summaryrefslogtreecommitdiffstats
path: root/src/plugins/nat/nat44-ed/nat44_ed_cli.c
diff options
context:
space:
mode:
authorKlement Sekera <ksekera@cisco.com>2021-05-26 13:02:35 +0200
committerKlement Sekera <ksekera@cisco.com>2021-10-14 14:12:26 +0200
commitff334db797c9cede308367ef1c27bd8dfce0baf4 (patch)
tree1c3cf1db09b25f6a4f0c01a3ad369abe66a8bd1f /src/plugins/nat/nat44-ed/nat44_ed_cli.c
parent4450b03ba2a69a9e8194c7054dac2c8c19d372cd (diff)
nat: static mappings in flow hash
Put static mappings in flow hash, drop existing hash tables used for static mappings. Drop refcount variables and use hash table as a single point of truth. Allow creating a static mapping conflicting with dynamic mapping, which will take precedence after dynamic mapping is freed, so that the existing flow can finish transferring data. Type: fix Signed-off-by: Klement Sekera <ksekera@cisco.com> Change-Id: Idfde8efabc09971be38921d4b0ca5ccf4e9fe412
Diffstat (limited to 'src/plugins/nat/nat44-ed/nat44_ed_cli.c')
-rw-r--r--src/plugins/nat/nat44-ed/nat44_ed_cli.c194
1 files changed, 92 insertions, 102 deletions
diff --git a/src/plugins/nat/nat44-ed/nat44_ed_cli.c b/src/plugins/nat/nat44-ed/nat44_ed_cli.c
index 6f4485ceb51..ba74b7dd51f 100644
--- a/src/plugins/nat/nat44-ed/nat44_ed_cli.c
+++ b/src/plugins/nat/nat44-ed/nat44_ed_cli.c
@@ -283,12 +283,7 @@ nat44_show_hash_command_fn (vlib_main_t * vm, unformat_input_t * input,
else if (unformat (input, "verbose"))
verbose = 2;
- vlib_cli_output (vm, "%U", format_bihash_8_8, &sm->static_mapping_by_local,
- verbose);
- vlib_cli_output (vm, "%U",
- format_bihash_8_8, &sm->static_mapping_by_external,
- verbose);
- vlib_cli_output (vm, "%U", format_bihash_16_8, &sm->flow_hash, verbose);
+ vlib_cli_output (vm, "%U", format_bihash_16_8, &sm->flow_hash, verbose);
vec_foreach_index (i, sm->per_thread_data)
{
vlib_cli_output (vm, "-------- thread %d %s --------\n",
@@ -296,8 +291,7 @@ nat44_show_hash_command_fn (vlib_main_t * vm, unformat_input_t * input,
vlib_cli_output (vm, "%U", format_bihash_16_8, &sm->flow_hash, verbose);
}
- vlib_cli_output (vm, "%U", format_bihash_16_8, &nam->affinity_hash,
- verbose);
+ vlib_cli_output (vm, "%U", format_bihash_16_8, &nam->affinity_hash, verbose);
vlib_cli_output (vm, "-------- hash table parameters --------\n");
vlib_cli_output (vm, "translation buckets: %u", sm->translation_buckets);
@@ -502,6 +496,7 @@ nat44_show_summary_command_fn (vlib_main_t * vm, unformat_input_t * input,
u32 udp_sessions = 0;
u32 tcp_sessions = 0;
u32 icmp_sessions = 0;
+ u32 other_sessions = 0;
u32 timed_out = 0;
u32 transitory = 0;
@@ -526,40 +521,42 @@ nat44_show_summary_command_fn (vlib_main_t * vm, unformat_input_t * input,
if (now >= sess_timeout_time)
timed_out++;
- switch (s->nat_proto)
- {
- case NAT_PROTOCOL_ICMP:
- icmp_sessions++;
- break;
- case NAT_PROTOCOL_TCP:
- tcp_sessions++;
- if (s->state)
- {
- if (s->tcp_closed_timestamp)
- {
- if (now >= s->tcp_closed_timestamp)
- {
- ++transitory_closed;
- }
- else
- {
- ++transitory_wait_closed;
- }
- }
- transitory++;
- }
- else
- established++;
- break;
- case NAT_PROTOCOL_UDP:
- default:
- udp_sessions++;
- break;
- }
- }
- nat44_show_lru_summary (vm, tsm, now, sess_timeout_time);
- count += pool_elts (tsm->sessions);
- }
+ switch (s->proto)
+ {
+ case IP_PROTOCOL_ICMP:
+ icmp_sessions++;
+ break;
+ case IP_PROTOCOL_TCP:
+ tcp_sessions++;
+ if (s->state)
+ {
+ if (s->tcp_closed_timestamp)
+ {
+ if (now >= s->tcp_closed_timestamp)
+ {
+ ++transitory_closed;
+ }
+ else
+ {
+ ++transitory_wait_closed;
+ }
+ }
+ transitory++;
+ }
+ else
+ established++;
+ break;
+ case IP_PROTOCOL_UDP:
+ udp_sessions++;
+ break;
+ default:
+ ++other_sessions;
+ break;
+ }
+ }
+ nat44_show_lru_summary (vm, tsm, now, sess_timeout_time);
+ count += pool_elts (tsm->sessions);
+ }
}
else
{
@@ -571,36 +568,38 @@ nat44_show_summary_command_fn (vlib_main_t * vm, unformat_input_t * input,
if (now >= sess_timeout_time)
timed_out++;
- switch (s->nat_proto)
- {
- case NAT_PROTOCOL_ICMP:
- icmp_sessions++;
- break;
- case NAT_PROTOCOL_TCP:
- tcp_sessions++;
- if (s->state)
- {
- if (s->tcp_closed_timestamp)
- {
- if (now >= s->tcp_closed_timestamp)
- {
- ++transitory_closed;
- }
- else
- {
- ++transitory_wait_closed;
- }
- }
- transitory++;
- }
- else
- established++;
- break;
- case NAT_PROTOCOL_UDP:
- default:
- udp_sessions++;
- break;
- }
+ switch (s->proto)
+ {
+ case IP_PROTOCOL_ICMP:
+ icmp_sessions++;
+ break;
+ case IP_PROTOCOL_TCP:
+ tcp_sessions++;
+ if (s->state)
+ {
+ if (s->tcp_closed_timestamp)
+ {
+ if (now >= s->tcp_closed_timestamp)
+ {
+ ++transitory_closed;
+ }
+ else
+ {
+ ++transitory_wait_closed;
+ }
+ }
+ transitory++;
+ }
+ else
+ established++;
+ break;
+ case IP_PROTOCOL_UDP:
+ udp_sessions++;
+ break;
+ default:
+ ++other_sessions;
+ break;
+ }
}
nat44_show_lru_summary (vm, tsm, now, sess_timeout_time);
count = pool_elts (tsm->sessions);
@@ -617,6 +616,7 @@ nat44_show_summary_command_fn (vlib_main_t * vm, unformat_input_t * input,
transitory_closed);
vlib_cli_output (vm, "total udp sessions: %u", udp_sessions);
vlib_cli_output (vm, "total icmp sessions: %u", icmp_sessions);
+ vlib_cli_output (vm, "total other sessions: %u", other_sessions);
return 0;
}
@@ -636,10 +636,6 @@ nat44_show_addresses_command_fn (vlib_main_t * vm, unformat_input_t * input,
fib_table_get(ap->fib_index, FIB_PROTOCOL_IP4)->ft_table_id);
else
vlib_cli_output (vm, " tenant VRF independent");
- #define _(N, i, n, s) \
- vlib_cli_output (vm, " %d busy %s ports", ap->busy_##n##_ports, s);
- foreach_nat_protocol
- #undef _
}
vlib_cli_output (vm, "NAT44 twice-nat pool addresses:");
vec_foreach (ap, sm->twice_nat_addresses)
@@ -650,10 +646,6 @@ nat44_show_addresses_command_fn (vlib_main_t * vm, unformat_input_t * input,
fib_table_get(ap->fib_index, FIB_PROTOCOL_IP4)->ft_table_id);
else
vlib_cli_output (vm, " tenant VRF independent");
- #define _(N, i, n, s) \
- vlib_cli_output (vm, " %d busy %s ports", ap->busy_##n##_ports, s);
- foreach_nat_protocol
- #undef _
}
return 0;
}
@@ -837,14 +829,13 @@ add_static_mapping_command_fn (vlib_main_t * vm,
unformat_input_t _line_input, *line_input = &_line_input;
vnet_main_t *vnm = vnet_get_main ();
clib_error_t *error = 0;
- int rv;
-
- nat_protocol_t proto = NAT_PROTOCOL_OTHER;
ip4_address_t l_addr, e_addr, pool_addr;
u32 l_port = 0, e_port = 0, vrf_id = ~0;
u8 l_port_set = 0, e_port_set = 0;
- u32 sw_if_index, flags = 0;
- int is_add = 1;
+ int is_add = 1, rv;
+ u32 flags = 0;
+ u32 sw_if_index = ~0;
+ ip_protocol_t proto = 0;
if (!unformat_user (input, unformat_line_input, line_input))
return clib_error_return (0, NAT44_ED_EXPECTED_ARGUMENT);
@@ -886,7 +877,7 @@ add_static_mapping_command_fn (vlib_main_t * vm,
}
else if (unformat (line_input, "vrf %u", &vrf_id))
;
- else if (unformat (line_input, "%U", unformat_nat_protocol, &proto))
+ else if (unformat (line_input, "%U", unformat_ip_protocol, &proto))
;
else if (unformat (line_input, "self-twice-nat"))
{
@@ -983,7 +974,7 @@ add_identity_mapping_command_fn (vlib_main_t * vm,
int rv, is_add = 1, port_set = 0;
u32 sw_if_index, port, flags, vrf_id = ~0;
- nat_protocol_t proto = NAT_PROTOCOL_OTHER;
+ ip_protocol_t proto = 0;
ip4_address_t addr;
flags = NAT_SM_FLAG_IDENTITY_NAT;
@@ -1003,7 +994,7 @@ add_identity_mapping_command_fn (vlib_main_t * vm,
}
else if (unformat (line_input, "vrf %u", &vrf_id))
;
- else if (unformat (line_input, "%U %u", unformat_nat_protocol, &proto,
+ else if (unformat (line_input, "%U %u", unformat_ip_protocol, &proto,
&port))
{
port_set = 1;
@@ -1080,7 +1071,7 @@ add_lb_static_mapping_command_fn (vlib_main_t * vm,
ip4_address_t l_addr, e_addr;
u32 l_port = 0, e_port = 0, vrf_id = 0, probability = 0, affinity = 0;
u8 proto_set = 0;
- nat_protocol_t proto;
+ ip_protocol_t proto;
nat44_lb_addr_port_t *locals = 0, local;
int rv, is_add = 1;
u32 flags = 0;
@@ -1114,7 +1105,7 @@ add_lb_static_mapping_command_fn (vlib_main_t * vm,
else if (unformat (line_input, "external %U:%u", unformat_ip4_address,
&e_addr, &e_port))
;
- else if (unformat (line_input, "protocol %U", unformat_nat_protocol,
+ else if (unformat (line_input, "protocol %U", unformat_ip_protocol,
&proto))
{
proto_set = 1;
@@ -1202,7 +1193,7 @@ add_lb_backend_command_fn (vlib_main_t * vm,
u32 l_port = 0, e_port = 0, vrf_id = 0, probability = 0;
int is_add = 1;
int rv;
- nat_protocol_t proto;
+ ip_protocol_t proto;
u8 proto_set = 0;
/* Get a line of input. */
@@ -1221,7 +1212,7 @@ add_lb_backend_command_fn (vlib_main_t * vm,
else if (unformat (line_input, "external %U:%u", unformat_ip4_address,
&e_addr, &e_port))
;
- else if (unformat (line_input, "protocol %U", unformat_nat_protocol,
+ else if (unformat (line_input, "protocol %U", unformat_ip_protocol,
&proto))
proto_set = 1;
else if (unformat (line_input, "del"))
@@ -1392,7 +1383,7 @@ nat44_show_sessions_command_fn (vlib_main_t * vm, unformat_input_t * input,
u16 i2o_sp, i2o_dp, o2i_sp, o2i_dp;
u8 filter_i2o_sp = 0, filter_i2o_dp = 0;
u8 filter_o2i_sp = 0, filter_o2i_dp = 0;
- nat_protocol_t proto;
+ ip_protocol_t proto;
u8 filter_proto = 0;
u8 had_input = 1, filtering = 0;
int i = 0, showed_sessions;
@@ -1426,10 +1417,10 @@ nat44_show_sessions_command_fn (vlib_main_t * vm, unformat_input_t * input,
else if (unformat (line_input, "filter o2i dport %u", &o2i_dp))
filter_o2i_dp = filtering = 1;
else if (unformat (line_input, "filter i2o proto %U",
- unformat_nat_protocol, &proto))
+ unformat_ip_protocol, &proto))
filter_proto = filtering = 1;
else if (unformat (line_input, "filter o2i proto %U",
- unformat_nat_protocol, &proto))
+ unformat_ip_protocol, &proto))
filter_proto = filtering = 1;
else
{
@@ -1476,7 +1467,7 @@ print:
if (filter_o2i_dp &&
o2i_dp != clib_net_to_host_u16 (s->o2i.match.dport))
continue;
- if (filter_proto && proto != s->nat_proto)
+ if (filter_proto && proto != s->proto)
continue;
showed_sessions++;
}
@@ -1547,7 +1538,7 @@ nat44_del_session_command_fn (vlib_main_t * vm,
u32 port = 0, eh_port = 0, vrf_id = sm->outside_vrf_id;
clib_error_t *error = 0;
ip4_address_t addr, eh_addr;
- nat_protocol_t proto;
+ ip_protocol_t proto;
int is_in = 0;
int rv;
@@ -1556,9 +1547,8 @@ nat44_del_session_command_fn (vlib_main_t * vm,
while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
{
- if (unformat
- (line_input, "%U:%u %U", unformat_ip4_address, &addr, &port,
- unformat_nat_protocol, &proto))
+ if (unformat (line_input, "%U:%u %U", unformat_ip4_address, &addr, &port,
+ unformat_ip_protocol, &proto))
;
else if (unformat (line_input, "in"))
{
@@ -1584,8 +1574,8 @@ nat44_del_session_command_fn (vlib_main_t * vm,
}
rv = nat44_ed_del_session (sm, &addr, clib_host_to_net_u16 (port), &eh_addr,
- clib_host_to_net_u16 (eh_port),
- nat_proto_to_ip_proto (proto), vrf_id, is_in);
+ clib_host_to_net_u16 (eh_port), proto, vrf_id,
+ is_in);
switch (rv)
{