nat: Fix next feature for ED with multiple workers

Multiple (> 1) workers leads to handoff node being enabled.
This node pops next feature index to nat.arc_next to make sure
that packet will be pushed to the next feature in the arc.

But node nat44-ed-in2out-output also pops next feature and changes
arc_next. So actual next feature will be skipped in that case.

It leads to all nat44-ed-in2out packets being dropped if we have
multiple workers (handoff node enabled).

To resolve this a new node was added (nat-pre-in2out-output) to fill
arc_next in single worker case and multiple worker case is already
handled by handoff node.

Type: fix
Signed-off-by: Vladimir Isaev <visaev@netgate.com>
Change-Id: I9dfba68f00164d2d5ab867224871811bef4411ed

diff --git a/src/plugins/nat/in2out_ed.c b/src/plugins/nat/in2out_ed.c
index 448e967..d43caef 100644 (file)
--- a/src/plugins/nat/in2out_ed.c
+++ b/src/plugins/nat/in2out_ed.c
@@ -964,7 +964,6 @@ nat44_ed_in2out_fast_path_node_fn_inline (vlib_main_t * vm,
 
       if (is_output_feature)
        {
-         vnet_feature_next (&vnet_buffer2 (b0)->nat.arc_next, b0);
          iph_offset0 = vnet_buffer (b0)->ip.reass.save_rewrite_length;
        }
 
@@ -1586,6 +1585,13 @@ VLIB_NODE_FN (nat_pre_in2out_node)
                                 NAT_NEXT_IN2OUT_ED_FAST_PATH);
 }
 
+VLIB_NODE_FN (nat_pre_in2out_output_node)
+  (vlib_main_t * vm, vlib_node_runtime_t * node, vlib_frame_t * frame)
+{
+  return nat_pre_node_fn_inline (vm, node, frame,
+                                NAT_NEXT_IN2OUT_ED_OUTPUT_FAST_PATH);
+}
+
 /* *INDENT-OFF* */
 VLIB_REGISTER_NODE (nat_pre_in2out_node) = {
   .name = "nat-pre-in2out",
@@ -1595,6 +1601,15 @@ VLIB_REGISTER_NODE (nat_pre_in2out_node) = {
   .type = VLIB_NODE_TYPE_INTERNAL,
   .n_errors = 0,
 };
+
+VLIB_REGISTER_NODE (nat_pre_in2out_output_node) = {
+  .name = "nat-pre-in2out-output",
+  .vector_size = sizeof (u32),
+  .sibling_of = "nat-default",
+  .format_trace = format_nat_pre_trace,
+  .type = VLIB_NODE_TYPE_INTERNAL,
+  .n_errors = 0,
+};
 /* *INDENT-ON* */
 
 /*

diff --git a/src/plugins/nat/nat.c b/src/plugins/nat/nat.c
index 61a36ec..15c767c 100644 (file)
--- a/src/plugins/nat/nat.c
+++ b/src/plugins/nat/nat.c
@@ -142,6 +142,12 @@ VNET_FEATURE_INIT (ip4_snat_hairpin_src, static) = {
   .node_name = "nat44-hairpin-src",
   .runs_after = VNET_FEATURES ("acl-plugin-out-ip4-fa","ip4-sv-reassembly-output-feature"),
 };
+VNET_FEATURE_INIT (nat_pre_in2out_output, static) = {
+  .arc_name = "ip4-output",
+  .node_name = "nat-pre-in2out-output",
+  .runs_after = VNET_FEATURES ("ip4-sv-reassembly-output-feature"),
+  .runs_before = VNET_FEATURES ("acl-plugin-out-ip4-fa"),
+};
 VNET_FEATURE_INIT (ip4_nat44_ed_in2out_output, static) = {
   .arc_name = "ip4-output",
   .node_name = "nat44-ed-in2out-output",
@@ -2249,7 +2255,7 @@ feature_set:
            return rv;
          vnet_feature_enable_disable ("ip4-unicast", "nat-pre-out2in",
                                       sw_if_index, !is_del, 0, 0);
-         vnet_feature_enable_disable ("ip4-output", "nat44-ed-in2out-output",
+         vnet_feature_enable_disable ("ip4-output", "nat-pre-in2out-output",
                                       sw_if_index, !is_del, 0, 0);
        }
       else
@@ -4662,6 +4668,7 @@ VLIB_REGISTER_NODE (nat_default_node) = {
     [NAT_NEXT_ICMP_ERROR] = "ip4-icmp-error",
     [NAT_NEXT_IN2OUT_ED_FAST_PATH] = "nat44-ed-in2out",
     [NAT_NEXT_IN2OUT_ED_SLOW_PATH] = "nat44-ed-in2out-slowpath",
+    [NAT_NEXT_IN2OUT_ED_OUTPUT_FAST_PATH] = "nat44-ed-in2out-output",
     [NAT_NEXT_IN2OUT_ED_OUTPUT_SLOW_PATH] = "nat44-ed-in2out-output-slowpath",
     [NAT_NEXT_OUT2IN_ED_FAST_PATH] = "nat44-ed-out2in",
     [NAT_NEXT_OUT2IN_ED_SLOW_PATH] = "nat44-ed-out2in-slowpath",

diff --git a/src/plugins/nat/nat.h b/src/plugins/nat/nat.h
index ab69922..fc5d320 100644 (file)
--- a/src/plugins/nat/nat.h
+++ b/src/plugins/nat/nat.h
@@ -54,6 +54,7 @@ typedef enum
   NAT_NEXT_ICMP_ERROR,
   NAT_NEXT_IN2OUT_ED_FAST_PATH,
   NAT_NEXT_IN2OUT_ED_SLOW_PATH,
+  NAT_NEXT_IN2OUT_ED_OUTPUT_FAST_PATH,
   NAT_NEXT_IN2OUT_ED_OUTPUT_SLOW_PATH,
   NAT_NEXT_OUT2IN_ED_FAST_PATH,
   NAT_NEXT_OUT2IN_ED_SLOW_PATH,