node->errors[SNAT_OUT2IN_ERROR_NO_TRANSLATION];
- /*
- * Send DHCP packets to the ipv4 stack, or we won't
- * be able to use dhcp client on the outside interface
- */
- if (PREDICT_TRUE (proto0 != SNAT_PROTOCOL_UDP
- || (udp0->dst_port
- != clib_host_to_net_u16(UDP_DST_PORT_dhcp_to_client))))
- next0 = SNAT_OUT2IN_NEXT_DROP;
- else
- vnet_feature_next
- (vnet_buffer (b0)->sw_if_index[VLIB_RX],
- &next0, b0);
+ next0 = SNAT_OUT2IN_NEXT_DROP;
goto trace0;
}
else
next0 = SNAT_OUT2IN_NEXT_IN2OUT;
goto trace0;
}
- create_bypass_for_fwd(sm, ip0);
+ create_bypass_for_fwd(sm, ip0, rx_fib_index0, thread_index);
goto trace0;
}
}
ip4_header_t /* cheat */,
length /* changed member */);
tcp0->checksum = ip_csum_fold(sum0);
+ nat44_set_tcp_session_state (sm, s0, tcp0, thread_index);
}
else
{
{
/* Try to match static mapping by external address and port,
destination address and port in packet */
- if (snat_static_mapping_match(sm, key1, &sm1, 1, 0, 0))
+ if (snat_static_mapping_match(sm, key1, &sm1, 1, 0, 0, 0))
{
+ /*
+ * Send DHCP packets to the ipv4 stack, or we won't
+ * be able to use dhcp client on the outside interface
+ */
+ if (PREDICT_FALSE (proto1 == SNAT_PROTOCOL_UDP
+ && (udp1->dst_port ==
+ clib_host_to_net_u16(UDP_DST_PORT_dhcp_to_client))))
+ {
+ vnet_feature_next
+ (vnet_buffer (b1)->sw_if_index[VLIB_RX], &next1, b1);
+ goto trace1;
+ }
+
if (!sm->forwarding_enabled)
{
b1->error = node->errors[SNAT_OUT2IN_ERROR_NO_TRANSLATION];
- /*
- * Send DHCP packets to the ipv4 stack, or we won't
- * be able to use dhcp client on the outside interface
- */
- if (PREDICT_TRUE (proto1 != SNAT_PROTOCOL_UDP
- || (udp1->dst_port
- != clib_host_to_net_u16(UDP_DST_PORT_dhcp_to_client))))
- next1 = SNAT_OUT2IN_NEXT_DROP;
- else
- vnet_feature_next
- (vnet_buffer (b1)->sw_if_index[VLIB_RX],
- &next1, b1);
+ next1 = SNAT_OUT2IN_NEXT_DROP;
goto trace1;
}
else
next1 = SNAT_OUT2IN_NEXT_IN2OUT;
goto trace1;
}
- create_bypass_for_fwd(sm, ip1);
+ create_bypass_for_fwd(sm, ip1, rx_fib_index1, thread_index);
goto trace1;
}
}
ip4_header_t /* cheat */,
length /* changed member */);
tcp1->checksum = ip_csum_fold(sum1);
+ nat44_set_tcp_session_state (sm, s1, tcp1, thread_index);
}
else
{
{
/* Try to match static mapping by external address and port,
destination address and port in packet */
- if (snat_static_mapping_match(sm, key0, &sm0, 1, 0, 0))
+ if (snat_static_mapping_match(sm, key0, &sm0, 1, 0, 0, 0))
{
+ /*
+ * Send DHCP packets to the ipv4 stack, or we won't
+ * be able to use dhcp client on the outside interface
+ */
+ if (PREDICT_FALSE (proto0 == SNAT_PROTOCOL_UDP
+ && (udp0->dst_port ==
+ clib_host_to_net_u16(UDP_DST_PORT_dhcp_to_client))))
+ {
+ vnet_feature_next
+ (vnet_buffer (b0)->sw_if_index[VLIB_RX], &next0, b0);
+ goto trace00;
+ }
+
if (!sm->forwarding_enabled)
{
b0->error = node->errors[SNAT_OUT2IN_ERROR_NO_TRANSLATION];
- /*
- * Send DHCP packets to the ipv4 stack, or we won't
- * be able to use dhcp client on the outside interface
- */
- if (PREDICT_TRUE (proto0 != SNAT_PROTOCOL_UDP
- || (udp0->dst_port
- != clib_host_to_net_u16(UDP_DST_PORT_dhcp_to_client))))
- next0 = SNAT_OUT2IN_NEXT_DROP;
- else
- vnet_feature_next
- (vnet_buffer (b0)->sw_if_index[VLIB_RX],
- &next0, b0);
+ next0 = SNAT_OUT2IN_NEXT_DROP;
goto trace00;
}
else
next0 = SNAT_OUT2IN_NEXT_IN2OUT;
goto trace00;
}
- create_bypass_for_fwd(sm, ip0);
+ create_bypass_for_fwd(sm, ip0, rx_fib_index0, thread_index);
goto trace00;
}
}
ip4_header_t /* cheat */,
length /* changed member */);
tcp0->checksum = ip_csum_fold(sum0);
+ nat44_set_tcp_session_state (sm, s0, tcp0, thread_index);
}
else
{
{
/* Try to match static mapping by external address and port,
destination address and port in packet */
- if (snat_static_mapping_match(sm, key0, &sm0, 1, 0, 0))
+ if (snat_static_mapping_match(sm, key0, &sm0, 1, 0, 0, 0))
{
+ /*
+ * Send DHCP packets to the ipv4 stack, or we won't
+ * be able to use dhcp client on the outside interface
+ */
+ if (PREDICT_FALSE (proto0 == SNAT_PROTOCOL_UDP
+ && (udp0->dst_port
+ == clib_host_to_net_u16(UDP_DST_PORT_dhcp_to_client))))
+ {
+ vnet_feature_next
+ (vnet_buffer (b0)->sw_if_index[VLIB_RX],
+ &next0, b0);
+ goto trace0;
+ }
+
if (!sm->forwarding_enabled)
{
b0->error = node->errors[SNAT_OUT2IN_ERROR_NO_TRANSLATION];
- /*
- * Send DHCP packets to the ipv4 stack, or we won't
- * be able to use dhcp client on the outside interface
- */
- if (PREDICT_TRUE (proto0 != SNAT_PROTOCOL_UDP
- || (udp0->dst_port
- != clib_host_to_net_u16(UDP_DST_PORT_dhcp_to_client))))
- next0 = SNAT_OUT2IN_NEXT_DROP;
- else
- vnet_feature_next
- (vnet_buffer (b0)->sw_if_index[VLIB_RX],
- &next0, b0);
+ next0 = SNAT_OUT2IN_NEXT_DROP;
goto trace0;
}
else
next0 = SNAT_OUT2IN_NEXT_IN2OUT;
goto trace0;
}
- create_bypass_for_fwd(sm, ip0);
+ create_bypass_for_fwd(sm, ip0, rx_fib_index0, thread_index);
goto trace0;
}
}
ip4_header_t /* cheat */,
length /* changed member */);
tcp0->checksum = ip_csum_fold(sum0);
+ nat44_set_tcp_session_state (sm, s0, tcp0, thread_index);
}
else
{
key0.port = udp0->dst_port;
key0.fib_index = rx_fib_index0;
- if (snat_static_mapping_match(sm, key0, &sm0, 1, 0, 0))
+ if (snat_static_mapping_match(sm, key0, &sm0, 1, 0, 0, 0))
{
b0->error = node->errors[SNAT_OUT2IN_ERROR_NO_TRANSLATION];
goto trace00;
Code Review / vpp.git / blobdiff