summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rwxr-xr-xsrc/plugins/nat/in2out.c20
-rwxr-xr-xsrc/plugins/nat/nat.c16
-rw-r--r--src/plugins/nat/nat.h3
-rwxr-xr-xsrc/plugins/nat/out2in.c21
4 files changed, 36 insertions, 24 deletions
diff --git a/src/plugins/nat/in2out.c b/src/plugins/nat/in2out.c
index c23d372f7ed..996c626d46c 100755
--- a/src/plugins/nat/in2out.c
+++ b/src/plugins/nat/in2out.c
@@ -239,7 +239,7 @@ snat_not_translate (snat_main_t * sm, vlib_node_runtime_t *node,
&value0))
{
/* or is static mappings */
- if (!snat_static_mapping_match(sm, key0, &sm0, 1, 0, 0))
+ if (!snat_static_mapping_match(sm, key0, &sm0, 1, 0, 0, 0))
return 0;
}
else
@@ -338,7 +338,7 @@ static u32 slow_path (snat_main_t *sm, vlib_buffer_t *b0,
}
/* First try to match static mapping by local address and port */
- if (snat_static_mapping_match (sm, *key0, &key1, 0, 0, 0))
+ if (snat_static_mapping_match (sm, *key0, &key1, 0, 0, 0, 0))
{
/* Try to create dynamic translation */
if (snat_alloc_outside_address_and_port (sm->addresses, rx_fib_index0,
@@ -703,7 +703,7 @@ u32 icmp_match_in2out_fast(snat_main_t *sm, vlib_node_runtime_t *node,
}
key0.fib_index = rx_fib_index0;
- if (snat_static_mapping_match(sm, key0, &sm0, 0, &is_addr_only, 0))
+ if (snat_static_mapping_match(sm, key0, &sm0, 0, &is_addr_only, 0, 0))
{
if (PREDICT_FALSE(snat_not_translate_fast(sm, node, sw_if_index0, ip0,
IP_PROTOCOL_ICMP, rx_fib_index0)))
@@ -902,7 +902,7 @@ snat_hairpinning (snat_main_t *sm,
kv0.key = key0.as_u64;
/* Check if destination is static mappings */
- if (!snat_static_mapping_match(sm, key0, &sm0, 1, 0, 0))
+ if (!snat_static_mapping_match(sm, key0, &sm0, 1, 0, 0, 0))
{
new_dst_addr0 = sm0.addr.as_u32;
new_dst_port0 = sm0.port;
@@ -1003,7 +1003,7 @@ snat_icmp_hairpinning (snat_main_t *sm,
&value0))
{
/* or static mappings */
- if (!snat_static_mapping_match(sm, key0, &sm0, 1, 0, 0))
+ if (!snat_static_mapping_match(sm, key0, &sm0, 1, 0, 0, 0))
{
new_dst_addr0 = sm0.addr.as_u32;
vnet_buffer(b0)->sw_if_index[VLIB_TX] = sm0.fib_index;
@@ -1333,6 +1333,7 @@ snat_in2out_lb (snat_main_t *sm,
u32 proto = ip_proto_to_snat_proto (ip->protocol);
snat_session_key_t e_key, l_key;
snat_user_t *u;
+ u8 lb;
old_addr = ip->src_address.as_u32;
@@ -1364,7 +1365,7 @@ snat_in2out_lb (snat_main_t *sm,
l_key.port = udp->src_port;
l_key.protocol = proto;
l_key.fib_index = rx_fib_index;
- if (snat_static_mapping_match(sm, l_key, &e_key, 0, 0, 0))
+ if (snat_static_mapping_match(sm, l_key, &e_key, 0, 0, 0, &lb))
return 0;
u = nat_user_get_or_create (sm, &ip->src_address, rx_fib_index,
@@ -1384,7 +1385,8 @@ snat_in2out_lb (snat_main_t *sm,
s->ext_host_addr.as_u32 = ip->dst_address.as_u32;
s->flags |= SNAT_SESSION_FLAG_STATIC_MAPPING;
- s->flags |= SNAT_SESSION_FLAG_LOAD_BALANCING;
+ if (lb)
+ s->flags |= SNAT_SESSION_FLAG_LOAD_BALANCING;
s->outside_address_index = ~0;
s->in2out = l_key;
s->out2in = e_key;
@@ -2420,7 +2422,7 @@ nat44_reass_hairpinning (snat_main_t *sm,
udp0 = ip4_next_header (ip0);
/* Check if destination is static mappings */
- if (!snat_static_mapping_match(sm, key0, &sm0, 1, 0, 0))
+ if (!snat_static_mapping_match(sm, key0, &sm0, 1, 0, 0, 0))
{
new_dst_addr0 = sm0.addr.as_u32;
new_dst_port0 = sm0.port;
@@ -4029,7 +4031,7 @@ snat_in2out_fast_static_map_fn (vlib_main_t * vm,
key0.port = udp0->src_port;
key0.fib_index = rx_fib_index0;
- if (snat_static_mapping_match(sm, key0, &sm0, 0, 0, 0))
+ if (snat_static_mapping_match(sm, key0, &sm0, 0, 0, 0, 0))
{
b0->error = node->errors[SNAT_IN2OUT_ERROR_NO_TRANSLATION];
next0= SNAT_IN2OUT_NEXT_DROP;
diff --git a/src/plugins/nat/nat.c b/src/plugins/nat/nat.c
index 48535d9be0a..96a69282077 100755
--- a/src/plugins/nat/nat.c
+++ b/src/plugins/nat/nat.c
@@ -1063,9 +1063,9 @@ int snat_add_static_mapping(ip4_address_t l_addr, ip4_address_t e_addr,
(clib_net_to_host_u16 (s->out2in.port) != e_port))
continue;
}
-
- if (s->flags & SNAT_SESSION_FLAG_LOAD_BALANCING)
- continue;
+
+ if (is_lb_session (s))
+ continue;
nat_free_session_data (sm, s, tsm - sm->per_thread_data);
clib_dlist_remove (tsm->list_pool, s->per_user_index);
@@ -1391,6 +1391,9 @@ int nat44_add_del_lb_static_mapping (ip4_address_t e_addr, u16 e_port,
elt = pool_elt_at_index (tsm->list_pool, elt->next);
ses_index = elt->value;
+ if (!(is_lb_session (s)))
+ continue;
+
if ((s->in2out.addr.as_u32 != local->addr.as_u32) &&
(clib_net_to_host_u16 (s->in2out.port) != local->port))
continue;
@@ -1966,6 +1969,7 @@ void snat_free_outside_address_and_port (snat_address_t * addresses,
* address.
* @param is_addr_only If matched mapping is address only
* @param twice_nat If matched mapping is twice NAT.
+ * @param lb If matched mapping is load-balanced.
*
* @returns 0 if match found otherwise 1.
*/
@@ -1974,7 +1978,8 @@ int snat_static_mapping_match (snat_main_t * sm,
snat_session_key_t * mapping,
u8 by_external,
u8 *is_addr_only,
- u8 *twice_nat)
+ u8 *twice_nat,
+ u8 *lb)
{
clib_bihash_kv_8_8_t kv, value;
snat_static_mapping_t *m;
@@ -2045,6 +2050,9 @@ int snat_static_mapping_match (snat_main_t * sm,
if (PREDICT_FALSE(twice_nat != 0))
*twice_nat = m->twice_nat;
+ if (PREDICT_FALSE(lb != 0))
+ *lb = vec_len (m->locals) > 0;
+
return 0;
}
diff --git a/src/plugins/nat/nat.h b/src/plugins/nat/nat.h
index 15643aaf117..fb4ed98f837 100644
--- a/src/plugins/nat/nat.h
+++ b/src/plugins/nat/nat.h
@@ -421,7 +421,8 @@ int snat_static_mapping_match (snat_main_t * sm,
snat_session_key_t * mapping,
u8 by_external,
u8 *is_addr_only,
- u8 *twice_nat);
+ u8 *twice_nat,
+ u8 *lb);
void snat_add_del_addr_to_fib (ip4_address_t * addr,
u8 p_len,
diff --git a/src/plugins/nat/out2in.c b/src/plugins/nat/out2in.c
index 00f887d9f1b..a626bf5c2a6 100755
--- a/src/plugins/nat/out2in.c
+++ b/src/plugins/nat/out2in.c
@@ -423,7 +423,7 @@ u32 icmp_match_out2in_slow(snat_main_t *sm, vlib_node_runtime_t *node,
{
/* Try to match static mapping by external address and port,
destination address and port in packet */
- if (snat_static_mapping_match(sm, key0, &sm0, 1, &is_addr_only, 0))
+ if (snat_static_mapping_match(sm, key0, &sm0, 1, &is_addr_only, 0, 0))
{
if (!sm->forwarding_enabled)
{
@@ -562,7 +562,7 @@ u32 icmp_match_out2in_fast(snat_main_t *sm, vlib_node_runtime_t *node,
}
key0.fib_index = rx_fib_index0;
- if (snat_static_mapping_match(sm, key0, &sm0, 1, &is_addr_only, 0))
+ if (snat_static_mapping_match(sm, key0, &sm0, 1, &is_addr_only, 0, 0))
{
/* Don't NAT packet aimed at the intfc address */
if (is_interface_addr(sm, node, sw_if_index0, ip0->dst_address.as_u32))
@@ -891,7 +891,7 @@ snat_out2in_lb (snat_main_t *sm,
snat_user_t *u;
u32 address_index;
snat_session_key_t eh_key;
- u8 twice_nat;
+ u8 twice_nat, lb;
old_addr = ip->dst_address.as_u32;
@@ -920,7 +920,7 @@ snat_out2in_lb (snat_main_t *sm,
e_key.port = udp->dst_port;
e_key.protocol = proto;
e_key.fib_index = rx_fib_index;
- if (snat_static_mapping_match(sm, e_key, &l_key, 1, 0, &twice_nat))
+ if (snat_static_mapping_match(sm, e_key, &l_key, 1, 0, &twice_nat, &lb))
return 0;
u = nat_user_get_or_create (sm, &l_key.addr, l_key.fib_index,
@@ -941,7 +941,8 @@ snat_out2in_lb (snat_main_t *sm,
s->ext_host_addr.as_u32 = ip->src_address.as_u32;
s->ext_host_port = udp->src_port;
s->flags |= SNAT_SESSION_FLAG_STATIC_MAPPING;
- s->flags |= SNAT_SESSION_FLAG_LOAD_BALANCING;
+ if (lb)
+ s->flags |= SNAT_SESSION_FLAG_LOAD_BALANCING;
s->outside_address_index = ~0;
s->out2in = e_key;
s->in2out = l_key;
@@ -1164,7 +1165,7 @@ snat_out2in_node_fn (vlib_main_t * vm,
{
/* Try to match static mapping by external address and port,
destination address and port in packet */
- if (snat_static_mapping_match(sm, key0, &sm0, 1, 0, 0))
+ if (snat_static_mapping_match(sm, key0, &sm0, 1, 0, 0, 0))
{
if (!sm->forwarding_enabled)
{
@@ -1340,7 +1341,7 @@ snat_out2in_node_fn (vlib_main_t * vm,
{
/* Try to match static mapping by external address and port,
destination address and port in packet */
- if (snat_static_mapping_match(sm, key1, &sm1, 1, 0, 0))
+ if (snat_static_mapping_match(sm, key1, &sm1, 1, 0, 0, 0))
{
if (!sm->forwarding_enabled)
{
@@ -1552,7 +1553,7 @@ snat_out2in_node_fn (vlib_main_t * vm,
{
/* Try to match static mapping by external address and port,
destination address and port in packet */
- if (snat_static_mapping_match(sm, key0, &sm0, 1, 0, 0))
+ if (snat_static_mapping_match(sm, key0, &sm0, 1, 0, 0, 0))
{
if (!sm->forwarding_enabled)
{
@@ -1805,7 +1806,7 @@ nat44_out2in_reass_node_fn (vlib_main_t * vm,
{
/* Try to match static mapping by external address and port,
destination address and port in packet */
- if (snat_static_mapping_match(sm, key0, &sm0, 1, 0, 0))
+ if (snat_static_mapping_match(sm, key0, &sm0, 1, 0, 0, 0))
{
if (!sm->forwarding_enabled)
{
@@ -2883,7 +2884,7 @@ snat_out2in_fast_node_fn (vlib_main_t * vm,
key0.port = udp0->dst_port;
key0.fib_index = rx_fib_index0;
- if (snat_static_mapping_match(sm, key0, &sm0, 1, 0, 0))
+ if (snat_static_mapping_match(sm, key0, &sm0, 1, 0, 0, 0))
{
b0->error = node->errors[SNAT_OUT2IN_ERROR_NO_TRANSLATION];
goto trace00;