diff options
author | Vladimir Isaev <visaev@netgate.com> | 2020-08-27 13:34:50 +0300 |
---|---|---|
committer | Andrew Yourtchenko <ayourtch@gmail.com> | 2020-09-16 10:15:24 +0000 |
commit | 95a77a2360c4315ab8a1178202d71d59e3b8c21f (patch) | |
tree | 288aa1ad33a3fe2f974346006126626229250c78 /src | |
parent | 1f18c50174fcc0013e85f7f867e550c1e1871080 (diff) |
nat: Fix next feature for ED with multiple workers
Multiple (> 1) workers leads to handoff node being enabled.
This node pops next feature index to nat.arc_next to make sure
that packet will be pushed to the next feature in the arc.
But node nat44-ed-in2out-output also pops next feature and changes
arc_next. So actual next feature will be skipped in that case.
It leads to all nat44-ed-in2out packets being dropped if we have
multiple workers (handoff node enabled).
To resolve this a new node was added (nat-pre-in2out-output) to fill
arc_next in single worker case and multiple worker case is already
handled by handoff node.
Type: fix
Signed-off-by: Vladimir Isaev <visaev@netgate.com>
Change-Id: I9dfba68f00164d2d5ab867224871811bef4411ed
(cherry picked from commit 8fb4d10dc208fb3f284fe79e838343797cb2d813)
Diffstat (limited to 'src')
-rw-r--r-- | src/plugins/nat/in2out_ed.c | 17 | ||||
-rw-r--r-- | src/plugins/nat/nat.c | 9 | ||||
-rw-r--r-- | src/plugins/nat/nat.h | 1 |
3 files changed, 25 insertions, 2 deletions
diff --git a/src/plugins/nat/in2out_ed.c b/src/plugins/nat/in2out_ed.c index 448e967b8ae..d43caef46d9 100644 --- a/src/plugins/nat/in2out_ed.c +++ b/src/plugins/nat/in2out_ed.c @@ -964,7 +964,6 @@ nat44_ed_in2out_fast_path_node_fn_inline (vlib_main_t * vm, if (is_output_feature) { - vnet_feature_next (&vnet_buffer2 (b0)->nat.arc_next, b0); iph_offset0 = vnet_buffer (b0)->ip.reass.save_rewrite_length; } @@ -1586,6 +1585,13 @@ VLIB_NODE_FN (nat_pre_in2out_node) NAT_NEXT_IN2OUT_ED_FAST_PATH); } +VLIB_NODE_FN (nat_pre_in2out_output_node) + (vlib_main_t * vm, vlib_node_runtime_t * node, vlib_frame_t * frame) +{ + return nat_pre_node_fn_inline (vm, node, frame, + NAT_NEXT_IN2OUT_ED_OUTPUT_FAST_PATH); +} + /* *INDENT-OFF* */ VLIB_REGISTER_NODE (nat_pre_in2out_node) = { .name = "nat-pre-in2out", @@ -1595,6 +1601,15 @@ VLIB_REGISTER_NODE (nat_pre_in2out_node) = { .type = VLIB_NODE_TYPE_INTERNAL, .n_errors = 0, }; + +VLIB_REGISTER_NODE (nat_pre_in2out_output_node) = { + .name = "nat-pre-in2out-output", + .vector_size = sizeof (u32), + .sibling_of = "nat-default", + .format_trace = format_nat_pre_trace, + .type = VLIB_NODE_TYPE_INTERNAL, + .n_errors = 0, +}; /* *INDENT-ON* */ /* diff --git a/src/plugins/nat/nat.c b/src/plugins/nat/nat.c index 61a36ec4e90..15c767c82c3 100644 --- a/src/plugins/nat/nat.c +++ b/src/plugins/nat/nat.c @@ -142,6 +142,12 @@ VNET_FEATURE_INIT (ip4_snat_hairpin_src, static) = { .node_name = "nat44-hairpin-src", .runs_after = VNET_FEATURES ("acl-plugin-out-ip4-fa","ip4-sv-reassembly-output-feature"), }; +VNET_FEATURE_INIT (nat_pre_in2out_output, static) = { + .arc_name = "ip4-output", + .node_name = "nat-pre-in2out-output", + .runs_after = VNET_FEATURES ("ip4-sv-reassembly-output-feature"), + .runs_before = VNET_FEATURES ("acl-plugin-out-ip4-fa"), +}; VNET_FEATURE_INIT (ip4_nat44_ed_in2out_output, static) = { .arc_name = "ip4-output", .node_name = "nat44-ed-in2out-output", @@ -2249,7 +2255,7 @@ feature_set: return rv; vnet_feature_enable_disable ("ip4-unicast", "nat-pre-out2in", sw_if_index, !is_del, 0, 0); - vnet_feature_enable_disable ("ip4-output", "nat44-ed-in2out-output", + vnet_feature_enable_disable ("ip4-output", "nat-pre-in2out-output", sw_if_index, !is_del, 0, 0); } else @@ -4662,6 +4668,7 @@ VLIB_REGISTER_NODE (nat_default_node) = { [NAT_NEXT_ICMP_ERROR] = "ip4-icmp-error", [NAT_NEXT_IN2OUT_ED_FAST_PATH] = "nat44-ed-in2out", [NAT_NEXT_IN2OUT_ED_SLOW_PATH] = "nat44-ed-in2out-slowpath", + [NAT_NEXT_IN2OUT_ED_OUTPUT_FAST_PATH] = "nat44-ed-in2out-output", [NAT_NEXT_IN2OUT_ED_OUTPUT_SLOW_PATH] = "nat44-ed-in2out-output-slowpath", [NAT_NEXT_OUT2IN_ED_FAST_PATH] = "nat44-ed-out2in", [NAT_NEXT_OUT2IN_ED_SLOW_PATH] = "nat44-ed-out2in-slowpath", diff --git a/src/plugins/nat/nat.h b/src/plugins/nat/nat.h index ab699221e69..fc5d32059ed 100644 --- a/src/plugins/nat/nat.h +++ b/src/plugins/nat/nat.h @@ -54,6 +54,7 @@ typedef enum NAT_NEXT_ICMP_ERROR, NAT_NEXT_IN2OUT_ED_FAST_PATH, NAT_NEXT_IN2OUT_ED_SLOW_PATH, + NAT_NEXT_IN2OUT_ED_OUTPUT_FAST_PATH, NAT_NEXT_IN2OUT_ED_OUTPUT_SLOW_PATH, NAT_NEXT_OUT2IN_ED_FAST_PATH, NAT_NEXT_OUT2IN_ED_SLOW_PATH, |