summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMatus Fabian <matfabia@cisco.com>2017-03-07 08:04:32 -0800
committerOle Trøan <otroan@employees.org>2017-03-08 08:23:51 +0000
commit6f19c695583f9d7bd8b39f575e03f01d27e51f64 (patch)
treef8b7e210c34e7760cef0defc232e2353e94bd2a4
parenta0b34a74a916eff88f9a8354c78a2cf9798c8578 (diff)
CGN: fix outside port calculation and set buffer error (VPP-623)
Change-Id: I5143328b2da62ce4d6bb2915e2a51855696d87fc Signed-off-by: Matus Fabian <matfabia@cisco.com>
-rw-r--r--src/plugins/snat/in2out.c30
-rw-r--r--src/plugins/snat/out2in.c21
2 files changed, 33 insertions, 18 deletions
diff --git a/src/plugins/snat/in2out.c b/src/plugins/snat/in2out.c
index 5970588b5b9..4abf8758af4 100644
--- a/src/plugins/snat/in2out.c
+++ b/src/plugins/snat/in2out.c
@@ -1361,8 +1361,8 @@ snat_det_in2out_node_fn (vlib_main_t * vm,
ip4_header_t * ip0, * ip1;
ip_csum_t sum0, sum1;
ip4_address_t new_addr0, old_addr0, new_addr1, old_addr1;
- u16 old_port0, new_port0, lo_port0, i;
- u16 old_port1, new_port1, lo_port1;
+ u16 old_port0, new_port0, lo_port0, i0;
+ u16 old_port1, new_port1, lo_port1, i1;
udp_header_t * udp0, * udp1;
tcp_header_t * tcp0, * tcp1;
u32 proto0, proto1;
@@ -1409,6 +1409,7 @@ snat_det_in2out_node_fn (vlib_main_t * vm,
{
clib_warning("no match for internal host %U",
format_ip4_address, &ip0->src_address);
+ b0->error = node->errors[SNAT_IN2OUT_ERROR_NO_TRANSLATION];
goto trace0;
}
@@ -1419,10 +1420,10 @@ snat_det_in2out_node_fn (vlib_main_t * vm,
{
key0.ext_host_addr = ip0->dst_address;
key0.ext_host_port = tcp0->dst;
- for (i = 0; i < dm0->ports_per_host; i++)
+ for (i0 = 0; i0 < dm0->ports_per_host; i0++)
{
- key0.out_port = clib_host_to_net_u16 (lo_port0 + i +
- (clib_net_to_host_u16 (tcp0->src) % dm0->ports_per_host));
+ key0.out_port = clib_host_to_net_u16 (lo_port0 +
+ ((i0 + clib_net_to_host_u16 (tcp0->src)) % dm0->ports_per_host));
if (snat_det_get_ses_by_out (dm0, &ip0->src_address, key0.as_u64))
continue;
@@ -1433,6 +1434,7 @@ snat_det_in2out_node_fn (vlib_main_t * vm,
if (PREDICT_FALSE(!ses0))
{
next0 = SNAT_IN2OUT_NEXT_DROP;
+ b0->error = node->errors[SNAT_IN2OUT_ERROR_OUT_OF_PORTS];
goto trace0;
}
}
@@ -1528,6 +1530,7 @@ snat_det_in2out_node_fn (vlib_main_t * vm,
{
clib_warning("no match for internal host %U",
format_ip4_address, &ip0->src_address);
+ b1->error = node->errors[SNAT_IN2OUT_ERROR_NO_TRANSLATION];
goto trace1;
}
@@ -1539,10 +1542,10 @@ snat_det_in2out_node_fn (vlib_main_t * vm,
{
key1.ext_host_addr = ip1->dst_address;
key1.ext_host_port = tcp1->dst;
- for (i = 0; i < dm1->ports_per_host; i++)
+ for (i1 = 0; i1 < dm1->ports_per_host; i1++)
{
- key1.out_port = clib_host_to_net_u16 (lo_port1 + i +
- (clib_net_to_host_u16 (tcp1->src) % dm1->ports_per_host));
+ key1.out_port = clib_host_to_net_u16 (lo_port1 +
+ ((i1 + clib_net_to_host_u16 (tcp1->src)) % dm1->ports_per_host));
if (snat_det_get_ses_by_out (dm1, &ip1->src_address, key1.as_u64))
continue;
@@ -1553,6 +1556,7 @@ snat_det_in2out_node_fn (vlib_main_t * vm,
if (PREDICT_FALSE(!ses1))
{
next1 = SNAT_IN2OUT_NEXT_DROP;
+ b1->error = node->errors[SNAT_IN2OUT_ERROR_OUT_OF_PORTS];
goto trace1;
}
}
@@ -1652,7 +1656,7 @@ snat_det_in2out_node_fn (vlib_main_t * vm,
ip4_header_t * ip0;
ip_csum_t sum0;
ip4_address_t new_addr0, old_addr0;
- u16 old_port0, new_port0, lo_port0, i;
+ u16 old_port0, new_port0, lo_port0, i0;
udp_header_t * udp0;
tcp_header_t * tcp0;
u32 proto0;
@@ -1682,6 +1686,7 @@ snat_det_in2out_node_fn (vlib_main_t * vm,
{
clib_warning("no match for internal host %U",
format_ip4_address, &ip0->src_address);
+ b0->error = node->errors[SNAT_IN2OUT_ERROR_NO_TRANSLATION];
goto trace00;
}
@@ -1692,10 +1697,10 @@ snat_det_in2out_node_fn (vlib_main_t * vm,
{
key0.ext_host_addr = ip0->dst_address;
key0.ext_host_port = tcp0->dst;
- for (i = 0; i < dm0->ports_per_host; i++)
+ for (i0 = 0; i0 < dm0->ports_per_host; i0++)
{
- key0.out_port = clib_host_to_net_u16 (lo_port0 + i +
- (clib_net_to_host_u16 (tcp0->src) % dm0->ports_per_host));
+ key0.out_port = clib_host_to_net_u16 (lo_port0 +
+ ((i0 + clib_net_to_host_u16 (tcp0->src)) % dm0->ports_per_host));
if (snat_det_get_ses_by_out (dm0, &ip0->src_address, key0.as_u64))
continue;
@@ -1706,6 +1711,7 @@ snat_det_in2out_node_fn (vlib_main_t * vm,
if (PREDICT_FALSE(!ses0))
{
next0 = SNAT_IN2OUT_NEXT_DROP;
+ b0->error = node->errors[SNAT_IN2OUT_ERROR_OUT_OF_PORTS];
goto trace00;
}
}
diff --git a/src/plugins/snat/out2in.c b/src/plugins/snat/out2in.c
index 9b4c73d779e..178aa560940 100644
--- a/src/plugins/snat/out2in.c
+++ b/src/plugins/snat/out2in.c
@@ -1081,6 +1081,7 @@ snat_det_out2in_node_fn (vlib_main_t * vm,
clib_warning("unknown dst address: %U",
format_ip4_address, &ip0->dst_address);
next0 = SNAT_OUT2IN_NEXT_DROP;
+ b0->error = node->errors[SNAT_OUT2IN_ERROR_NO_TRANSLATION];
goto trace0;
}
@@ -1090,12 +1091,14 @@ snat_det_out2in_node_fn (vlib_main_t * vm,
ses0 = snat_det_get_ses_by_out (dm0, &new_addr0, key0.as_u64);
if (PREDICT_FALSE(!ses0))
{
- clib_warning("no match src %U:%d dst %d for user %U",
- format_ip4_address, &ip0->dst_address,
+ clib_warning("no match src %U:%d dst %U:%d for user %U",
+ format_ip4_address, &ip0->src_address,
clib_net_to_host_u16 (tcp0->src),
+ format_ip4_address, &ip0->dst_address,
clib_net_to_host_u16 (tcp0->dst),
format_ip4_address, &new_addr0);
next0 = SNAT_OUT2IN_NEXT_DROP;
+ b0->error = node->errors[SNAT_OUT2IN_ERROR_NO_TRANSLATION];
goto trace0;
}
new_port0 = ses0->in_port;
@@ -1173,6 +1176,7 @@ snat_det_out2in_node_fn (vlib_main_t * vm,
clib_warning("unknown dst address: %U",
format_ip4_address, &ip1->dst_address);
next1 = SNAT_OUT2IN_NEXT_DROP;
+ b1->error = node->errors[SNAT_OUT2IN_ERROR_NO_TRANSLATION];
goto trace1;
}
@@ -1182,12 +1186,14 @@ snat_det_out2in_node_fn (vlib_main_t * vm,
ses1 = snat_det_get_ses_by_out (dm1, &new_addr1, key1.as_u64);
if (PREDICT_FALSE(!ses1))
{
- clib_warning("no match src %U:%d dst %d for user %U",
- format_ip4_address, &ip1->dst_address,
+ clib_warning("no match src %U:%d dst %U:%d for user %U",
+ format_ip4_address, &ip1->src_address,
clib_net_to_host_u16 (tcp1->src),
+ format_ip4_address, &ip1->dst_address,
clib_net_to_host_u16 (tcp1->dst),
format_ip4_address, &new_addr1);
next1 = SNAT_OUT2IN_NEXT_DROP;
+ b1->error = node->errors[SNAT_OUT2IN_ERROR_NO_TRANSLATION];
goto trace1;
}
new_port1 = ses1->in_port;
@@ -1296,6 +1302,7 @@ snat_det_out2in_node_fn (vlib_main_t * vm,
clib_warning("unknown dst address: %U",
format_ip4_address, &ip0->dst_address);
next0 = SNAT_OUT2IN_NEXT_DROP;
+ b0->error = node->errors[SNAT_OUT2IN_ERROR_NO_TRANSLATION];
goto trace00;
}
@@ -1305,12 +1312,14 @@ snat_det_out2in_node_fn (vlib_main_t * vm,
ses0 = snat_det_get_ses_by_out (dm0, &new_addr0, key0.as_u64);
if (PREDICT_FALSE(!ses0))
{
- clib_warning("no match src %U:%d dst %d for user %U",
- format_ip4_address, &ip0->dst_address,
+ clib_warning("no match src %U:%d dst %U:%d for user %U",
+ format_ip4_address, &ip0->src_address,
clib_net_to_host_u16 (tcp0->src),
+ format_ip4_address, &ip0->dst_address,
clib_net_to_host_u16 (tcp0->dst),
format_ip4_address, &new_addr0);
next0 = SNAT_OUT2IN_NEXT_DROP;
+ b0->error = node->errors[SNAT_OUT2IN_ERROR_NO_TRANSLATION];
goto trace00;
}
new_port0 = ses0->in_port;