summaryrefslogtreecommitdiffstats
path: root/src/plugins/nat/out2in.c
diff options
context:
space:
mode:
authorMatus Fabian <matfabia@cisco.com>2018-03-01 04:48:33 -0800
committerOle Trøan <otroan@employees.org>2018-03-02 08:48:40 +0000
commit204591d1bd754f6086edcf8b27a95beab929a78f (patch)
treeb54da1cc1b15dd7b2155e13d6e2487ea7544d810 /src/plugins/nat/out2in.c
parent8996cb6f77e7ddaf892fef646dfcbe72c47d8b7c (diff)
NAT44: interface output feature and service host direct access (VPP-1176)
forwarding mode: session initiaded from service host - translate session initiaded from remote host - do not translate Change-Id: I48170ee8e4ad14d3d3083ee31a40ef8d10d6ff32 Signed-off-by: Matus Fabian <matfabia@cisco.com>
Diffstat (limited to 'src/plugins/nat/out2in.c')
-rwxr-xr-xsrc/plugins/nat/out2in.c58
1 files changed, 54 insertions, 4 deletions
diff --git a/src/plugins/nat/out2in.c b/src/plugins/nat/out2in.c
index a03f780ba5e..4589c48aef6 100755
--- a/src/plugins/nat/out2in.c
+++ b/src/plugins/nat/out2in.c
@@ -311,6 +311,43 @@ icmp_get_ed_key(ip4_header_t *ip0, nat_ed_ses_key_t *p_key0)
return 0;
}
+static void
+create_bypass_for_fwd(snat_main_t * sm, ip4_header_t * ip)
+{
+ nat_ed_ses_key_t key;
+ clib_bihash_kv_16_8_t kv;
+ udp_header_t *udp;
+
+ if (ip->protocol == IP_PROTOCOL_ICMP)
+ {
+ if (icmp_get_ed_key (ip, &key))
+ return;
+ }
+ else if (ip->protocol == IP_PROTOCOL_UDP || ip->protocol == IP_PROTOCOL_TCP)
+ {
+ udp = ip4_next_header(ip);
+ key.r_addr = ip->src_address;
+ key.l_addr = ip->dst_address;
+ key.proto = ip->protocol;
+ key.l_port = udp->dst_port;
+ key.r_port = udp->src_port;
+ }
+ else
+ {
+ key.r_addr = ip->src_address;
+ key.l_addr = ip->dst_address;
+ key.proto = ip->protocol;
+ key.l_port = key.r_port = 0;
+ }
+ key.fib_index = 0;
+ kv.key[0] = key.as_u64[0];
+ kv.key[1] = key.as_u64[1];
+ kv.value = ~0ULL;
+
+ if (clib_bihash_add_del_16_8 (&sm->in2out_ed, &kv, 1))
+ clib_warning ("in2out_ed key add failed");
+}
+
/**
* Get address and port values to be used for ICMP packet translation
* and create session if needed
@@ -382,6 +419,7 @@ u32 icmp_match_out2in_slow(snat_main_t *sm, vlib_node_runtime_t *node,
}
else
{
+ create_bypass_for_fwd(sm, ip0);
dont_translate = 1;
goto out;
}
@@ -1116,7 +1154,10 @@ snat_out2in_node_fn (vlib_main_t * vm,
goto trace0;
}
else
- goto trace0;
+ {
+ create_bypass_for_fwd(sm, ip0);
+ goto trace0;
+ }
}
/* Create session initiated by host from external network */
@@ -1283,7 +1324,10 @@ snat_out2in_node_fn (vlib_main_t * vm,
goto trace1;
}
else
- goto trace1;
+ {
+ create_bypass_for_fwd(sm, ip1);
+ goto trace1;
+ }
}
/* Create session initiated by host from external network */
@@ -1486,7 +1530,10 @@ snat_out2in_node_fn (vlib_main_t * vm,
goto trace00;
}
else
- goto trace00;
+ {
+ create_bypass_for_fwd(sm, ip0);
+ goto trace00;
+ }
}
/* Create session initiated by host from external network */
@@ -1730,7 +1777,10 @@ nat44_out2in_reass_node_fn (vlib_main_t * vm,
goto trace0;
}
else
- goto trace0;
+ {
+ create_bypass_for_fwd(sm, ip0);
+ goto trace0;
+ }
}
/* Create session initiated by host from external network */