X-Git-Url: https://gerrit.fd.io/r/gitweb?p=vpp.git;a=blobdiff_plain;f=src%2Fplugins%2Fnat%2Fnat64.c;h=3aff99ddf859eb882e7da6449e7136554dd93a26;hp=126cb3cdf79266d657ae34969ce1fe2f0ad33bc6;hb=61717cc38;hpb=684586786e98bc779e269c0d879a2a4d3f1f4bce diff --git a/src/plugins/nat/nat64.c b/src/plugins/nat/nat64.c index 126cb3cdf79..3aff99ddf85 100644 --- a/src/plugins/nat/nat64.c +++ b/src/plugins/nat/nat64.c @@ -19,10 +19,11 @@ #include #include -#include #include #include #include +#include +#include nat64_main_t nat64_main; @@ -34,21 +35,25 @@ VNET_FEATURE_INIT (nat64_in2out, static) = { .arc_name = "ip6-unicast", .node_name = "nat64-in2out", .runs_before = VNET_FEATURES ("ip6-lookup"), + .runs_after = VNET_FEATURES ("ip6-sv-reassembly-feature"), }; VNET_FEATURE_INIT (nat64_out2in, static) = { .arc_name = "ip4-unicast", .node_name = "nat64-out2in", .runs_before = VNET_FEATURES ("ip4-lookup"), + .runs_after = VNET_FEATURES ("ip4-sv-reassembly-feature"), }; VNET_FEATURE_INIT (nat64_in2out_handoff, static) = { .arc_name = "ip6-unicast", .node_name = "nat64-in2out-handoff", .runs_before = VNET_FEATURES ("ip6-lookup"), + .runs_after = VNET_FEATURES ("ip6-sv-reassembly-feature"), }; VNET_FEATURE_INIT (nat64_out2in_handoff, static) = { .arc_name = "ip4-unicast", .node_name = "nat64-out2in-handoff", .runs_before = VNET_FEATURES ("ip4-lookup"), + .runs_after = VNET_FEATURES ("ip4-sv-reassembly-feature"), }; @@ -120,7 +125,7 @@ nat64_get_worker_in2out (ip6_address_t * addr) } u32 -nat64_get_worker_out2in (ip4_header_t * ip) +nat64_get_worker_out2in (vlib_buffer_t * b, ip4_header_t * ip) { nat64_main_t *nm = &nat64_main; snat_main_t *sm = nm->sm; @@ -132,41 +137,6 @@ nat64_get_worker_out2in (ip4_header_t * ip) udp = ip4_next_header (ip); port = udp->dst_port; - /* fragments */ - if (PREDICT_FALSE (ip4_is_fragment (ip))) - { - if (PREDICT_FALSE (nat_reass_is_drop_frag (0))) - return vlib_get_thread_index (); - - nat_reass_ip4_t *reass; - reass = nat_ip4_reass_find (ip->src_address, ip->dst_address, - ip->fragment_id, ip->protocol); - - if (reass && (reass->thread_index != (u32) ~ 0)) - return reass->thread_index; - - if (ip4_is_first_fragment (ip)) - { - reass = - nat_ip4_reass_create (ip->src_address, ip->dst_address, - ip->fragment_id, ip->protocol); - if (!reass) - goto no_reass; - - port = clib_net_to_host_u16 (port); - if (port > 1024) - reass->thread_index = - nm->sm->first_worker_index + - ((port - 1024) / sm->port_per_thread); - else - reass->thread_index = vlib_get_thread_index (); - return reass->thread_index; - } - else - return vlib_get_thread_index (); - } - -no_reass: /* unknown protocol */ if (PREDICT_FALSE (proto == ~0)) { @@ -193,10 +163,12 @@ no_reass: { icmp46_header_t *icmp = (icmp46_header_t *) udp; icmp_echo_header_t *echo = (icmp_echo_header_t *) (icmp + 1); - if (!icmp_is_error_message (icmp)) - port = echo->identifier; + if (!icmp_type_is_error_message + (vnet_buffer (b)->ip.reass.icmp_type_or_tcp_flags)) + port = vnet_buffer (b)->ip.reass.l4_src_port; else { + /* if error message, then it's not fragmented and we can access it */ ip4_header_t *inner_ip = (ip4_header_t *) (echo + 1); proto = ip_proto_to_snat_proto (inner_ip->protocol); void *l4_header = ip4_next_header (inner_ip); @@ -232,16 +204,25 @@ nat64_init (vlib_main_t * vm) vlib_thread_main_t *tm = vlib_get_thread_main (); ip4_add_del_interface_address_callback_t cb4; ip4_main_t *im = &ip4_main; - vlib_node_t *error_drop_node = - vlib_get_node_by_name (vm, (u8 *) "error-drop"); + nm->sm = &snat_main; + vlib_node_t *node; vec_validate (nm->db, tm->n_vlib_mains - 1); - nm->sm = &snat_main; - nm->fq_in2out_index = ~0; nm->fq_out2in_index = ~0; - nm->error_node_index = error_drop_node->index; + + node = vlib_get_node_by_name (vm, (u8 *) "error-drop"); + nm->error_node_index = node->index; + + node = vlib_get_node_by_name (vm, (u8 *) "nat64-in2out"); + nm->in2out_node_index = node->index; + + node = vlib_get_node_by_name (vm, (u8 *) "nat64-in2out-slowpath"); + nm->in2out_slowpath_node_index = node->index; + + node = vlib_get_node_by_name (vm, (u8 *) "nat64-out2in"); + nm->out2in_node_index = node->index; /* set session timeouts to default values */ nm->udp_timeout = SNAT_UDP_TIMEOUT; @@ -275,8 +256,8 @@ static void nat64_free_out_addr_and_port (struct nat64_db_s *db, u8 protocol); void -nat64_set_hash (u32 bib_buckets, u32 bib_memory_size, u32 st_buckets, - u32 st_memory_size) +nat64_set_hash (u32 bib_buckets, uword bib_memory_size, u32 st_buckets, + uword st_memory_size) { nat64_main_t *nm = &nat64_main; nat64_db_t *db; @@ -291,7 +272,7 @@ nat64_set_hash (u32 bib_buckets, u32 bib_memory_size, u32 st_buckets, { if (nat64_db_init (db, bib_buckets, bib_memory_size, st_buckets, st_memory_size, nat64_free_out_addr_and_port)) - nat_log_err ("NAT64 DB init failed"); + nat_elog_err ("NAT64 DB init failed"); } /* *INDENT-ON* */ } @@ -328,9 +309,9 @@ nat64_add_del_pool_addr (u32 thread_index, if (vrf_id != ~0) a->fib_index = fib_table_find_or_create_and_lock (FIB_PROTOCOL_IP6, vrf_id, - FIB_SOURCE_PLUGIN_HI); + nat_fib_src_hi); #define _(N, id, n, s) \ - clib_bitmap_alloc (a->busy_##n##_port_bitmap, 65535); \ + clib_memset (a->busy_##n##_port_refcounts, 0, sizeof(a->busy_##n##_port_refcounts)); \ a->busy_##n##_ports = 0; \ vec_validate_init_empty (a->busy_##n##_ports_per_thread, tm->n_vlib_mains - 1, 0); foreach_snat_protocol @@ -342,8 +323,7 @@ nat64_add_del_pool_addr (u32 thread_index, return VNET_API_ERROR_NO_SUCH_ENTRY; if (a->fib_index != ~0) - fib_table_unlock (a->fib_index, FIB_PROTOCOL_IP6, - FIB_SOURCE_PLUGIN_HI); + fib_table_unlock (a->fib_index, FIB_PROTOCOL_IP6, nat_fib_src_hi); /* Delete sessions using address */ /* *INDENT-OFF* */ vec_foreach (db, nm->db) @@ -354,10 +334,6 @@ nat64_add_del_pool_addr (u32 thread_index, vlib_set_simple_counter (&nm->total_sessions, db - nm->db, 0, db->st.st_entries_num); } -#define _(N, id, n, s) \ - clib_bitmap_free (a->busy_##n##_port_bitmap); - foreach_snat_protocol -#undef _ /* *INDENT-ON* */ vec_del1 (nm->addr_pool, i); } @@ -514,6 +490,19 @@ nat64_add_del_interface (u32 sw_if_index, u8 is_inside, u8 is_add) arc_name = is_inside ? "ip6-unicast" : "ip4-unicast"; + if (is_inside) + { + int rv = ip6_sv_reass_enable_disable_with_refcnt (sw_if_index, is_add); + if (rv) + return rv; + } + else + { + int rv = ip4_sv_reass_enable_disable_with_refcnt (sw_if_index, is_add); + if (rv) + return rv; + } + return vnet_feature_enable_disable (arc_name, feature_name, sw_if_index, is_add, 0, 0); } @@ -582,16 +571,15 @@ nat64_free_out_addr_and_port (struct nat64_db_s *db, ip4_address_t * addr, { #define _(N, j, n, s) \ case SNAT_PROTOCOL_##N: \ - ASSERT (clib_bitmap_get_no_check (a->busy_##n##_port_bitmap, \ - port_host_byte_order) == 1); \ - clib_bitmap_set_no_check (a->busy_##n##_port_bitmap, port, 0); \ + ASSERT (a->busy_##n##_port_refcounts[port_host_byte_order] >= 1); \ + --a->busy_##n##_port_refcounts[port_host_byte_order]; \ a->busy_##n##_ports--; \ a->busy_##n##_ports_per_thread[thread_index]--; \ break; foreach_snat_protocol #undef _ default: - nat_log_notice ("unknown protocol"); + nat_elog_notice ("unknown protocol"); return; } break; @@ -673,7 +661,7 @@ nat64_add_del_static_bib_entry (ip6_address_t * in_addr, nat64_main_t *nm = &nat64_main; nat64_db_bib_entry_t *bibe; u32 fib_index = fib_table_find_or_create_and_lock (FIB_PROTOCOL_IP6, vrf_id, - FIB_SOURCE_PLUGIN_HI); + nat_fib_src_hi); snat_protocol_t p = ip_proto_to_snat_proto (proto); ip46_address_t addr; int i; @@ -719,11 +707,9 @@ nat64_add_del_static_bib_entry (ip6_address_t * in_addr, { #define _(N, j, n, s) \ case SNAT_PROTOCOL_##N: \ - if (clib_bitmap_get_no_check (a->busy_##n##_port_bitmap, \ - out_port)) \ + if (a->busy_##n##_port_refcounts[out_port]) \ return VNET_API_ERROR_INVALID_VALUE; \ - clib_bitmap_set_no_check (a->busy_##n##_port_bitmap, \ - out_port, 1); \ + ++a->busy_##n##_port_refcounts[out_port]; \ if (out_port > 1024) \ { \ a->busy_##n##_ports++; \ @@ -1012,7 +998,7 @@ nat64_add_del_prefix (ip6_address_t * prefix, u8 plen, u32 vrf_id, u8 is_add) vec_add2 (nm->pref64, p, 1); p->fib_index = fib_table_find_or_create_and_lock (FIB_PROTOCOL_IP6, vrf_id, - FIB_SOURCE_PLUGIN_HI); + nat_fib_src_hi); p->vrf_id = vrf_id; } @@ -1105,7 +1091,7 @@ nat64_compose_ip6 (ip6_address_t * ip6, ip4_address_t * ip4, u32 fib_index) ip6->as_u32[3] = ip4->as_u32; break; default: - nat_log_notice ("invalid prefix length"); + nat_elog_notice ("invalid prefix length"); break; } } @@ -1178,7 +1164,7 @@ nat64_extract_ip4 (ip6_address_t * ip6, ip4_address_t * ip4, u32 fib_index) ip4->as_u32 = ip6->as_u32[3]; break; default: - nat_log_notice ("invalid prefix length"); + nat_elog_notice ("invalid prefix length"); break; } } @@ -1263,7 +1249,7 @@ nat64_expire_walk_fn (vlib_main_t * vm, vlib_node_runtime_t * rt, case NAT64_CLEANER_RESCHEDULE: break; default: - nat_log_notice ("unknown event %u", event_type); + nat_elog_notice_X1 ("unknown event %d", "i4", event_type); break; }