X-Git-Url: https://gerrit.fd.io/r/gitweb?p=vpp.git;a=blobdiff_plain;f=src%2Fplugins%2Fnat%2Fnat64_db.c;h=8c004f1468606f1ab6d76aa9c913152636c3ead6;hp=008a137da10847d3a080e43bc6aaaa5b2345b9fe;hb=61717cc38;hpb=efcd1e9e1d7dda4e4ea3db5750925cd8f6894f4d diff --git a/src/plugins/nat/nat64_db.c b/src/plugins/nat/nat64_db.c index 008a137da10..8c004f14686 100644 --- a/src/plugins/nat/nat64_db.c +++ b/src/plugins/nat/nat64_db.c @@ -17,15 +17,16 @@ * @brief NAT64 DB */ #include +#include +#include +#include +#include int -nat64_db_init (nat64_db_t * db) +nat64_db_init (nat64_db_t * db, u32 bib_buckets, uword bib_memory_size, + u32 st_buckets, uword st_memory_size, + nat64_db_free_addr_port_function_t free_addr_port_cb) { - u32 bib_buckets = 1024; - u32 bib_memory_size = 128 << 20; - u32 st_buckets = 2048; - u32 st_memory_size = 256 << 20; - clib_bihash_init_24_8 (&db->bib.in2out, "bib-in2out", bib_buckets, bib_memory_size); @@ -38,11 +39,19 @@ nat64_db_init (nat64_db_t * db) clib_bihash_init_48_8 (&db->st.out2in, "st-out2in", st_buckets, st_memory_size); + db->free_addr_port_cb = free_addr_port_cb; + db->bib.limit = 10 * bib_buckets; + db->bib.bib_entries_num = 0; + db->st.limit = 10 * st_buckets; + db->st.st_entries_num = 0; + db->addr_free = 0; + return 0; } nat64_db_bib_entry_t * -nat64_db_bib_entry_create (nat64_db_t * db, ip6_address_t * in_addr, +nat64_db_bib_entry_create (u32 thread_index, nat64_db_t * db, + ip6_address_t * in_addr, ip4_address_t * out_addr, u16 in_port, u16 out_port, u32 fib_index, u8 proto, u8 is_static) @@ -50,6 +59,14 @@ nat64_db_bib_entry_create (nat64_db_t * db, ip6_address_t * in_addr, nat64_db_bib_entry_t *bibe; nat64_db_bib_entry_key_t bibe_key; clib_bihash_kv_24_8_t kv; + fib_table_t *fib; + + if (db->bib.bib_entries_num >= db->bib.limit) + { + db->free_addr_port_cb (db, out_addr, out_port, proto); + nat_ipfix_logging_max_bibs (thread_index, db->bib.limit); + return 0; + } /* create pool entry */ switch (ip_proto_to_snat_proto (proto)) @@ -68,7 +85,10 @@ nat64_db_bib_entry_create (nat64_db_t * db, ip6_address_t * in_addr, kv.value = bibe - db->bib._unk_proto_bib; break; } - memset (bibe, 0, sizeof (*bibe)); + + db->bib.bib_entries_num++; + + clib_memset (bibe, 0, sizeof (*bibe)); bibe->in_addr.as_u64[0] = in_addr->as_u64[0]; bibe->in_addr.as_u64[1] = in_addr->as_u64[1]; bibe->in_port = in_port; @@ -90,7 +110,7 @@ nat64_db_bib_entry_create (nat64_db_t * db, ip6_address_t * in_addr, kv.key[2] = bibe_key.as_u64[2]; clib_bihash_add_del_24_8 (&db->bib.in2out, &kv, 1); - memset (&bibe_key.addr, 0, sizeof (bibe_key.addr)); + clib_memset (&bibe_key.addr, 0, sizeof (bibe_key.addr)); bibe_key.addr.ip4.as_u32 = bibe->out_addr.as_u32; bibe_key.fib_index = 0; bibe_key.port = bibe->out_port; @@ -99,17 +119,22 @@ nat64_db_bib_entry_create (nat64_db_t * db, ip6_address_t * in_addr, kv.key[2] = bibe_key.as_u64[2]; clib_bihash_add_del_24_8 (&db->bib.out2in, &kv, 1); + fib = fib_table_get (bibe->fib_index, FIB_PROTOCOL_IP6); + nat_ipfix_logging_nat64_bib (thread_index, in_addr, out_addr, proto, + in_port, out_port, fib->ft_table_id, 1); return bibe; } void -nat64_db_bib_entry_free (nat64_db_t * db, nat64_db_bib_entry_t * bibe) +nat64_db_bib_entry_free (u32 thread_index, nat64_db_t * db, + nat64_db_bib_entry_t * bibe) { nat64_db_bib_entry_key_t bibe_key; clib_bihash_kv_24_8_t kv; nat64_db_bib_entry_t *bib; u32 *ste_to_be_free = 0, *ste_index, bibe_index; nat64_db_st_entry_t *st, *ste; + fib_table_t *fib; switch (ip_proto_to_snat_proto (bibe->proto)) { @@ -128,6 +153,8 @@ nat64_db_bib_entry_free (nat64_db_t * db, nat64_db_bib_entry_t * bibe) break; } + db->bib.bib_entries_num--; + bibe_index = bibe - bib; /* delete ST entries for static BIB entry */ @@ -139,7 +166,8 @@ nat64_db_bib_entry_free (nat64_db_t * db, nat64_db_bib_entry_t * bibe) vec_add1 (ste_to_be_free, ste - st);} )); vec_foreach (ste_index, ste_to_be_free) - nat64_db_st_entry_free (db, pool_elt_at_index (st, ste_index[0])); + nat64_db_st_entry_free (thread_index, db, + pool_elt_at_index (st, ste_index[0])); vec_free (ste_to_be_free); } @@ -155,7 +183,7 @@ nat64_db_bib_entry_free (nat64_db_t * db, nat64_db_bib_entry_t * bibe) kv.key[2] = bibe_key.as_u64[2]; clib_bihash_add_del_24_8 (&db->bib.in2out, &kv, 0); - memset (&bibe_key.addr, 0, sizeof (bibe_key.addr)); + clib_memset (&bibe_key.addr, 0, sizeof (bibe_key.addr)); bibe_key.addr.ip4.as_u32 = bibe->out_addr.as_u32; bibe_key.fib_index = 0; bibe_key.port = bibe->out_port; @@ -164,6 +192,14 @@ nat64_db_bib_entry_free (nat64_db_t * db, nat64_db_bib_entry_t * bibe) kv.key[2] = bibe_key.as_u64[2]; clib_bihash_add_del_24_8 (&db->bib.out2in, &kv, 0); + if (!db->addr_free) + db->free_addr_port_cb (db, &bibe->out_addr, bibe->out_port, bibe->proto); + + fib = fib_table_get (bibe->fib_index, FIB_PROTOCOL_IP6); + nat_ipfix_logging_nat64_bib (thread_index, &bibe->in_addr, &bibe->out_addr, + bibe->proto, bibe->in_port, bibe->out_port, + fib->ft_table_id, 0); + /* delete from pool */ pool_put (bib, bibe); @@ -337,7 +373,8 @@ nat64_db_st_walk (nat64_db_t * db, u8 proto, } nat64_db_st_entry_t * -nat64_db_st_entry_create (nat64_db_t * db, nat64_db_bib_entry_t * bibe, +nat64_db_st_entry_create (u32 thread_index, nat64_db_t * db, + nat64_db_bib_entry_t * bibe, ip6_address_t * in_r_addr, ip4_address_t * out_r_addr, u16 r_port) { @@ -345,6 +382,13 @@ nat64_db_st_entry_create (nat64_db_t * db, nat64_db_bib_entry_t * bibe, nat64_db_bib_entry_t *bib; nat64_db_st_entry_key_t ste_key; clib_bihash_kv_48_8_t kv; + fib_table_t *fib; + + if (db->st.st_entries_num >= db->st.limit) + { + nat_ipfix_logging_max_sessions (thread_index, db->st.limit); + return 0; + } /* create pool entry */ switch (ip_proto_to_snat_proto (bibe->proto)) @@ -365,7 +409,10 @@ nat64_db_st_entry_create (nat64_db_t * db, nat64_db_bib_entry_t * bibe, bib = db->bib._unk_proto_bib; break; } - memset (ste, 0, sizeof (*ste)); + + db->st.st_entries_num++; + + clib_memset (ste, 0, sizeof (*ste)); ste->in_r_addr.as_u64[0] = in_r_addr->as_u64[0]; ste->in_r_addr.as_u64[1] = in_r_addr->as_u64[1]; ste->out_r_addr.as_u32 = out_r_addr->as_u32; @@ -377,7 +424,7 @@ nat64_db_st_entry_create (nat64_db_t * db, nat64_db_bib_entry_t * bibe, bibe->ses_num++; /* create hash lookup */ - memset (&ste_key, 0, sizeof (ste_key)); + clib_memset (&ste_key, 0, sizeof (ste_key)); ste_key.l_addr.as_u64[0] = bibe->in_addr.as_u64[0]; ste_key.l_addr.as_u64[1] = bibe->in_addr.as_u64[1]; ste_key.r_addr.as_u64[0] = ste->in_r_addr.as_u64[0]; @@ -394,7 +441,7 @@ nat64_db_st_entry_create (nat64_db_t * db, nat64_db_bib_entry_t * bibe, kv.key[5] = ste_key.as_u64[5]; clib_bihash_add_del_48_8 (&db->st.in2out, &kv, 1); - memset (&ste_key, 0, sizeof (ste_key)); + clib_memset (&ste_key, 0, sizeof (ste_key)); ste_key.l_addr.ip4.as_u32 = bibe->out_addr.as_u32; ste_key.r_addr.ip4.as_u32 = ste->out_r_addr.as_u32; ste_key.l_port = bibe->out_port; @@ -408,16 +455,28 @@ nat64_db_st_entry_create (nat64_db_t * db, nat64_db_bib_entry_t * bibe, kv.key[5] = ste_key.as_u64[5]; clib_bihash_add_del_48_8 (&db->st.out2in, &kv, 1); + fib = fib_table_get (bibe->fib_index, FIB_PROTOCOL_IP6); + nat_ipfix_logging_nat64_session (thread_index, &bibe->in_addr, + &bibe->out_addr, bibe->proto, + bibe->in_port, bibe->out_port, + &ste->in_r_addr, &ste->out_r_addr, + ste->r_port, ste->r_port, fib->ft_table_id, + 1); + nat_syslog_nat64_sadd (bibe->fib_index, &bibe->in_addr, bibe->in_port, + &bibe->out_addr, bibe->out_port, &ste->out_r_addr, + ste->r_port, bibe->proto); return ste; } void -nat64_db_st_entry_free (nat64_db_t * db, nat64_db_st_entry_t * ste) +nat64_db_st_entry_free (u32 thread_index, + nat64_db_t * db, nat64_db_st_entry_t * ste) { nat64_db_st_entry_t *st; nat64_db_bib_entry_t *bib, *bibe; nat64_db_st_entry_key_t ste_key; clib_bihash_kv_48_8_t kv; + fib_table_t *fib; switch (ip_proto_to_snat_proto (ste->proto)) { @@ -438,8 +497,10 @@ nat64_db_st_entry_free (nat64_db_t * db, nat64_db_st_entry_t * ste) bibe = pool_elt_at_index (bib, ste->bibe_index); + db->st.st_entries_num--; + /* delete hash lookup */ - memset (&ste_key, 0, sizeof (ste_key)); + clib_memset (&ste_key, 0, sizeof (ste_key)); ste_key.l_addr.as_u64[0] = bibe->in_addr.as_u64[0]; ste_key.l_addr.as_u64[1] = bibe->in_addr.as_u64[1]; ste_key.r_addr.as_u64[0] = ste->in_r_addr.as_u64[0]; @@ -456,7 +517,7 @@ nat64_db_st_entry_free (nat64_db_t * db, nat64_db_st_entry_t * ste) kv.key[5] = ste_key.as_u64[5]; clib_bihash_add_del_48_8 (&db->st.in2out, &kv, 0); - memset (&ste_key, 0, sizeof (ste_key)); + clib_memset (&ste_key, 0, sizeof (ste_key)); ste_key.l_addr.ip4.as_u32 = bibe->out_addr.as_u32; ste_key.r_addr.ip4.as_u32 = ste->out_r_addr.as_u32; ste_key.l_port = bibe->out_port; @@ -470,6 +531,17 @@ nat64_db_st_entry_free (nat64_db_t * db, nat64_db_st_entry_t * ste) kv.key[5] = ste_key.as_u64[5]; clib_bihash_add_del_48_8 (&db->st.out2in, &kv, 0); + fib = fib_table_get (bibe->fib_index, FIB_PROTOCOL_IP6); + nat_ipfix_logging_nat64_session (thread_index, &bibe->in_addr, + &bibe->out_addr, bibe->proto, + bibe->in_port, bibe->out_port, + &ste->in_r_addr, &ste->out_r_addr, + ste->r_port, ste->r_port, fib->ft_table_id, + 0); + nat_syslog_nat64_sdel (bibe->fib_index, &bibe->in_addr, bibe->in_port, + &bibe->out_addr, bibe->out_port, &ste->out_r_addr, + ste->r_port, bibe->proto); + /* delete from pool */ pool_put (st, ste); @@ -478,7 +550,7 @@ nat64_db_st_entry_free (nat64_db_t * db, nat64_db_st_entry_t * ste) /* delete BIB entry if last session and dynamic */ if (!bibe->is_static && !bibe->ses_num) - nat64_db_bib_entry_free (db, bibe); + nat64_db_bib_entry_free (thread_index, db, bibe); } nat64_db_st_entry_t * @@ -506,7 +578,7 @@ nat64_db_st_entry_find (nat64_db_t * db, ip46_address_t * l_addr, break; } - memset (&ste_key, 0, sizeof (ste_key)); + clib_memset (&ste_key, 0, sizeof (ste_key)); ste_key.l_addr.as_u64[0] = l_addr->as_u64[0]; ste_key.l_addr.as_u64[1] = l_addr->as_u64[1]; ste_key.r_addr.as_u64[0] = r_addr->as_u64[0]; @@ -576,7 +648,7 @@ nat64_db_st_entry_by_index (nat64_db_t * db, u8 proto, u32 ste_index) } void -nad64_db_st_free_expired (nat64_db_t * db, u32 now) +nad64_db_st_free_expired (u32 thread_index, nat64_db_t * db, u32 now) { u32 *ste_to_be_free = 0, *ste_index; nat64_db_st_entry_t *st, *ste; @@ -591,7 +663,8 @@ nad64_db_st_free_expired (nat64_db_t * db, u32 now) vec_add1 (ste_to_be_free, ste - st); \ })); \ vec_foreach (ste_index, ste_to_be_free) \ - nat64_db_st_entry_free (db, pool_elt_at_index(st, ste_index[0])); \ + nat64_db_st_entry_free (thread_index, db, \ + pool_elt_at_index(st, ste_index[0])); \ vec_free (ste_to_be_free); \ ste_to_be_free = 0; foreach_snat_protocol @@ -602,18 +675,21 @@ nad64_db_st_free_expired (nat64_db_t * db, u32 now) vec_add1 (ste_to_be_free, ste - st); })); vec_foreach (ste_index, ste_to_be_free) - nat64_db_st_entry_free (db, pool_elt_at_index(st, ste_index[0])); + nat64_db_st_entry_free (thread_index, db, + pool_elt_at_index(st, ste_index[0])); vec_free (ste_to_be_free); /* *INDENT-ON* */ } void -nat64_db_free_out_addr (nat64_db_t * db, ip4_address_t * out_addr) +nat64_db_free_out_addr (u32 thread_index, + nat64_db_t * db, ip4_address_t * out_addr) { u32 *ste_to_be_free = 0, *ste_index; nat64_db_st_entry_t *st, *ste; nat64_db_bib_entry_t *bibe; + db->addr_free = 1; /* *INDENT-OFF* */ #define _(N, i, n, s) \ st = db->st._##n##_st; \ @@ -623,7 +699,8 @@ nat64_db_free_out_addr (nat64_db_t * db, ip4_address_t * out_addr) vec_add1 (ste_to_be_free, ste - st); \ })); \ vec_foreach (ste_index, ste_to_be_free) \ - nat64_db_st_entry_free (db, pool_elt_at_index(st, ste_index[0])); \ + nat64_db_st_entry_free (thread_index, db, \ + pool_elt_at_index(st, ste_index[0])); \ vec_free (ste_to_be_free); \ ste_to_be_free = 0; foreach_snat_protocol @@ -635,8 +712,10 @@ nat64_db_free_out_addr (nat64_db_t * db, ip4_address_t * out_addr) vec_add1 (ste_to_be_free, ste - st); })); vec_foreach (ste_index, ste_to_be_free) - nat64_db_st_entry_free (db, pool_elt_at_index(st, ste_index[0])); + nat64_db_st_entry_free (thread_index, db, + pool_elt_at_index(st, ste_index[0])); vec_free (ste_to_be_free); + db->addr_free = 0; /* *INDENT-ON* */ }