summaryrefslogtreecommitdiffstats
path: root/src/plugins/nat/nat44-ei/nat44_ei_out2in.c
diff options
context:
space:
mode:
authorFilip Varga <fivarga@cisco.com>2021-02-17 14:34:54 +0100
committerOle Tr�an <otroan@employees.org>2021-02-24 19:25:25 +0000
commit0eaf4e6784efb2d058fe2f031578251b6bcc0aa8 (patch)
treecc0c2b485bfee51068fa4970acc9f95ec595e8e5 /src/plugins/nat/nat44-ei/nat44_ei_out2in.c
parent5db2f4a4312112ab57043ce88f10edc4acc141ec (diff)
nat: Final NAT44 EI/ED split patch
This patch achieves complete separation of endpoint-dependent and endpoint-independent IPv4 NAT features. Some common stuff is also moved to NAT library. Type: refactor Change-Id: I52468b7e2b5ac28958a2baf8e2ea01787322e801 Signed-off-by: Filip Varga <fivarga@cisco.com>
Diffstat (limited to 'src/plugins/nat/nat44-ei/nat44_ei_out2in.c')
-rw-r--r--src/plugins/nat/nat44-ei/nat44_ei_out2in.c607
1 files changed, 293 insertions, 314 deletions
diff --git a/src/plugins/nat/nat44-ei/nat44_ei_out2in.c b/src/plugins/nat/nat44-ei/nat44_ei_out2in.c
index ca3c272a26c..1d5ebd33cd5 100644
--- a/src/plugins/nat/nat44-ei/nat44_ei_out2in.c
+++ b/src/plugins/nat/nat44-ei/nat44_ei_out2in.c
@@ -14,41 +14,40 @@
*/
/**
* @file
- * @brief NAT44 endpoint-dependent outside to inside network translation
+ * @brief NAT44 EI outside to inside network translation
*/
#include <vlib/vlib.h>
-#include <vnet/vnet.h>
+#include <vnet/vnet.h>
#include <vnet/ip/ip.h>
-#include <vnet/udp/udp_local.h>
#include <vnet/ethernet/ethernet.h>
+#include <vnet/udp/udp_local.h>
#include <vnet/fib/ip4_fib.h>
-#include <nat/nat.h>
-#include <nat/lib/ipfix_logging.h>
-#include <nat/nat_inlines.h>
-#include <nat/lib/nat_syslog.h>
-#include <nat/nat44-ei/nat44_ei_inlines.h>
-#include <nat/nat44-ei/nat44_ei.h>
#include <vppinfra/hash.h>
#include <vppinfra/error.h>
-#include <vppinfra/elog.h>
+
+#include <nat/lib/log.h>
+#include <nat/lib/nat_syslog.h>
+#include <nat/lib/ipfix_logging.h>
+#include <nat/nat44-ei/nat44_ei_inlines.h>
+#include <nat/nat44-ei/nat44_ei.h>
typedef struct
{
u32 sw_if_index;
u32 next_index;
u32 session_index;
-} snat_out2in_trace_t;
+} nat44_ei_out2in_trace_t;
/* packet trace format function */
static u8 *
-format_snat_out2in_trace (u8 * s, va_list * args)
+format_nat44_ei_out2in_trace (u8 *s, va_list *args)
{
CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
- snat_out2in_trace_t *t = va_arg (*args, snat_out2in_trace_t *);
+ nat44_ei_out2in_trace_t *t = va_arg (*args, nat44_ei_out2in_trace_t *);
s =
format (s,
@@ -58,66 +57,67 @@ format_snat_out2in_trace (u8 * s, va_list * args)
}
static u8 *
-format_snat_out2in_fast_trace (u8 * s, va_list * args)
+format_nat44_ei_out2in_fast_trace (u8 *s, va_list *args)
{
CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *);
CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *);
- snat_out2in_trace_t *t = va_arg (*args, snat_out2in_trace_t *);
+ nat44_ei_out2in_trace_t *t = va_arg (*args, nat44_ei_out2in_trace_t *);
s = format (s, "NAT44_OUT2IN_FAST: sw_if_index %d, next index %d",
t->sw_if_index, t->next_index);
return s;
}
-#define foreach_snat_out2in_error \
-_(UNSUPPORTED_PROTOCOL, "unsupported protocol") \
-_(OUT_OF_PORTS, "out of ports") \
-_(BAD_ICMP_TYPE, "unsupported ICMP type") \
-_(NO_TRANSLATION, "no translation") \
-_(MAX_SESSIONS_EXCEEDED, "maximum sessions exceeded") \
-_(CANNOT_CREATE_USER, "cannot create NAT user")
+#define foreach_nat44_ei_out2in_error \
+ _ (UNSUPPORTED_PROTOCOL, "unsupported protocol") \
+ _ (OUT_OF_PORTS, "out of ports") \
+ _ (BAD_ICMP_TYPE, "unsupported ICMP type") \
+ _ (NO_TRANSLATION, "no translation") \
+ _ (MAX_SESSIONS_EXCEEDED, "maximum sessions exceeded") \
+ _ (CANNOT_CREATE_USER, "cannot create NAT user")
typedef enum
{
-#define _(sym,str) SNAT_OUT2IN_ERROR_##sym,
- foreach_snat_out2in_error
+#define _(sym, str) NAT44_EI_OUT2IN_ERROR_##sym,
+ foreach_nat44_ei_out2in_error
#undef _
- SNAT_OUT2IN_N_ERROR,
-} snat_out2in_error_t;
+ NAT44_EI_OUT2IN_N_ERROR,
+} nat44_ei_out2in_error_t;
-static char *snat_out2in_error_strings[] = {
+static char *nat44_ei_out2in_error_strings[] = {
#define _(sym,string) string,
- foreach_snat_out2in_error
+ foreach_nat44_ei_out2in_error
#undef _
};
typedef enum
{
- SNAT_OUT2IN_NEXT_DROP,
- SNAT_OUT2IN_NEXT_LOOKUP,
- SNAT_OUT2IN_NEXT_ICMP_ERROR,
- SNAT_OUT2IN_N_NEXT,
-} snat_out2in_next_t;
+ NAT44_EI_OUT2IN_NEXT_DROP,
+ NAT44_EI_OUT2IN_NEXT_LOOKUP,
+ NAT44_EI_OUT2IN_NEXT_ICMP_ERROR,
+ NAT44_EI_OUT2IN_N_NEXT,
+} nat44_ei_out2in_next_t;
#ifndef CLIB_MARCH_VARIANT
int
nat44_o2i_is_idle_session_cb (clib_bihash_kv_8_8_t * kv, void *arg)
{
- snat_main_t *sm = &snat_main;
- nat44_is_idle_session_ctx_t *ctx = arg;
- snat_session_t *s;
+ nat44_ei_main_t *nm = &nat44_ei_main;
+ nat44_ei_is_idle_session_ctx_t *ctx = arg;
+ nat44_ei_session_t *s;
u64 sess_timeout_time;
- snat_main_per_thread_data_t *tsm = vec_elt_at_index (sm->per_thread_data,
- ctx->thread_index);
+ nat44_ei_main_per_thread_data_t *tnm =
+ vec_elt_at_index (nm->per_thread_data, ctx->thread_index);
clib_bihash_kv_8_8_t s_kv;
- s = pool_elt_at_index (tsm->sessions, kv->value);
- sess_timeout_time = s->last_heard + (f64) nat44_session_get_timeout (sm, s);
+ s = pool_elt_at_index (tnm->sessions, kv->value);
+ sess_timeout_time = s->last_heard + (f64) nat_session_get_timeout (
+ &nm->timeouts, s->nat_proto, s->state);
if (ctx->now >= sess_timeout_time)
{
init_nat_i2o_k (&s_kv, s);
- if (clib_bihash_add_del_8_8 (&sm->in2out, &s_kv, 0))
- nat_elog_warn ("out2in key del failed");
+ if (clib_bihash_add_del_8_8 (&nm->in2out, &s_kv, 0))
+ nat_elog_warn (nm, "out2in key del failed");
nat_ipfix_logging_nat44_ses_delete (ctx->thread_index,
s->in2out.addr.as_u32,
@@ -135,12 +135,12 @@ nat44_o2i_is_idle_session_cb (clib_bihash_kv_8_8_t * kv, void *arg)
s->ext_host_port, s->nat_proto, s->out2in.fib_index,
ctx->thread_index);
- if (!snat_is_session_static (s))
- snat_free_outside_address_and_port (sm->addresses, ctx->thread_index,
- &s->out2in.addr, s->out2in.port,
- s->nat_proto);
+ if (!nat44_ei_is_session_static (s))
+ nat44_ei_free_outside_address_and_port (
+ nm->addresses, ctx->thread_index, &s->out2in.addr, s->out2in.port,
+ s->nat_proto);
- nat44_delete_session (sm, s, ctx->thread_index);
+ nat44_ei_delete_session (nm, s, ctx->thread_index);
return 1;
}
@@ -154,63 +154,56 @@ nat44_o2i_is_idle_session_cb (clib_bihash_kv_8_8_t * kv, void *arg)
* Create NAT session initiated by host from external network with static
* mapping.
*
- * @param sm NAT main.
+ * @param nm NAT main.
* @param b0 Vlib buffer.
* @param in2out In2out NAT44 session key.
* @param out2in Out2in NAT44 session key.
* @param node Vlib node.
*
- * @returns SNAT session if successfully created otherwise 0.
+ * @returns NAT44_EI session if successfully created otherwise 0.
*/
-static inline snat_session_t *
-create_session_for_static_mapping (snat_main_t * sm,
- vlib_buffer_t * b0,
- ip4_address_t i2o_addr,
- u16 i2o_port,
- u32 i2o_fib_index,
- ip4_address_t o2i_addr,
- u16 o2i_port,
- u32 o2i_fib_index,
- nat_protocol_t proto,
- vlib_node_runtime_t * node,
- u32 thread_index, f64 now)
+static inline nat44_ei_session_t *
+create_session_for_static_mapping (
+ nat44_ei_main_t *nm, vlib_buffer_t *b0, ip4_address_t i2o_addr, u16 i2o_port,
+ u32 i2o_fib_index, ip4_address_t o2i_addr, u16 o2i_port, u32 o2i_fib_index,
+ nat_protocol_t proto, vlib_node_runtime_t *node, u32 thread_index, f64 now)
{
- snat_user_t *u;
- snat_session_t *s;
+ nat44_ei_user_t *u;
+ nat44_ei_session_t *s;
clib_bihash_kv_8_8_t kv0;
ip4_header_t *ip0;
udp_header_t *udp0;
- nat44_is_idle_session_ctx_t ctx0;
+ nat44_ei_is_idle_session_ctx_t ctx0;
- if (PREDICT_FALSE (nat44_ei_maximum_sessions_exceeded (sm, thread_index)))
+ if (PREDICT_FALSE (nat44_ei_maximum_sessions_exceeded (nm, thread_index)))
{
- b0->error = node->errors[SNAT_OUT2IN_ERROR_MAX_SESSIONS_EXCEEDED];
- nat_elog_notice ("maximum sessions exceeded");
+ b0->error = node->errors[NAT44_EI_OUT2IN_ERROR_MAX_SESSIONS_EXCEEDED];
+ nat_elog_notice (nm, "maximum sessions exceeded");
return 0;
}
ip0 = vlib_buffer_get_current (b0);
udp0 = ip4_next_header (ip0);
- u = nat_user_get_or_create (sm, &i2o_addr, i2o_fib_index, thread_index);
+ u = nat44_ei_user_get_or_create (nm, &i2o_addr, i2o_fib_index, thread_index);
if (!u)
{
- b0->error = node->errors[SNAT_OUT2IN_ERROR_CANNOT_CREATE_USER];
+ b0->error = node->errors[NAT44_EI_OUT2IN_ERROR_CANNOT_CREATE_USER];
return 0;
}
- s = nat_session_alloc_or_recycle (sm, u, thread_index, now);
+ s = nat44_ei_session_alloc_or_recycle (nm, u, thread_index, now);
if (!s)
{
- nat44_delete_user_with_no_session (sm, u, thread_index);
- nat_elog_warn ("create NAT session failed");
+ nat44_ei_delete_user_with_no_session (nm, u, thread_index);
+ nat_elog_warn (nm, "create NAT session failed");
return 0;
}
- s->flags |= SNAT_SESSION_FLAG_STATIC_MAPPING;
+ s->flags |= NAT44_EI_SESSION_FLAG_STATIC_MAPPING;
s->ext_host_addr.as_u32 = ip0->src_address.as_u32;
s->ext_host_port = udp0->src_port;
- user_session_increment (sm, u, 1 /* static */ );
+ nat44_ei_user_session_increment (nm, u, 1 /* static */);
s->in2out.addr = i2o_addr;
s->in2out.port = i2o_port;
s->in2out.fib_index = i2o_fib_index;
@@ -223,16 +216,16 @@ create_session_for_static_mapping (snat_main_t * sm,
ctx0.now = now;
ctx0.thread_index = thread_index;
init_nat_i2o_kv (&kv0, s, thread_index,
- s - sm->per_thread_data[thread_index].sessions);
+ s - nm->per_thread_data[thread_index].sessions);
if (clib_bihash_add_or_overwrite_stale_8_8 (
- &sm->in2out, &kv0, nat44_i2o_is_idle_session_cb, &ctx0))
- nat_elog_notice ("in2out key add failed");
+ &nm->in2out, &kv0, nat44_i2o_is_idle_session_cb, &ctx0))
+ nat_elog_notice (nm, "in2out key add failed");
init_nat_o2i_kv (&kv0, s, thread_index,
- s - sm->per_thread_data[thread_index].sessions);
+ s - nm->per_thread_data[thread_index].sessions);
if (clib_bihash_add_or_overwrite_stale_8_8 (
- &sm->out2in, &kv0, nat44_o2i_is_idle_session_cb, &ctx0))
- nat_elog_notice ("out2in key add failed");
+ &nm->out2in, &kv0, nat44_o2i_is_idle_session_cb, &ctx0))
+ nat_elog_notice (nm, "out2in key add failed");
/* log NAT event */
nat_ipfix_logging_nat44_ses_create (thread_index,
@@ -255,9 +248,9 @@ create_session_for_static_mapping (snat_main_t * sm,
}
#ifndef CLIB_MARCH_VARIANT
-static_always_inline snat_out2in_error_t
-icmp_get_key (vlib_buffer_t * b, ip4_header_t * ip0,
- ip4_address_t * addr, u16 * port, nat_protocol_t * nat_proto)
+static_always_inline nat44_ei_out2in_error_t
+icmp_get_key (vlib_buffer_t *b, ip4_header_t *ip0, ip4_address_t *addr,
+ u16 *port, nat_protocol_t *nat_proto)
{
icmp46_header_t *icmp0;
icmp_echo_header_t *echo0, *inner_echo0 = 0;
@@ -293,7 +286,7 @@ icmp_get_key (vlib_buffer_t * b, ip4_header_t * ip0,
*port = ((tcp_udp_header_t *) l4_header)->src_port;
break;
default:
- return SNAT_OUT2IN_ERROR_UNSUPPORTED_PROTOCOL;
+ return NAT44_EI_OUT2IN_ERROR_UNSUPPORTED_PROTOCOL;
}
}
return -1; /* success */
@@ -303,7 +296,7 @@ icmp_get_key (vlib_buffer_t * b, ip4_header_t * ip0,
* Get address and port values to be used for ICMP packet translation
* and create session if needed
*
- * @param[in,out] sm NAT main
+ * @param[in,out] nm NAT main
* @param[in,out] node NAT node runtime
* @param[in] thread_index thread index
* @param[in,out] b0 buffer containing packet to be translated
@@ -315,15 +308,16 @@ icmp_get_key (vlib_buffer_t * b, ip4_header_t * ip0,
* @param e optional parameter
*/
u32
-icmp_match_out2in_slow (snat_main_t *sm, vlib_node_runtime_t *node,
- u32 thread_index, vlib_buffer_t *b0, ip4_header_t *ip0,
- ip4_address_t *addr, u16 *port, u32 *fib_index,
- nat_protocol_t *proto, snat_session_t **p_s0,
- u8 *dont_translate)
+nat44_ei_icmp_match_out2in_slow (vlib_node_runtime_t *node, u32 thread_index,
+ vlib_buffer_t *b0, ip4_header_t *ip0,
+ ip4_address_t *addr, u16 *port,
+ u32 *fib_index, nat_protocol_t *proto,
+ nat44_ei_session_t **p_s0, u8 *dont_translate)
{
- snat_main_per_thread_data_t *tsm = &sm->per_thread_data[thread_index];
+ nat44_ei_main_t *nm = &nat44_ei_main;
+ nat44_ei_main_per_thread_data_t *tnm = &nm->per_thread_data[thread_index];
u32 sw_if_index0;
- snat_session_t *s0 = 0;
+ nat44_ei_session_t *s0 = 0;
clib_bihash_kv_8_8_t kv0, value0;
u8 is_addr_only;
u32 next0 = ~0;
@@ -340,8 +334,8 @@ icmp_match_out2in_slow (snat_main_t *sm, vlib_node_runtime_t *node,
err = icmp_get_key (b0, ip0, addr, port, proto);
if (err != -1)
{
- b0->error = node->errors[SNAT_OUT2IN_ERROR_UNSUPPORTED_PROTOCOL];
- next0 = SNAT_OUT2IN_NEXT_DROP;
+ b0->error = node->errors[NAT44_EI_OUT2IN_ERROR_UNSUPPORTED_PROTOCOL];
+ next0 = NAT44_EI_OUT2IN_NEXT_DROP;
goto out;
}
@@ -350,7 +344,7 @@ icmp_match_out2in_slow (snat_main_t *sm, vlib_node_runtime_t *node,
u32 mapping_fib_index;
init_nat_k (&kv0, *addr, *port, *fib_index, *proto);
- if (clib_bihash_search_8_8 (&sm->out2in, &kv0, &value0))
+ if (clib_bihash_search_8_8 (&nm->out2in, &kv0, &value0))
{
/* Try to match static mapping by external address and port,
destination address and port in packet */
@@ -358,17 +352,18 @@ icmp_match_out2in_slow (snat_main_t *sm, vlib_node_runtime_t *node,
*addr, *port, *fib_index, *proto, &mapping_addr, &mapping_port,
&mapping_fib_index, 1, &is_addr_only, &identity_nat))
{
- if (!sm->forwarding_enabled)
+ if (!nm->forwarding_enabled)
{
/* Don't NAT packet aimed at the intfc address */
- if (PREDICT_FALSE (is_interface_addr (sm, node, sw_if_index0,
- ip0->dst_address.as_u32)))
+ if (PREDICT_FALSE (nat44_ei_is_interface_addr (
+ nm->ip4_main, node, sw_if_index0,
+ ip0->dst_address.as_u32)))
{
*dont_translate = 1;
goto out;
}
- b0->error = node->errors[SNAT_OUT2IN_ERROR_NO_TRANSLATION];
- next0 = SNAT_OUT2IN_NEXT_DROP;
+ b0->error = node->errors[NAT44_EI_OUT2IN_ERROR_NO_TRANSLATION];
+ next0 = NAT44_EI_OUT2IN_NEXT_DROP;
goto out;
}
else
@@ -384,8 +379,8 @@ icmp_match_out2in_slow (snat_main_t *sm, vlib_node_runtime_t *node,
&& (vnet_buffer (b0)->ip.reass.icmp_type_or_tcp_flags !=
ICMP4_echo_request || !is_addr_only)))
{
- b0->error = node->errors[SNAT_OUT2IN_ERROR_BAD_ICMP_TYPE];
- next0 = SNAT_OUT2IN_NEXT_DROP;
+ b0->error = node->errors[NAT44_EI_OUT2IN_ERROR_BAD_ICMP_TYPE];
+ next0 = NAT44_EI_OUT2IN_NEXT_DROP;
goto out;
}
@@ -395,15 +390,13 @@ icmp_match_out2in_slow (snat_main_t *sm, vlib_node_runtime_t *node,
goto out;
}
/* Create session initiated by host from external network */
- s0 =
- create_session_for_static_mapping (sm, b0, mapping_addr, mapping_port,
- mapping_fib_index, *addr, *port,
- *fib_index, *proto, node,
- thread_index, vlib_time_now (vm));
+ s0 = create_session_for_static_mapping (
+ nm, b0, mapping_addr, mapping_port, mapping_fib_index, *addr, *port,
+ *fib_index, *proto, node, thread_index, vlib_time_now (vm));
if (!s0)
{
- next0 = SNAT_OUT2IN_NEXT_DROP;
+ next0 = NAT44_EI_OUT2IN_NEXT_DROP;
goto out;
}
}
@@ -417,12 +410,12 @@ icmp_match_out2in_slow (snat_main_t *sm, vlib_node_runtime_t *node,
&& !icmp_type_is_error_message (vnet_buffer (b0)->ip.
reass.icmp_type_or_tcp_flags)))
{
- b0->error = node->errors[SNAT_OUT2IN_ERROR_BAD_ICMP_TYPE];
- next0 = SNAT_OUT2IN_NEXT_DROP;
+ b0->error = node->errors[NAT44_EI_OUT2IN_ERROR_BAD_ICMP_TYPE];
+ next0 = NAT44_EI_OUT2IN_NEXT_DROP;
goto out;
}
- s0 = pool_elt_at_index (tsm->sessions,
+ s0 = pool_elt_at_index (tnm->sessions,
nat_value_get_session_index (&value0));
}
@@ -440,27 +433,15 @@ out:
#endif
#ifndef CLIB_MARCH_VARIANT
-/**
- * Get address and port values to be used for ICMP packet translation
- *
- * @param[in] sm NAT main
- * @param[in,out] node NAT node runtime
- * @param[in] thread_index thread index
- * @param[in,out] b0 buffer containing packet to be translated
- * @param[in,out] ip0 ip header
- * @param[out] p_proto protocol used for matching
- * @param[out] p_value address and port after NAT translation
- * @param[out] p_dont_translate if packet should not be translated
- * @param d optional parameter
- * @param e optional parameter
- */
u32
-icmp_match_out2in_fast (snat_main_t *sm, vlib_node_runtime_t *node,
- u32 thread_index, vlib_buffer_t *b0, ip4_header_t *ip0,
- ip4_address_t *mapping_addr, u16 *mapping_port,
- u32 *mapping_fib_index, nat_protocol_t *proto,
- snat_session_t **p_s0, u8 *dont_translate)
+nat44_ei_icmp_match_out2in_fast (vlib_node_runtime_t *node, u32 thread_index,
+ vlib_buffer_t *b0, ip4_header_t *ip0,
+ ip4_address_t *mapping_addr,
+ u16 *mapping_port, u32 *mapping_fib_index,
+ nat_protocol_t *proto,
+ nat44_ei_session_t **p_s0, u8 *dont_translate)
{
+ nat44_ei_main_t *nm = &nat44_ei_main;
u32 sw_if_index0;
u32 rx_fib_index0;
u8 is_addr_only;
@@ -477,7 +458,7 @@ icmp_match_out2in_fast (snat_main_t *sm, vlib_node_runtime_t *node,
if (err != -1)
{
b0->error = node->errors[err];
- next0 = SNAT_OUT2IN_NEXT_DROP;
+ next0 = NAT44_EI_OUT2IN_NEXT_DROP;
goto out;
}
if (nat44_ei_static_mapping_match (addr, port, rx_fib_index0, *proto,
@@ -485,13 +466,14 @@ icmp_match_out2in_fast (snat_main_t *sm, vlib_node_runtime_t *node,
mapping_fib_index, 1, &is_addr_only, 0))
{
/* Don't NAT packet aimed at the intfc address */
- if (is_interface_addr (sm, node, sw_if_index0, ip0->dst_address.as_u32))
+ if (nat44_ei_is_interface_addr (nm->ip4_main, node, sw_if_index0,
+ ip0->dst_address.as_u32))
{
*dont_translate = 1;
goto out;
}
- b0->error = node->errors[SNAT_OUT2IN_ERROR_NO_TRANSLATION];
- next0 = SNAT_OUT2IN_NEXT_DROP;
+ b0->error = node->errors[NAT44_EI_OUT2IN_ERROR_NO_TRANSLATION];
+ next0 = NAT44_EI_OUT2IN_NEXT_DROP;
goto out;
}
@@ -502,8 +484,8 @@ icmp_match_out2in_fast (snat_main_t *sm, vlib_node_runtime_t *node,
&& !icmp_type_is_error_message (vnet_buffer (b0)->ip.
reass.icmp_type_or_tcp_flags)))
{
- b0->error = node->errors[SNAT_OUT2IN_ERROR_BAD_ICMP_TYPE];
- next0 = SNAT_OUT2IN_NEXT_DROP;
+ b0->error = node->errors[NAT44_EI_OUT2IN_ERROR_BAD_ICMP_TYPE];
+ next0 = NAT44_EI_OUT2IN_NEXT_DROP;
goto out;
}
@@ -512,18 +494,20 @@ out:
}
#endif
-u32 icmp_out2in (snat_main_t *sm, vlib_buffer_t *b0, ip4_header_t *ip0,
- icmp46_header_t *icmp0, u32 sw_if_index0, u32 rx_fib_index0,
- vlib_node_runtime_t *node, u32 next0, u32 thread_index,
- snat_session_t **p_s0);
+u32 nat44_ei_icmp_out2in (vlib_buffer_t *b0, ip4_header_t *ip0,
+ icmp46_header_t *icmp0, u32 sw_if_index0,
+ u32 rx_fib_index0, vlib_node_runtime_t *node,
+ u32 next0, u32 thread_index,
+ nat44_ei_session_t **p_s0);
#ifndef CLIB_MARCH_VARIANT
u32
-icmp_out2in (snat_main_t *sm, vlib_buffer_t *b0, ip4_header_t *ip0,
- icmp46_header_t *icmp0, u32 sw_if_index0, u32 rx_fib_index0,
- vlib_node_runtime_t *node, u32 next0, u32 thread_index,
- snat_session_t **p_s0)
+nat44_ei_icmp_out2in (vlib_buffer_t *b0, ip4_header_t *ip0,
+ icmp46_header_t *icmp0, u32 sw_if_index0,
+ u32 rx_fib_index0, vlib_node_runtime_t *node, u32 next0,
+ u32 thread_index, nat44_ei_session_t **p_s0)
{
+ nat44_ei_main_t *nm = &nat44_ei_main;
icmp_echo_header_t *echo0, *inner_echo0 = 0;
ip4_header_t *inner_ip0 = 0;
void *l4_header = 0;
@@ -542,12 +526,22 @@ icmp_out2in (snat_main_t *sm, vlib_buffer_t *b0, ip4_header_t *ip0,
echo0 = (icmp_echo_header_t *) (icmp0 + 1);
- next0_tmp =
- sm->icmp_match_out2in_cb (sm, node, thread_index, b0, ip0, &addr, &port,
- &fib_index, &proto, p_s0, &dont_translate);
+ if (PREDICT_TRUE (nm->pat))
+ {
+ next0_tmp = nat44_ei_icmp_match_out2in_slow (
+ node, thread_index, b0, ip0, &addr, &port, &fib_index, &proto, p_s0,
+ &dont_translate);
+ }
+ else
+ {
+ next0_tmp = nat44_ei_icmp_match_out2in_fast (
+ node, thread_index, b0, ip0, &addr, &port, &fib_index, &proto, p_s0,
+ &dont_translate);
+ }
+
if (next0_tmp != ~0)
next0 = next0_tmp;
- if (next0 == SNAT_OUT2IN_NEXT_DROP || dont_translate)
+ if (next0 == NAT44_EI_OUT2IN_NEXT_DROP || dont_translate)
goto out;
if (PREDICT_TRUE (!ip4_is_fragment (ip0)))
@@ -561,7 +555,7 @@ icmp_out2in (snat_main_t *sm, vlib_buffer_t *b0, ip4_header_t *ip0,
checksum0 = ~ip_csum_fold (sum0);
if (checksum0 != 0 && checksum0 != 0xffff)
{
- next0 = SNAT_OUT2IN_NEXT_DROP;
+ next0 = NAT44_EI_OUT2IN_NEXT_DROP;
goto out;
}
}
@@ -604,7 +598,7 @@ icmp_out2in (snat_main_t *sm, vlib_buffer_t *b0, ip4_header_t *ip0,
if (!ip4_header_checksum_is_valid (inner_ip0))
{
- next0 = SNAT_OUT2IN_NEXT_DROP;
+ next0 = NAT44_EI_OUT2IN_NEXT_DROP;
goto out;
}
@@ -656,47 +650,42 @@ out:
#endif
static inline u32
-icmp_out2in_slow_path (snat_main_t * sm,
- vlib_buffer_t * b0,
- ip4_header_t * ip0,
- icmp46_header_t * icmp0,
- u32 sw_if_index0,
- u32 rx_fib_index0,
- vlib_node_runtime_t * node,
- u32 next0, f64 now,
- u32 thread_index, snat_session_t ** p_s0)
+nat44_ei_icmp_out2in_slow_path (nat44_ei_main_t *nm, vlib_buffer_t *b0,
+ ip4_header_t *ip0, icmp46_header_t *icmp0,
+ u32 sw_if_index0, u32 rx_fib_index0,
+ vlib_node_runtime_t *node, u32 next0, f64 now,
+ u32 thread_index, nat44_ei_session_t **p_s0)
{
vlib_main_t *vm = vlib_get_main ();
- next0 = icmp_out2in (sm, b0, ip0, icmp0, sw_if_index0, rx_fib_index0, node,
- next0, thread_index, p_s0);
- snat_session_t *s0 = *p_s0;
- if (PREDICT_TRUE (next0 != SNAT_OUT2IN_NEXT_DROP && s0))
+ next0 = nat44_ei_icmp_out2in (b0, ip0, icmp0, sw_if_index0, rx_fib_index0,
+ node, next0, thread_index, p_s0);
+ nat44_ei_session_t *s0 = *p_s0;
+ if (PREDICT_TRUE (next0 != NAT44_EI_OUT2IN_NEXT_DROP && s0))
{
/* Accounting */
nat44_ei_session_update_counters (
s0, now, vlib_buffer_length_in_chain (vm, b0), thread_index);
/* Per-user LRU list maintenance */
- nat44_session_update_lru (sm, s0, thread_index);
+ nat44_ei_session_update_lru (nm, s0, thread_index);
}
return next0;
}
static int
-nat_out2in_sm_unknown_proto (snat_main_t * sm,
- vlib_buffer_t * b,
- ip4_header_t * ip, u32 rx_fib_index)
+nat_out2in_sm_unknown_proto (nat44_ei_main_t *nm, vlib_buffer_t *b,
+ ip4_header_t *ip, u32 rx_fib_index)
{
clib_bihash_kv_8_8_t kv, value;
- snat_static_mapping_t *m;
+ nat44_ei_static_mapping_t *m;
u32 old_addr, new_addr;
ip_csum_t sum;
init_nat_k (&kv, ip->dst_address, 0, 0, 0);
- if (clib_bihash_search_8_8 (&sm->static_mapping_by_external, &kv, &value))
+ if (clib_bihash_search_8_8 (&nm->static_mapping_by_external, &kv, &value))
return 1;
- m = pool_elt_at_index (sm->static_mappings, value.value);
+ m = pool_elt_at_index (nm->static_mappings, value.value);
old_addr = ip->dst_address.as_u32;
new_addr = ip->dst_address.as_u32 = m->local_addr.as_u32;
@@ -708,15 +697,14 @@ nat_out2in_sm_unknown_proto (snat_main_t * sm,
return 0;
}
-VLIB_NODE_FN (snat_out2in_node) (vlib_main_t * vm,
- vlib_node_runtime_t * node,
- vlib_frame_t * frame)
+VLIB_NODE_FN (nat44_ei_out2in_node)
+(vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame)
{
u32 n_left_from, *from;
- snat_main_t *sm = &snat_main;
+ nat44_ei_main_t *nm = &nat44_ei_main;
f64 now = vlib_time_now (vm);
u32 thread_index = vm->thread_index;
- snat_main_per_thread_data_t *tsm = &sm->per_thread_data[thread_index];
+ nat44_ei_main_per_thread_data_t *tnm = &nm->per_thread_data[thread_index];
from = vlib_frame_vector_args (frame);
n_left_from = frame->n_vectors;
@@ -728,8 +716,8 @@ VLIB_NODE_FN (snat_out2in_node) (vlib_main_t * vm,
while (n_left_from >= 2)
{
vlib_buffer_t *b0, *b1;
- u32 next0 = SNAT_OUT2IN_NEXT_LOOKUP;
- u32 next1 = SNAT_OUT2IN_NEXT_LOOKUP;
+ u32 next0 = NAT44_EI_OUT2IN_NEXT_LOOKUP;
+ u32 next1 = NAT44_EI_OUT2IN_NEXT_LOOKUP;
u32 sw_if_index0, sw_if_index1;
ip4_header_t *ip0, *ip1;
ip_csum_t sum0, sum1;
@@ -742,7 +730,7 @@ VLIB_NODE_FN (snat_out2in_node) (vlib_main_t * vm,
icmp46_header_t *icmp0, *icmp1;
u32 rx_fib_index0, rx_fib_index1;
u32 proto0, proto1;
- snat_session_t *s0 = 0, *s1 = 0;
+ nat44_ei_session_t *s0 = 0, *s1 = 0;
clib_bihash_kv_8_8_t kv0, kv1, value0, value1;
u8 identity_nat0, identity_nat1;
ip4_address_t sm_addr0, sm_addr1;
@@ -778,8 +766,8 @@ VLIB_NODE_FN (snat_out2in_node) (vlib_main_t * vm,
icmp0 = (icmp46_header_t *) udp0;
sw_if_index0 = vnet_buffer (b0)->sw_if_index[VLIB_RX];
- rx_fib_index0 = vec_elt (sm->ip4_main->fib_index_by_sw_if_index,
- sw_if_index0);
+ rx_fib_index0 =
+ vec_elt (nm->ip4_main->fib_index_by_sw_if_index, sw_if_index0);
if (PREDICT_FALSE (ip0->ttl == 1))
{
@@ -787,7 +775,7 @@ VLIB_NODE_FN (snat_out2in_node) (vlib_main_t * vm,
icmp4_error_set_vnet_buffer (b0, ICMP4_time_exceeded,
ICMP4_time_exceeded_ttl_exceeded_in_transit,
0);
- next0 = SNAT_OUT2IN_NEXT_ICMP_ERROR;
+ next0 = NAT44_EI_OUT2IN_NEXT_ICMP_ERROR;
goto trace0;
}
@@ -795,16 +783,16 @@ VLIB_NODE_FN (snat_out2in_node) (vlib_main_t * vm,
if (PREDICT_FALSE (proto0 == NAT_PROTOCOL_OTHER))
{
- if (nat_out2in_sm_unknown_proto (sm, b0, ip0, rx_fib_index0))
+ if (nat_out2in_sm_unknown_proto (nm, b0, ip0, rx_fib_index0))
{
- if (!sm->forwarding_enabled)
+ if (!nm->forwarding_enabled)
{
b0->error =
- node->errors[SNAT_OUT2IN_ERROR_UNSUPPORTED_PROTOCOL];
- next0 = SNAT_OUT2IN_NEXT_DROP;
+ node->errors[NAT44_EI_OUT2IN_ERROR_UNSUPPORTED_PROTOCOL];
+ next0 = NAT44_EI_OUT2IN_NEXT_DROP;
}
}
- vlib_increment_simple_counter (&sm->counters.slowpath.out2in.other,
+ vlib_increment_simple_counter (&nm->counters.slowpath.out2in.other,
thread_index, sw_if_index0, 1);
goto trace0;
@@ -812,10 +800,10 @@ VLIB_NODE_FN (snat_out2in_node) (vlib_main_t * vm,
if (PREDICT_FALSE (proto0 == NAT_PROTOCOL_ICMP))
{
- next0 = icmp_out2in_slow_path
- (sm, b0, ip0, icmp0, sw_if_index0, rx_fib_index0, node,
- next0, now, thread_index, &s0);
- vlib_increment_simple_counter (&sm->counters.slowpath.out2in.icmp,
+ next0 = nat44_ei_icmp_out2in_slow_path (
+ nm, b0, ip0, icmp0, sw_if_index0, rx_fib_index0, node, next0, now,
+ thread_index, &s0);
+ vlib_increment_simple_counter (&nm->counters.slowpath.out2in.icmp,
thread_index, sw_if_index0, 1);
goto trace0;
}
@@ -823,7 +811,7 @@ VLIB_NODE_FN (snat_out2in_node) (vlib_main_t * vm,
init_nat_k (&kv0, ip0->dst_address,
vnet_buffer (b0)->ip.reass.l4_dst_port, rx_fib_index0,
proto0);
- if (clib_bihash_search_8_8 (&sm->out2in, &kv0, &value0))
+ if (clib_bihash_search_8_8 (&nm->out2in, &kv0, &value0))
{
/* Try to match static mapping by external address and port,
destination address and port in packet */
@@ -845,10 +833,11 @@ VLIB_NODE_FN (snat_out2in_node) (vlib_main_t * vm,
goto trace0;
}
- if (!sm->forwarding_enabled)
+ if (!nm->forwarding_enabled)
{
- b0->error = node->errors[SNAT_OUT2IN_ERROR_NO_TRANSLATION];
- next0 = SNAT_OUT2IN_NEXT_DROP;
+ b0->error =
+ node->errors[NAT44_EI_OUT2IN_ERROR_NO_TRANSLATION];
+ next0 = NAT44_EI_OUT2IN_NEXT_DROP;
}
goto trace0;
}
@@ -857,22 +846,18 @@ VLIB_NODE_FN (snat_out2in_node) (vlib_main_t * vm,
goto trace0;
/* Create session initiated by host from external network */
- s0 = create_session_for_static_mapping (sm, b0,
- sm_addr0, sm_port0,
- sm_fib_index0,
- ip0->dst_address,
- vnet_buffer (b0)->ip.
- reass.l4_dst_port,
- rx_fib_index0, proto0, node,
- thread_index, now);
+ s0 = create_session_for_static_mapping (
+ nm, b0, sm_addr0, sm_port0, sm_fib_index0, ip0->dst_address,
+ vnet_buffer (b0)->ip.reass.l4_dst_port, rx_fib_index0, proto0,
+ node, thread_index, now);
if (!s0)
{
- next0 = SNAT_OUT2IN_NEXT_DROP;
+ next0 = NAT44_EI_OUT2IN_NEXT_DROP;
goto trace0;
}
}
else
- s0 = pool_elt_at_index (tsm->sessions,
+ s0 = pool_elt_at_index (tnm->sessions,
nat_value_get_session_index (&value0));
old_addr0 = ip0->dst_address.as_u32;
@@ -901,7 +886,7 @@ VLIB_NODE_FN (snat_out2in_node) (vlib_main_t * vm,
length /* changed member */ );
tcp0->checksum = ip_csum_fold (sum0);
}
- vlib_increment_simple_counter (&sm->counters.slowpath.out2in.tcp,
+ vlib_increment_simple_counter (&nm->counters.slowpath.out2in.tcp,
thread_index, sw_if_index0, 1);
}
else
@@ -922,7 +907,7 @@ VLIB_NODE_FN (snat_out2in_node) (vlib_main_t * vm,
udp0->checksum = ip_csum_fold (sum0);
}
}
- vlib_increment_simple_counter (&sm->counters.slowpath.out2in.udp,
+ vlib_increment_simple_counter (&nm->counters.slowpath.out2in.udp,
thread_index, sw_if_index0, 1);
}
@@ -930,24 +915,24 @@ VLIB_NODE_FN (snat_out2in_node) (vlib_main_t * vm,
nat44_ei_session_update_counters (
s0, now, vlib_buffer_length_in_chain (vm, b0), thread_index);
/* Per-user LRU list maintenance */
- nat44_session_update_lru (sm, s0, thread_index);
+ nat44_ei_session_update_lru (nm, s0, thread_index);
trace0:
if (PREDICT_FALSE ((node->flags & VLIB_NODE_FLAG_TRACE)
&& (b0->flags & VLIB_BUFFER_IS_TRACED)))
{
- snat_out2in_trace_t *t = vlib_add_trace (vm, node, b0, sizeof (*t));
+ nat44_ei_out2in_trace_t *t =
+ vlib_add_trace (vm, node, b0, sizeof (*t));
t->sw_if_index = sw_if_index0;
t->next_index = next0;
t->session_index = ~0;
if (s0)
- t->session_index =
- s0 - sm->per_thread_data[thread_index].sessions;
+ t->session_index = s0 - nm->per_thread_data[thread_index].sessions;
}
- if (next0 == SNAT_OUT2IN_NEXT_DROP)
+ if (next0 == NAT44_EI_OUT2IN_NEXT_DROP)
{
- vlib_increment_simple_counter (&sm->counters.slowpath.out2in.drops,
+ vlib_increment_simple_counter (&nm->counters.slowpath.out2in.drops,
thread_index, sw_if_index0, 1);
}
@@ -958,8 +943,8 @@ VLIB_NODE_FN (snat_out2in_node) (vlib_main_t * vm,
icmp1 = (icmp46_header_t *) udp1;
sw_if_index1 = vnet_buffer (b1)->sw_if_index[VLIB_RX];
- rx_fib_index1 = vec_elt (sm->ip4_main->fib_index_by_sw_if_index,
- sw_if_index1);
+ rx_fib_index1 =
+ vec_elt (nm->ip4_main->fib_index_by_sw_if_index, sw_if_index1);
if (PREDICT_FALSE (ip1->ttl == 1))
{
@@ -967,7 +952,7 @@ VLIB_NODE_FN (snat_out2in_node) (vlib_main_t * vm,
icmp4_error_set_vnet_buffer (b1, ICMP4_time_exceeded,
ICMP4_time_exceeded_ttl_exceeded_in_transit,
0);
- next1 = SNAT_OUT2IN_NEXT_ICMP_ERROR;
+ next1 = NAT44_EI_OUT2IN_NEXT_ICMP_ERROR;
goto trace1;
}
@@ -975,26 +960,26 @@ VLIB_NODE_FN (snat_out2in_node) (vlib_main_t * vm,
if (PREDICT_FALSE (proto1 == NAT_PROTOCOL_OTHER))
{
- if (nat_out2in_sm_unknown_proto (sm, b1, ip1, rx_fib_index1))
+ if (nat_out2in_sm_unknown_proto (nm, b1, ip1, rx_fib_index1))
{
- if (!sm->forwarding_enabled)
+ if (!nm->forwarding_enabled)
{
b1->error =
- node->errors[SNAT_OUT2IN_ERROR_UNSUPPORTED_PROTOCOL];
- next1 = SNAT_OUT2IN_NEXT_DROP;
+ node->errors[NAT44_EI_OUT2IN_ERROR_UNSUPPORTED_PROTOCOL];
+ next1 = NAT44_EI_OUT2IN_NEXT_DROP;
}
}
- vlib_increment_simple_counter (&sm->counters.slowpath.out2in.other,
+ vlib_increment_simple_counter (&nm->counters.slowpath.out2in.other,
thread_index, sw_if_index1, 1);
goto trace1;
}
if (PREDICT_FALSE (proto1 == NAT_PROTOCOL_ICMP))
{
- next1 = icmp_out2in_slow_path
- (sm, b1, ip1, icmp1, sw_if_index1, rx_fib_index1, node,
- next1, now, thread_index, &s1);
- vlib_increment_simple_counter (&sm->counters.slowpath.out2in.icmp,
+ next1 = nat44_ei_icmp_out2in_slow_path (
+ nm, b1, ip1, icmp1, sw_if_index1, rx_fib_index1, node, next1, now,
+ thread_index, &s1);
+ vlib_increment_simple_counter (&nm->counters.slowpath.out2in.icmp,
thread_index, sw_if_index1, 1);
goto trace1;
}
@@ -1002,7 +987,7 @@ VLIB_NODE_FN (snat_out2in_node) (vlib_main_t * vm,
init_nat_k (&kv1, ip1->dst_address,
vnet_buffer (b1)->ip.reass.l4_dst_port, rx_fib_index1,
proto1);
- if (clib_bihash_search_8_8 (&sm->out2in, &kv1, &value1))
+ if (clib_bihash_search_8_8 (&nm->out2in, &kv1, &value1))
{
/* Try to match static mapping by external address and port,
destination address and port in packet */
@@ -1024,10 +1009,11 @@ VLIB_NODE_FN (snat_out2in_node) (vlib_main_t * vm,
goto trace1;
}
- if (!sm->forwarding_enabled)
+ if (!nm->forwarding_enabled)
{
- b1->error = node->errors[SNAT_OUT2IN_ERROR_NO_TRANSLATION];
- next1 = SNAT_OUT2IN_NEXT_DROP;
+ b1->error =
+ node->errors[NAT44_EI_OUT2IN_ERROR_NO_TRANSLATION];
+ next1 = NAT44_EI_OUT2IN_NEXT_DROP;
}
goto trace1;
}
@@ -1036,22 +1022,18 @@ VLIB_NODE_FN (snat_out2in_node) (vlib_main_t * vm,
goto trace1;
/* Create session initiated by host from external network */
- s1 =
- create_session_for_static_mapping (sm, b1, sm_addr1, sm_port1,
- sm_fib_index1,
- ip1->dst_address,
- vnet_buffer (b1)->ip.
- reass.l4_dst_port,
- rx_fib_index1, proto1, node,
- thread_index, now);
+ s1 = create_session_for_static_mapping (
+ nm, b1, sm_addr1, sm_port1, sm_fib_index1, ip1->dst_address,
+ vnet_buffer (b1)->ip.reass.l4_dst_port, rx_fib_index1, proto1,
+ node, thread_index, now);
if (!s1)
{
- next1 = SNAT_OUT2IN_NEXT_DROP;
+ next1 = NAT44_EI_OUT2IN_NEXT_DROP;
goto trace1;
}
}
else
- s1 = pool_elt_at_index (sm->per_thread_data[thread_index].sessions,
+ s1 = pool_elt_at_index (nm->per_thread_data[thread_index].sessions,
nat_value_get_session_index (&value1));
old_addr1 = ip1->dst_address.as_u32;
@@ -1081,7 +1063,7 @@ VLIB_NODE_FN (snat_out2in_node) (vlib_main_t * vm,
length /* changed member */ );
tcp1->checksum = ip_csum_fold (sum1);
}
- vlib_increment_simple_counter (&sm->counters.slowpath.out2in.tcp,
+ vlib_increment_simple_counter (&nm->counters.slowpath.out2in.tcp,
thread_index, sw_if_index1, 1);
}
else
@@ -1105,7 +1087,7 @@ VLIB_NODE_FN (snat_out2in_node) (vlib_main_t * vm,
udp1->checksum = ip_csum_fold (sum1);
}
}
- vlib_increment_simple_counter (&sm->counters.slowpath.out2in.udp,
+ vlib_increment_simple_counter (&nm->counters.slowpath.out2in.udp,
thread_index, sw_if_index1, 1);
}
@@ -1113,24 +1095,24 @@ VLIB_NODE_FN (snat_out2in_node) (vlib_main_t * vm,
nat44_ei_session_update_counters (
s1, now, vlib_buffer_length_in_chain (vm, b1), thread_index);
/* Per-user LRU list maintenance */
- nat44_session_update_lru (sm, s1, thread_index);
+ nat44_ei_session_update_lru (nm, s1, thread_index);
trace1:
if (PREDICT_FALSE ((node->flags & VLIB_NODE_FLAG_TRACE)
&& (b1->flags & VLIB_BUFFER_IS_TRACED)))
{
- snat_out2in_trace_t *t = vlib_add_trace (vm, node, b1, sizeof (*t));
+ nat44_ei_out2in_trace_t *t =
+ vlib_add_trace (vm, node, b1, sizeof (*t));
t->sw_if_index = sw_if_index1;
t->next_index = next1;
t->session_index = ~0;
if (s1)
- t->session_index =
- s1 - sm->per_thread_data[thread_index].sessions;
+ t->session_index = s1 - nm->per_thread_data[thread_index].sessions;
}
- if (next1 == SNAT_OUT2IN_NEXT_DROP)
+ if (next1 == NAT44_EI_OUT2IN_NEXT_DROP)
{
- vlib_increment_simple_counter (&sm->counters.slowpath.out2in.drops,
+ vlib_increment_simple_counter (&nm->counters.slowpath.out2in.drops,
thread_index, sw_if_index1, 1);
}
@@ -1143,7 +1125,7 @@ VLIB_NODE_FN (snat_out2in_node) (vlib_main_t * vm,
while (n_left_from > 0)
{
vlib_buffer_t *b0;
- u32 next0 = SNAT_OUT2IN_NEXT_LOOKUP;
+ u32 next0 = NAT44_EI_OUT2IN_NEXT_LOOKUP;
u32 sw_if_index0;
ip4_header_t *ip0;
ip_csum_t sum0;
@@ -1154,7 +1136,7 @@ VLIB_NODE_FN (snat_out2in_node) (vlib_main_t * vm,
icmp46_header_t *icmp0;
u32 rx_fib_index0;
u32 proto0;
- snat_session_t *s0 = 0;
+ nat44_ei_session_t *s0 = 0;
clib_bihash_kv_8_8_t kv0, value0;
u8 identity_nat0;
ip4_address_t sm_addr0;
@@ -1172,23 +1154,23 @@ VLIB_NODE_FN (snat_out2in_node) (vlib_main_t * vm,
icmp0 = (icmp46_header_t *) udp0;
sw_if_index0 = vnet_buffer (b0)->sw_if_index[VLIB_RX];
- rx_fib_index0 = vec_elt (sm->ip4_main->fib_index_by_sw_if_index,
- sw_if_index0);
+ rx_fib_index0 =
+ vec_elt (nm->ip4_main->fib_index_by_sw_if_index, sw_if_index0);
proto0 = ip_proto_to_nat_proto (ip0->protocol);
if (PREDICT_FALSE (proto0 == NAT_PROTOCOL_OTHER))
{
- if (nat_out2in_sm_unknown_proto (sm, b0, ip0, rx_fib_index0))
+ if (nat_out2in_sm_unknown_proto (nm, b0, ip0, rx_fib_index0))
{
- if (!sm->forwarding_enabled)
+ if (!nm->forwarding_enabled)
{
b0->error =
- node->errors[SNAT_OUT2IN_ERROR_UNSUPPORTED_PROTOCOL];
- next0 = SNAT_OUT2IN_NEXT_DROP;
+ node->errors[NAT44_EI_OUT2IN_ERROR_UNSUPPORTED_PROTOCOL];
+ next0 = NAT44_EI_OUT2IN_NEXT_DROP;
}
}
- vlib_increment_simple_counter (&sm->counters.slowpath.out2in.other,
+ vlib_increment_simple_counter (&nm->counters.slowpath.out2in.other,
thread_index, sw_if_index0, 1);
goto trace00;
}
@@ -1199,16 +1181,16 @@ VLIB_NODE_FN (snat_out2in_node) (vlib_main_t * vm,
icmp4_error_set_vnet_buffer (b0, ICMP4_time_exceeded,
ICMP4_time_exceeded_ttl_exceeded_in_transit,
0);
- next0 = SNAT_OUT2IN_NEXT_ICMP_ERROR;
+ next0 = NAT44_EI_OUT2IN_NEXT_ICMP_ERROR;
goto trace00;
}
if (PREDICT_FALSE (proto0 == NAT_PROTOCOL_ICMP))
{
- next0 = icmp_out2in_slow_path
- (sm, b0, ip0, icmp0, sw_if_index0, rx_fib_index0, node,
- next0, now, thread_index, &s0);
- vlib_increment_simple_counter (&sm->counters.slowpath.out2in.icmp,
+ next0 = nat44_ei_icmp_out2in_slow_path (
+ nm, b0, ip0, icmp0, sw_if_index0, rx_fib_index0, node, next0, now,
+ thread_index, &s0);
+ vlib_increment_simple_counter (&nm->counters.slowpath.out2in.icmp,
thread_index, sw_if_index0, 1);
goto trace00;
}
@@ -1217,7 +1199,7 @@ VLIB_NODE_FN (snat_out2in_node) (vlib_main_t * vm,
vnet_buffer (b0)->ip.reass.l4_dst_port, rx_fib_index0,
proto0);
- if (clib_bihash_search_8_8 (&sm->out2in, &kv0, &value0))
+ if (clib_bihash_search_8_8 (&nm->out2in, &kv0, &value0))
{
/* Try to match static mapping by external address and port,
destination address and port in packet */
@@ -1239,10 +1221,11 @@ VLIB_NODE_FN (snat_out2in_node) (vlib_main_t * vm,
goto trace00;
}
- if (!sm->forwarding_enabled)
+ if (!nm->forwarding_enabled)
{
- b0->error = node->errors[SNAT_OUT2IN_ERROR_NO_TRANSLATION];
- next0 = SNAT_OUT2IN_NEXT_DROP;
+ b0->error =
+ node->errors[NAT44_EI_OUT2IN_ERROR_NO_TRANSLATION];
+ next0 = NAT44_EI_OUT2IN_NEXT_DROP;
}
goto trace00;
}
@@ -1251,22 +1234,18 @@ VLIB_NODE_FN (snat_out2in_node) (vlib_main_t * vm,
goto trace00;
/* Create session initiated by host from external network */
- s0 = create_session_for_static_mapping (sm, b0,
- sm_addr0, sm_port0,
- sm_fib_index0,
- ip0->dst_address,
- vnet_buffer (b0)->ip.
- reass.l4_dst_port,
- rx_fib_index0, proto0, node,
- thread_index, now);
+ s0 = create_session_for_static_mapping (
+ nm, b0, sm_addr0, sm_port0, sm_fib_index0, ip0->dst_address,
+ vnet_buffer (b0)->ip.reass.l4_dst_port, rx_fib_index0, proto0,
+ node, thread_index, now);
if (!s0)
{
- next0 = SNAT_OUT2IN_NEXT_DROP;
+ next0 = NAT44_EI_OUT2IN_NEXT_DROP;
goto trace00;
}
}
else
- s0 = pool_elt_at_index (sm->per_thread_data[thread_index].sessions,
+ s0 = pool_elt_at_index (nm->per_thread_data[thread_index].sessions,
nat_value_get_session_index (&value0));
old_addr0 = ip0->dst_address.as_u32;
@@ -1296,7 +1275,7 @@ VLIB_NODE_FN (snat_out2in_node) (vlib_main_t * vm,
length /* changed member */ );
tcp0->checksum = ip_csum_fold (sum0);
}
- vlib_increment_simple_counter (&sm->counters.slowpath.out2in.tcp,
+ vlib_increment_simple_counter (&nm->counters.slowpath.out2in.tcp,
thread_index, sw_if_index0, 1);
}
else
@@ -1317,7 +1296,7 @@ VLIB_NODE_FN (snat_out2in_node) (vlib_main_t * vm,
udp0->checksum = ip_csum_fold (sum0);
}
}
- vlib_increment_simple_counter (&sm->counters.slowpath.out2in.udp,
+ vlib_increment_simple_counter (&nm->counters.slowpath.out2in.udp,
thread_index, sw_if_index0, 1);
}
@@ -1325,24 +1304,24 @@ VLIB_NODE_FN (snat_out2in_node) (vlib_main_t * vm,
nat44_ei_session_update_counters (
s0, now, vlib_buffer_length_in_chain (vm, b0), thread_index);
/* Per-user LRU list maintenance */
- nat44_session_update_lru (sm, s0, thread_index);
+ nat44_ei_session_update_lru (nm, s0, thread_index);
trace00:
if (PREDICT_FALSE ((node->flags & VLIB_NODE_FLAG_TRACE)
&& (b0->flags & VLIB_BUFFER_IS_TRACED)))
{
- snat_out2in_trace_t *t = vlib_add_trace (vm, node, b0, sizeof (*t));
+ nat44_ei_out2in_trace_t *t =
+ vlib_add_trace (vm, node, b0, sizeof (*t));
t->sw_if_index = sw_if_index0;
t->next_index = next0;
t->session_index = ~0;
if (s0)
- t->session_index =
- s0 - sm->per_thread_data[thread_index].sessions;
+ t->session_index = s0 - nm->per_thread_data[thread_index].sessions;
}
- if (next0 == SNAT_OUT2IN_NEXT_DROP)
+ if (next0 == NAT44_EI_OUT2IN_NEXT_DROP)
{
- vlib_increment_simple_counter (&sm->counters.slowpath.out2in.drops,
+ vlib_increment_simple_counter (&nm->counters.slowpath.out2in.drops,
thread_index, sw_if_index0, 1);
}
@@ -1358,34 +1337,33 @@ VLIB_NODE_FN (snat_out2in_node) (vlib_main_t * vm,
}
/* *INDENT-OFF* */
-VLIB_REGISTER_NODE (snat_out2in_node) = {
- .name = "nat44-out2in",
+VLIB_REGISTER_NODE (nat44_ei_out2in_node) = {
+ .name = "nat44-ei-out2in",
.vector_size = sizeof (u32),
- .format_trace = format_snat_out2in_trace,
+ .format_trace = format_nat44_ei_out2in_trace,
.type = VLIB_NODE_TYPE_INTERNAL,
- .n_errors = ARRAY_LEN(snat_out2in_error_strings),
- .error_strings = snat_out2in_error_strings,
+ .n_errors = ARRAY_LEN(nat44_ei_out2in_error_strings),
+ .error_strings = nat44_ei_out2in_error_strings,
- .runtime_data_bytes = sizeof (snat_runtime_t),
+ .runtime_data_bytes = sizeof (nat44_ei_runtime_t),
- .n_next_nodes = SNAT_OUT2IN_N_NEXT,
+ .n_next_nodes = NAT44_EI_OUT2IN_N_NEXT,
/* edit / add dispositions here */
.next_nodes = {
- [SNAT_OUT2IN_NEXT_DROP] = "error-drop",
- [SNAT_OUT2IN_NEXT_LOOKUP] = "ip4-lookup",
- [SNAT_OUT2IN_NEXT_ICMP_ERROR] = "ip4-icmp-error",
+ [NAT44_EI_OUT2IN_NEXT_DROP] = "error-drop",
+ [NAT44_EI_OUT2IN_NEXT_LOOKUP] = "ip4-lookup",
+ [NAT44_EI_OUT2IN_NEXT_ICMP_ERROR] = "ip4-icmp-error",
},
};
/* *INDENT-ON* */
-VLIB_NODE_FN (snat_out2in_fast_node) (vlib_main_t * vm,
- vlib_node_runtime_t * node,
- vlib_frame_t * frame)
+VLIB_NODE_FN (nat44_ei_out2in_fast_node)
+(vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame)
{
u32 n_left_from, *from;
- snat_main_t *sm = &snat_main;
+ nat44_ei_main_t *nm = &nat44_ei_main;
from = vlib_frame_vector_args (frame);
n_left_from = frame->n_vectors;
@@ -1396,7 +1374,7 @@ VLIB_NODE_FN (snat_out2in_fast_node) (vlib_main_t * vm,
while (n_left_from > 0)
{
vlib_buffer_t *b0;
- u32 next0 = SNAT_OUT2IN_NEXT_DROP;
+ u32 next0 = NAT44_EI_OUT2IN_NEXT_DROP;
u32 sw_if_index0;
ip4_header_t *ip0;
ip_csum_t sum0;
@@ -1430,7 +1408,7 @@ VLIB_NODE_FN (snat_out2in_fast_node) (vlib_main_t * vm,
icmp4_error_set_vnet_buffer (b0, ICMP4_time_exceeded,
ICMP4_time_exceeded_ttl_exceeded_in_transit,
0);
- next0 = SNAT_OUT2IN_NEXT_ICMP_ERROR;
+ next0 = NAT44_EI_OUT2IN_NEXT_ICMP_ERROR;
goto trace00;
}
@@ -1441,8 +1419,8 @@ VLIB_NODE_FN (snat_out2in_fast_node) (vlib_main_t * vm,
if (PREDICT_FALSE (proto0 == NAT_PROTOCOL_ICMP))
{
- next0 = icmp_out2in (sm, b0, ip0, icmp0, sw_if_index0, rx_fib_index0,
- node, next0, ~0, 0);
+ next0 = nat44_ei_icmp_out2in (b0, ip0, icmp0, sw_if_index0,
+ rx_fib_index0, node, next0, ~0, 0);
goto trace00;
}
@@ -1450,7 +1428,7 @@ VLIB_NODE_FN (snat_out2in_fast_node) (vlib_main_t * vm,
rx_fib_index0, proto0, &sm_addr0,
&sm_port0, &sm_fib_index0, 1, 0, 0))
{
- b0->error = node->errors[SNAT_OUT2IN_ERROR_NO_TRANSLATION];
+ b0->error = node->errors[NAT44_EI_OUT2IN_ERROR_NO_TRANSLATION];
goto trace00;
}
@@ -1518,14 +1496,15 @@ VLIB_NODE_FN (snat_out2in_fast_node) (vlib_main_t * vm,
if (PREDICT_FALSE ((node->flags & VLIB_NODE_FLAG_TRACE)
&& (b0->flags & VLIB_BUFFER_IS_TRACED)))
{
- snat_out2in_trace_t *t = vlib_add_trace (vm, node, b0, sizeof (*t));
+ nat44_ei_out2in_trace_t *t =
+ vlib_add_trace (vm, node, b0, sizeof (*t));
t->sw_if_index = sw_if_index0;
t->next_index = next0;
}
- if (next0 == SNAT_OUT2IN_NEXT_DROP)
+ if (next0 == NAT44_EI_OUT2IN_NEXT_DROP)
{
- vlib_increment_simple_counter (&sm->counters.fastpath.out2in.drops,
+ vlib_increment_simple_counter (&nm->counters.fastpath.out2in.drops,
vm->thread_index, sw_if_index0, 1);
}
@@ -1541,24 +1520,24 @@ VLIB_NODE_FN (snat_out2in_fast_node) (vlib_main_t * vm,
}
/* *INDENT-OFF* */
-VLIB_REGISTER_NODE (snat_out2in_fast_node) = {
- .name = "nat44-out2in-fast",
+VLIB_REGISTER_NODE (nat44_ei_out2in_fast_node) = {
+ .name = "nat44-ei-out2in-fast",
.vector_size = sizeof (u32),
- .format_trace = format_snat_out2in_fast_trace,
+ .format_trace = format_nat44_ei_out2in_fast_trace,
.type = VLIB_NODE_TYPE_INTERNAL,
- .n_errors = ARRAY_LEN(snat_out2in_error_strings),
- .error_strings = snat_out2in_error_strings,
+ .n_errors = ARRAY_LEN(nat44_ei_out2in_error_strings),
+ .error_strings = nat44_ei_out2in_error_strings,
- .runtime_data_bytes = sizeof (snat_runtime_t),
+ .runtime_data_bytes = sizeof (nat44_ei_runtime_t),
- .n_next_nodes = SNAT_OUT2IN_N_NEXT,
+ .n_next_nodes = NAT44_EI_OUT2IN_N_NEXT,
/* edit / add dispositions here */
.next_nodes = {
- [SNAT_OUT2IN_NEXT_LOOKUP] = "ip4-lookup",
- [SNAT_OUT2IN_NEXT_DROP] = "error-drop",
- [SNAT_OUT2IN_NEXT_ICMP_ERROR] = "ip4-icmp-error",
+ [NAT44_EI_OUT2IN_NEXT_LOOKUP] = "ip4-lookup",
+ [NAT44_EI_OUT2IN_NEXT_DROP] = "error-drop",
+ [NAT44_EI_OUT2IN_NEXT_ICMP_ERROR] = "ip4-icmp-error",
},
};
/* *INDENT-ON* */