diff options
-rwxr-xr-x | src/plugins/nat/in2out.c | 20 | ||||
-rwxr-xr-x | src/plugins/nat/nat.c | 16 | ||||
-rw-r--r-- | src/plugins/nat/nat.h | 3 | ||||
-rwxr-xr-x | src/plugins/nat/out2in.c | 21 |
4 files changed, 36 insertions, 24 deletions
diff --git a/src/plugins/nat/in2out.c b/src/plugins/nat/in2out.c index c23d372f7ed..996c626d46c 100755 --- a/src/plugins/nat/in2out.c +++ b/src/plugins/nat/in2out.c @@ -239,7 +239,7 @@ snat_not_translate (snat_main_t * sm, vlib_node_runtime_t *node, &value0)) { /* or is static mappings */ - if (!snat_static_mapping_match(sm, key0, &sm0, 1, 0, 0)) + if (!snat_static_mapping_match(sm, key0, &sm0, 1, 0, 0, 0)) return 0; } else @@ -338,7 +338,7 @@ static u32 slow_path (snat_main_t *sm, vlib_buffer_t *b0, } /* First try to match static mapping by local address and port */ - if (snat_static_mapping_match (sm, *key0, &key1, 0, 0, 0)) + if (snat_static_mapping_match (sm, *key0, &key1, 0, 0, 0, 0)) { /* Try to create dynamic translation */ if (snat_alloc_outside_address_and_port (sm->addresses, rx_fib_index0, @@ -703,7 +703,7 @@ u32 icmp_match_in2out_fast(snat_main_t *sm, vlib_node_runtime_t *node, } key0.fib_index = rx_fib_index0; - if (snat_static_mapping_match(sm, key0, &sm0, 0, &is_addr_only, 0)) + if (snat_static_mapping_match(sm, key0, &sm0, 0, &is_addr_only, 0, 0)) { if (PREDICT_FALSE(snat_not_translate_fast(sm, node, sw_if_index0, ip0, IP_PROTOCOL_ICMP, rx_fib_index0))) @@ -902,7 +902,7 @@ snat_hairpinning (snat_main_t *sm, kv0.key = key0.as_u64; /* Check if destination is static mappings */ - if (!snat_static_mapping_match(sm, key0, &sm0, 1, 0, 0)) + if (!snat_static_mapping_match(sm, key0, &sm0, 1, 0, 0, 0)) { new_dst_addr0 = sm0.addr.as_u32; new_dst_port0 = sm0.port; @@ -1003,7 +1003,7 @@ snat_icmp_hairpinning (snat_main_t *sm, &value0)) { /* or static mappings */ - if (!snat_static_mapping_match(sm, key0, &sm0, 1, 0, 0)) + if (!snat_static_mapping_match(sm, key0, &sm0, 1, 0, 0, 0)) { new_dst_addr0 = sm0.addr.as_u32; vnet_buffer(b0)->sw_if_index[VLIB_TX] = sm0.fib_index; @@ -1333,6 +1333,7 @@ snat_in2out_lb (snat_main_t *sm, u32 proto = ip_proto_to_snat_proto (ip->protocol); snat_session_key_t e_key, l_key; snat_user_t *u; + u8 lb; old_addr = ip->src_address.as_u32; @@ -1364,7 +1365,7 @@ snat_in2out_lb (snat_main_t *sm, l_key.port = udp->src_port; l_key.protocol = proto; l_key.fib_index = rx_fib_index; - if (snat_static_mapping_match(sm, l_key, &e_key, 0, 0, 0)) + if (snat_static_mapping_match(sm, l_key, &e_key, 0, 0, 0, &lb)) return 0; u = nat_user_get_or_create (sm, &ip->src_address, rx_fib_index, @@ -1384,7 +1385,8 @@ snat_in2out_lb (snat_main_t *sm, s->ext_host_addr.as_u32 = ip->dst_address.as_u32; s->flags |= SNAT_SESSION_FLAG_STATIC_MAPPING; - s->flags |= SNAT_SESSION_FLAG_LOAD_BALANCING; + if (lb) + s->flags |= SNAT_SESSION_FLAG_LOAD_BALANCING; s->outside_address_index = ~0; s->in2out = l_key; s->out2in = e_key; @@ -2420,7 +2422,7 @@ nat44_reass_hairpinning (snat_main_t *sm, udp0 = ip4_next_header (ip0); /* Check if destination is static mappings */ - if (!snat_static_mapping_match(sm, key0, &sm0, 1, 0, 0)) + if (!snat_static_mapping_match(sm, key0, &sm0, 1, 0, 0, 0)) { new_dst_addr0 = sm0.addr.as_u32; new_dst_port0 = sm0.port; @@ -4029,7 +4031,7 @@ snat_in2out_fast_static_map_fn (vlib_main_t * vm, key0.port = udp0->src_port; key0.fib_index = rx_fib_index0; - if (snat_static_mapping_match(sm, key0, &sm0, 0, 0, 0)) + if (snat_static_mapping_match(sm, key0, &sm0, 0, 0, 0, 0)) { b0->error = node->errors[SNAT_IN2OUT_ERROR_NO_TRANSLATION]; next0= SNAT_IN2OUT_NEXT_DROP; diff --git a/src/plugins/nat/nat.c b/src/plugins/nat/nat.c index 48535d9be0a..96a69282077 100755 --- a/src/plugins/nat/nat.c +++ b/src/plugins/nat/nat.c @@ -1063,9 +1063,9 @@ int snat_add_static_mapping(ip4_address_t l_addr, ip4_address_t e_addr, (clib_net_to_host_u16 (s->out2in.port) != e_port)) continue; } - - if (s->flags & SNAT_SESSION_FLAG_LOAD_BALANCING) - continue; + + if (is_lb_session (s)) + continue; nat_free_session_data (sm, s, tsm - sm->per_thread_data); clib_dlist_remove (tsm->list_pool, s->per_user_index); @@ -1391,6 +1391,9 @@ int nat44_add_del_lb_static_mapping (ip4_address_t e_addr, u16 e_port, elt = pool_elt_at_index (tsm->list_pool, elt->next); ses_index = elt->value; + if (!(is_lb_session (s))) + continue; + if ((s->in2out.addr.as_u32 != local->addr.as_u32) && (clib_net_to_host_u16 (s->in2out.port) != local->port)) continue; @@ -1966,6 +1969,7 @@ void snat_free_outside_address_and_port (snat_address_t * addresses, * address. * @param is_addr_only If matched mapping is address only * @param twice_nat If matched mapping is twice NAT. + * @param lb If matched mapping is load-balanced. * * @returns 0 if match found otherwise 1. */ @@ -1974,7 +1978,8 @@ int snat_static_mapping_match (snat_main_t * sm, snat_session_key_t * mapping, u8 by_external, u8 *is_addr_only, - u8 *twice_nat) + u8 *twice_nat, + u8 *lb) { clib_bihash_kv_8_8_t kv, value; snat_static_mapping_t *m; @@ -2045,6 +2050,9 @@ int snat_static_mapping_match (snat_main_t * sm, if (PREDICT_FALSE(twice_nat != 0)) *twice_nat = m->twice_nat; + if (PREDICT_FALSE(lb != 0)) + *lb = vec_len (m->locals) > 0; + return 0; } diff --git a/src/plugins/nat/nat.h b/src/plugins/nat/nat.h index 15643aaf117..fb4ed98f837 100644 --- a/src/plugins/nat/nat.h +++ b/src/plugins/nat/nat.h @@ -421,7 +421,8 @@ int snat_static_mapping_match (snat_main_t * sm, snat_session_key_t * mapping, u8 by_external, u8 *is_addr_only, - u8 *twice_nat); + u8 *twice_nat, + u8 *lb); void snat_add_del_addr_to_fib (ip4_address_t * addr, u8 p_len, diff --git a/src/plugins/nat/out2in.c b/src/plugins/nat/out2in.c index 00f887d9f1b..a626bf5c2a6 100755 --- a/src/plugins/nat/out2in.c +++ b/src/plugins/nat/out2in.c @@ -423,7 +423,7 @@ u32 icmp_match_out2in_slow(snat_main_t *sm, vlib_node_runtime_t *node, { /* Try to match static mapping by external address and port, destination address and port in packet */ - if (snat_static_mapping_match(sm, key0, &sm0, 1, &is_addr_only, 0)) + if (snat_static_mapping_match(sm, key0, &sm0, 1, &is_addr_only, 0, 0)) { if (!sm->forwarding_enabled) { @@ -562,7 +562,7 @@ u32 icmp_match_out2in_fast(snat_main_t *sm, vlib_node_runtime_t *node, } key0.fib_index = rx_fib_index0; - if (snat_static_mapping_match(sm, key0, &sm0, 1, &is_addr_only, 0)) + if (snat_static_mapping_match(sm, key0, &sm0, 1, &is_addr_only, 0, 0)) { /* Don't NAT packet aimed at the intfc address */ if (is_interface_addr(sm, node, sw_if_index0, ip0->dst_address.as_u32)) @@ -891,7 +891,7 @@ snat_out2in_lb (snat_main_t *sm, snat_user_t *u; u32 address_index; snat_session_key_t eh_key; - u8 twice_nat; + u8 twice_nat, lb; old_addr = ip->dst_address.as_u32; @@ -920,7 +920,7 @@ snat_out2in_lb (snat_main_t *sm, e_key.port = udp->dst_port; e_key.protocol = proto; e_key.fib_index = rx_fib_index; - if (snat_static_mapping_match(sm, e_key, &l_key, 1, 0, &twice_nat)) + if (snat_static_mapping_match(sm, e_key, &l_key, 1, 0, &twice_nat, &lb)) return 0; u = nat_user_get_or_create (sm, &l_key.addr, l_key.fib_index, @@ -941,7 +941,8 @@ snat_out2in_lb (snat_main_t *sm, s->ext_host_addr.as_u32 = ip->src_address.as_u32; s->ext_host_port = udp->src_port; s->flags |= SNAT_SESSION_FLAG_STATIC_MAPPING; - s->flags |= SNAT_SESSION_FLAG_LOAD_BALANCING; + if (lb) + s->flags |= SNAT_SESSION_FLAG_LOAD_BALANCING; s->outside_address_index = ~0; s->out2in = e_key; s->in2out = l_key; @@ -1164,7 +1165,7 @@ snat_out2in_node_fn (vlib_main_t * vm, { /* Try to match static mapping by external address and port, destination address and port in packet */ - if (snat_static_mapping_match(sm, key0, &sm0, 1, 0, 0)) + if (snat_static_mapping_match(sm, key0, &sm0, 1, 0, 0, 0)) { if (!sm->forwarding_enabled) { @@ -1340,7 +1341,7 @@ snat_out2in_node_fn (vlib_main_t * vm, { /* Try to match static mapping by external address and port, destination address and port in packet */ - if (snat_static_mapping_match(sm, key1, &sm1, 1, 0, 0)) + if (snat_static_mapping_match(sm, key1, &sm1, 1, 0, 0, 0)) { if (!sm->forwarding_enabled) { @@ -1552,7 +1553,7 @@ snat_out2in_node_fn (vlib_main_t * vm, { /* Try to match static mapping by external address and port, destination address and port in packet */ - if (snat_static_mapping_match(sm, key0, &sm0, 1, 0, 0)) + if (snat_static_mapping_match(sm, key0, &sm0, 1, 0, 0, 0)) { if (!sm->forwarding_enabled) { @@ -1805,7 +1806,7 @@ nat44_out2in_reass_node_fn (vlib_main_t * vm, { /* Try to match static mapping by external address and port, destination address and port in packet */ - if (snat_static_mapping_match(sm, key0, &sm0, 1, 0, 0)) + if (snat_static_mapping_match(sm, key0, &sm0, 1, 0, 0, 0)) { if (!sm->forwarding_enabled) { @@ -2883,7 +2884,7 @@ snat_out2in_fast_node_fn (vlib_main_t * vm, key0.port = udp0->dst_port; key0.fib_index = rx_fib_index0; - if (snat_static_mapping_match(sm, key0, &sm0, 1, 0, 0)) + if (snat_static_mapping_match(sm, key0, &sm0, 1, 0, 0, 0)) { b0->error = node->errors[SNAT_OUT2IN_ERROR_NO_TRANSLATION]; goto trace00; |