summaryrefslogtreecommitdiffstats
path: root/src/plugins/nat/nat44-ei
diff options
context:
space:
mode:
authorKlement Sekera <ksekera@cisco.com>2020-12-15 18:47:05 +0100
committerOle Tr�an <otroan@employees.org>2021-01-18 08:36:26 +0000
commit4881cb4c6f0d9c6276eb7a45ed355f9fc3d729b3 (patch)
tree07959eb6fc99b88b30e6f81f4620d8d6c70110e2 /src/plugins/nat/nat44-ei
parent4a58e49cfe03150034a65e147a2ffe8d24391b86 (diff)
nat: deal with flows instead of sessions
This change introduces flow concept to endpoint-dependent NAT. Instead of having a session and a plethora of special cases in code for e.g. hairpinning, twice-nat and others, figure all this out and store it in flow logic. Every flow has a match and a rewrite part. This unifies all the NAT packet processing cases into one - match a flow and rewrite the packet based on that flow. It also provides a cure for hairpinning dilemma where one part of the flow is on one worker and another on a different one. These cases are also sped up by not requiring destination adress lookup every single time to be able to rewrite source nat as this is now part of flow rewrite logic. Type: improvement Change-Id: Ib60c992e16792ea4d4129bc10202ebb99a73b5be Signed-off-by: Klement Sekera <ksekera@cisco.com>
Diffstat (limited to 'src/plugins/nat/nat44-ei')
-rw-r--r--src/plugins/nat/nat44-ei/nat44_ei_ha.h2
-rw-r--r--src/plugins/nat/nat44-ei/nat44_ei_in2out.c8
2 files changed, 5 insertions, 5 deletions
diff --git a/src/plugins/nat/nat44-ei/nat44_ei_ha.h b/src/plugins/nat/nat44-ei/nat44_ei_ha.h
index c466d4c9288..5639c8d0239 100644
--- a/src/plugins/nat/nat44-ei/nat44_ei_ha.h
+++ b/src/plugins/nat/nat44-ei/nat44_ei_ha.h
@@ -22,6 +22,7 @@
#include <vnet/vnet.h>
#include <vnet/ip/ip.h>
+#include <nat/nat.h>
/* Call back functions for received HA events on passive/failover */
typedef void (*nat_ha_sadd_cb_t) (ip4_address_t * in_addr, u16 in_port,
@@ -30,6 +31,7 @@ typedef void (*nat_ha_sadd_cb_t) (ip4_address_t * in_addr, u16 in_port,
ip4_address_t * ehn_addr, u16 ehn_port,
u8 proto, u32 fib_index, u16 flags,
u32 thread_index);
+
typedef void (*nat_ha_sdel_cb_t) (ip4_address_t * out_addr, u16 out_port,
ip4_address_t * eh_addr, u16 eh_port,
u8 proto, u32 fib_index, u32 thread_index);
diff --git a/src/plugins/nat/nat44-ei/nat44_ei_in2out.c b/src/plugins/nat/nat44-ei/nat44_ei_in2out.c
index 892518fff97..303c588d34e 100644
--- a/src/plugins/nat/nat44-ei/nat44_ei_in2out.c
+++ b/src/plugins/nat/nat44-ei/nat44_ei_in2out.c
@@ -785,8 +785,7 @@ icmp_in2out (snat_main_t * sm,
if (vnet_buffer (b0)->sw_if_index[VLIB_TX] == ~0)
{
- if (0 != snat_icmp_hairpinning (sm, b0, ip0, icmp0,
- sm->endpoint_dependent))
+ if (0 != snat_icmp_hairpinning (sm, b0, ip0, icmp0))
vnet_buffer (b0)->sw_if_index[VLIB_TX] = fib_index;
}
@@ -1904,9 +1903,8 @@ VLIB_NODE_FN (snat_in2out_fast_node) (vlib_main_t * vm,
}
/* Hairpinning */
- is_hairpinning =
- snat_hairpinning (vm, node, sm, b0, ip0, udp0, tcp0, proto0, 0,
- 0 /* do_trace */ );
+ is_hairpinning = snat_hairpinning (vm, node, sm, b0, ip0, udp0, tcp0,
+ proto0, 0 /* do_trace */);
trace0:
if (PREDICT_FALSE ((node->flags & VLIB_NODE_FLAG_TRACE)