summaryrefslogtreecommitdiffstats
path: root/src/plugins/nat/out2in.c
diff options
context:
space:
mode:
authorMatus Fabian <matfabia@cisco.com>2018-10-07 21:28:23 -0700
committerOle Trøan <otroan@employees.org>2018-10-08 11:46:23 +0000
commite2f4e2f175beb6d6490d275049199db7dd61c783 (patch)
tree3b8a5997a835d15aec3b58af5e9bfc7195d12f7c /src/plugins/nat/out2in.c
parent2fd4b56aea5833a4752525d58cac335909190e9c (diff)
NAT44: do not create session record for identity mapping (VPP-1439)
Change-Id: I39a3146a4e4ba8eadf50af7113b9ae6b1c1d688f Signed-off-by: Matus Fabian <matfabia@cisco.com>
Diffstat (limited to 'src/plugins/nat/out2in.c')
-rwxr-xr-xsrc/plugins/nat/out2in.c39
1 files changed, 32 insertions, 7 deletions
diff --git a/src/plugins/nat/out2in.c b/src/plugins/nat/out2in.c
index 67d831a850c..eeecf165264 100755
--- a/src/plugins/nat/out2in.c
+++ b/src/plugins/nat/out2in.c
@@ -309,6 +309,7 @@ icmp_match_out2in_slow (snat_main_t * sm, vlib_node_runtime_t * node,
u8 is_addr_only;
u32 next0 = ~0;
int err;
+ u8 identity_nat;
icmp0 = (icmp46_header_t *) ip4_next_header (ip0);
sw_if_index0 = vnet_buffer (b0)->sw_if_index[VLIB_RX];
@@ -333,7 +334,7 @@ icmp_match_out2in_slow (snat_main_t * sm, vlib_node_runtime_t * node,
/* Try to match static mapping by external address and port,
destination address and port in packet */
if (snat_static_mapping_match
- (sm, key0, &sm0, 1, &is_addr_only, 0, 0, 0))
+ (sm, key0, &sm0, 1, &is_addr_only, 0, 0, 0, &identity_nat))
{
if (!sm->forwarding_enabled)
{
@@ -364,6 +365,11 @@ icmp_match_out2in_slow (snat_main_t * sm, vlib_node_runtime_t * node,
goto out;
}
+ if (PREDICT_FALSE (identity_nat))
+ {
+ dont_translate = 1;
+ goto out;
+ }
/* Create session initiated by host from external network */
s0 = create_session_for_static_mapping (sm, b0, sm0, key0,
node, thread_index,
@@ -443,7 +449,8 @@ icmp_match_out2in_fast (snat_main_t * sm, vlib_node_runtime_t * node,
}
key0.fib_index = rx_fib_index0;
- if (snat_static_mapping_match (sm, key0, &sm0, 1, &is_addr_only, 0, 0, 0))
+ if (snat_static_mapping_match
+ (sm, key0, &sm0, 1, &is_addr_only, 0, 0, 0, 0))
{
/* Don't NAT packet aimed at the intfc address */
if (is_interface_addr (sm, node, sw_if_index0, ip0->dst_address.as_u32))
@@ -703,6 +710,7 @@ snat_out2in_node_fn (vlib_main_t * vm,
u32 proto0, proto1;
snat_session_t *s0 = 0, *s1 = 0;
clib_bihash_kv_8_8_t kv0, kv1, value0, value1;
+ u8 identity_nat0, identity_nat1;
/* Prefetch next iteration. */
{
@@ -793,7 +801,8 @@ snat_out2in_node_fn (vlib_main_t * vm,
{
/* Try to match static mapping by external address and port,
destination address and port in packet */
- if (snat_static_mapping_match (sm, key0, &sm0, 1, 0, 0, 0, 0))
+ if (snat_static_mapping_match
+ (sm, key0, &sm0, 1, 0, 0, 0, 0, &identity_nat0))
{
/*
* Send DHCP packets to the ipv4 stack, or we won't
@@ -817,6 +826,9 @@ snat_out2in_node_fn (vlib_main_t * vm,
goto trace0;
}
+ if (PREDICT_FALSE (identity_nat0))
+ goto trace0;
+
/* Create session initiated by host from external network */
s0 = create_session_for_static_mapping (sm, b0, sm0, key0, node,
thread_index, now);
@@ -950,7 +962,8 @@ snat_out2in_node_fn (vlib_main_t * vm,
{
/* Try to match static mapping by external address and port,
destination address and port in packet */
- if (snat_static_mapping_match (sm, key1, &sm1, 1, 0, 0, 0, 0))
+ if (snat_static_mapping_match
+ (sm, key1, &sm1, 1, 0, 0, 0, 0, &identity_nat1))
{
/*
* Send DHCP packets to the ipv4 stack, or we won't
@@ -974,6 +987,9 @@ snat_out2in_node_fn (vlib_main_t * vm,
goto trace1;
}
+ if (PREDICT_FALSE (identity_nat1))
+ goto trace1;
+
/* Create session initiated by host from external network */
s1 = create_session_for_static_mapping (sm, b1, sm1, key1, node,
thread_index, now);
@@ -1069,6 +1085,7 @@ snat_out2in_node_fn (vlib_main_t * vm,
u32 proto0;
snat_session_t *s0 = 0;
clib_bihash_kv_8_8_t kv0, value0;
+ u8 identity_nat0;
/* speculatively enqueue b0 to the current next frame */
bi0 = from[0];
@@ -1143,7 +1160,8 @@ snat_out2in_node_fn (vlib_main_t * vm,
{
/* Try to match static mapping by external address and port,
destination address and port in packet */
- if (snat_static_mapping_match (sm, key0, &sm0, 1, 0, 0, 0, 0))
+ if (snat_static_mapping_match
+ (sm, key0, &sm0, 1, 0, 0, 0, 0, &identity_nat0))
{
/*
* Send DHCP packets to the ipv4 stack, or we won't
@@ -1167,6 +1185,9 @@ snat_out2in_node_fn (vlib_main_t * vm,
goto trace00;
}
+ if (PREDICT_FALSE (identity_nat0))
+ goto trace00;
+
/* Create session initiated by host from external network */
s0 = create_session_for_static_mapping (sm, b0, sm0, key0, node,
thread_index, now);
@@ -1320,6 +1341,7 @@ nat44_out2in_reass_node_fn (vlib_main_t * vm,
snat_session_t *s0 = 0;
u16 old_port0, new_port0;
ip_csum_t sum0;
+ u8 identity_nat0;
/* speculatively enqueue b0 to the current next frame */
bi0 = from[0];
@@ -1377,7 +1399,7 @@ nat44_out2in_reass_node_fn (vlib_main_t * vm,
/* Try to match static mapping by external address and port,
destination address and port in packet */
if (snat_static_mapping_match
- (sm, key0, &sm0, 1, 0, 0, 0, 0))
+ (sm, key0, &sm0, 1, 0, 0, 0, 0, &identity_nat0))
{
/*
* Send DHCP packets to the ipv4 stack, or we won't
@@ -1402,6 +1424,9 @@ nat44_out2in_reass_node_fn (vlib_main_t * vm,
goto trace0;
}
+ if (PREDICT_FALSE (identity_nat0))
+ goto trace0;
+
/* Create session initiated by host from external network */
s0 =
create_session_for_static_mapping (sm, b0, sm0, key0,
@@ -1663,7 +1688,7 @@ snat_out2in_fast_node_fn (vlib_main_t * vm,
key0.port = udp0->dst_port;
key0.fib_index = rx_fib_index0;
- if (snat_static_mapping_match (sm, key0, &sm0, 1, 0, 0, 0, 0))
+ if (snat_static_mapping_match (sm, key0, &sm0, 1, 0, 0, 0, 0, 0))
{
b0->error = node->errors[SNAT_OUT2IN_ERROR_NO_TRANSLATION];
goto trace00;