summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rwxr-xr-xsrc/plugins/nat/in2out.c65
-rwxr-xr-xsrc/plugins/nat/out2in.c58
-rw-r--r--test/test_nat.py44
3 files changed, 6 insertions, 161 deletions
diff --git a/src/plugins/nat/in2out.c b/src/plugins/nat/in2out.c
index 134d652feb0..fae930b607f 100755
--- a/src/plugins/nat/in2out.c
+++ b/src/plugins/nat/in2out.c
@@ -464,47 +464,6 @@ icmp_get_ed_key(ip4_header_t *ip0, nat_ed_ses_key_t *p_key0)
return 0;
}
-static inline int
-nat_not_translate_output_feature_fwd (snat_main_t * sm, ip4_header_t * ip)
-{
- nat_ed_ses_key_t key;
- clib_bihash_kv_16_8_t kv, value;
- udp_header_t *udp;
-
- if (!sm->forwarding_enabled)
- return 0;
-
- if (ip->protocol == IP_PROTOCOL_ICMP)
- {
- if (icmp_get_ed_key (ip, &key))
- return 0;
- }
- else if (ip->protocol == IP_PROTOCOL_UDP || ip->protocol == IP_PROTOCOL_TCP)
- {
- udp = ip4_next_header(ip);
- key.l_addr = ip->src_address;
- key.r_addr = ip->dst_address;
- key.proto = ip->protocol;
- key.r_port = udp->dst_port;
- key.l_port = udp->src_port;
- }
- else
- {
- key.l_addr = ip->src_address;
- key.r_addr = ip->dst_address;
- key.proto = ip->protocol;
- key.l_port = key.r_port = 0;
- }
- key.fib_index = 0;
- kv.key[0] = key.as_u64[0];
- kv.key[1] = key.as_u64[1];
-
- if (!clib_bihash_search_16_8 (&sm->in2out_ed, &kv, &value))
- return value.value == ~0ULL;
-
- return 0;
-}
-
/**
* Get address and port values to be used for ICMP packet translation
* and create session if needed
@@ -1324,8 +1283,6 @@ snat_in2out_lb (snat_main_t *sm,
if (!clib_bihash_search_16_8 (&sm->in2out_ed, &s_kv, &s_value))
{
- if (s_value.value == ~0ULL)
- return 0;
s = pool_elt_at_index (tsm->sessions, s_value.value);
}
else
@@ -1560,12 +1517,6 @@ snat_in2out_node_fn_inline (vlib_main_t * vm,
}
else
{
- if (is_output_feature)
- {
- if (PREDICT_FALSE(nat_not_translate_output_feature_fwd(sm, ip0)))
- goto trace00;
- }
-
if (PREDICT_FALSE (proto0 == ~0 || proto0 == SNAT_PROTOCOL_ICMP))
{
next0 = SNAT_IN2OUT_NEXT_SLOW_PATH;
@@ -1752,12 +1703,6 @@ snat_in2out_node_fn_inline (vlib_main_t * vm,
}
else
{
- if (is_output_feature)
- {
- if (PREDICT_FALSE(nat_not_translate_output_feature_fwd(sm, ip1)))
- goto trace01;
- }
-
if (PREDICT_FALSE (proto1 == ~0 || proto1 == SNAT_PROTOCOL_ICMP))
{
next1 = SNAT_IN2OUT_NEXT_SLOW_PATH;
@@ -1771,6 +1716,8 @@ snat_in2out_node_fn_inline (vlib_main_t * vm,
}
}
+ b1->flags |= VNET_BUFFER_F_IS_NATED;
+
key1.addr = ip1->src_address;
key1.port = udp1->src_port;
key1.protocol = proto1;
@@ -1833,8 +1780,6 @@ snat_in2out_node_fn_inline (vlib_main_t * vm,
}
}
- b1->flags |= VNET_BUFFER_F_IS_NATED;
-
old_addr1 = ip1->src_address.as_u32;
ip1->src_address = s1->out2in.addr;
new_addr1 = ip1->src_address.as_u32;
@@ -1980,12 +1925,6 @@ snat_in2out_node_fn_inline (vlib_main_t * vm,
}
else
{
- if (is_output_feature)
- {
- if (PREDICT_FALSE(nat_not_translate_output_feature_fwd(sm, ip0)))
- goto trace0;
- }
-
if (PREDICT_FALSE (proto0 == ~0 || proto0 == SNAT_PROTOCOL_ICMP))
{
next0 = SNAT_IN2OUT_NEXT_SLOW_PATH;
diff --git a/src/plugins/nat/out2in.c b/src/plugins/nat/out2in.c
index e6854e55440..97cd2903a9d 100755
--- a/src/plugins/nat/out2in.c
+++ b/src/plugins/nat/out2in.c
@@ -311,43 +311,6 @@ icmp_get_ed_key(ip4_header_t *ip0, nat_ed_ses_key_t *p_key0)
return 0;
}
-static void
-create_bypass_for_fwd(snat_main_t * sm, ip4_header_t * ip)
-{
- nat_ed_ses_key_t key;
- clib_bihash_kv_16_8_t kv;
- udp_header_t *udp;
-
- if (ip->protocol == IP_PROTOCOL_ICMP)
- {
- if (icmp_get_ed_key (ip, &key))
- return;
- }
- else if (ip->protocol == IP_PROTOCOL_UDP || ip->protocol == IP_PROTOCOL_TCP)
- {
- udp = ip4_next_header(ip);
- key.r_addr = ip->src_address;
- key.l_addr = ip->dst_address;
- key.proto = ip->protocol;
- key.l_port = udp->dst_port;
- key.r_port = udp->src_port;
- }
- else
- {
- key.r_addr = ip->src_address;
- key.l_addr = ip->dst_address;
- key.proto = ip->protocol;
- key.l_port = key.r_port = 0;
- }
- key.fib_index = 0;
- kv.key[0] = key.as_u64[0];
- kv.key[1] = key.as_u64[1];
- kv.value = ~0ULL;
-
- if (clib_bihash_add_del_16_8 (&sm->in2out_ed, &kv, 1))
- clib_warning ("in2out_ed key add failed");
-}
-
/**
* Get address and port values to be used for ICMP packet translation
* and create session if needed
@@ -419,7 +382,6 @@ u32 icmp_match_out2in_slow(snat_main_t *sm, vlib_node_runtime_t *node,
}
else
{
- create_bypass_for_fwd(sm, ip0);
dont_translate = 1;
goto out;
}
@@ -1151,10 +1113,7 @@ snat_out2in_node_fn (vlib_main_t * vm,
goto trace0;
}
else
- {
- create_bypass_for_fwd(sm, ip0);
- goto trace0;
- }
+ goto trace0;
}
/* Create session initiated by host from external network */
@@ -1318,10 +1277,7 @@ snat_out2in_node_fn (vlib_main_t * vm,
goto trace1;
}
else
- {
- create_bypass_for_fwd(sm, ip1);
- goto trace1;
- }
+ goto trace1;
}
/* Create session initiated by host from external network */
@@ -1521,10 +1477,7 @@ snat_out2in_node_fn (vlib_main_t * vm,
goto trace00;
}
else
- {
- create_bypass_for_fwd(sm, ip0);
- goto trace00;
- }
+ goto trace00;
}
/* Create session initiated by host from external network */
@@ -1764,10 +1717,7 @@ nat44_out2in_reass_node_fn (vlib_main_t * vm,
goto trace0;
}
else
- {
- create_bypass_for_fwd(sm, ip0);
- goto trace0;
- }
+ goto trace0;
}
/* Create session initiated by host from external network */
diff --git a/test/test_nat.py b/test/test_nat.py
index f039faf84fe..c89180609fe 100644
--- a/test/test_nat.py
+++ b/test/test_nat.py
@@ -2697,50 +2697,6 @@ class TestNAT44(MethodHolder):
self.logger.error(ppp("Unexpected or invalid packet:"), p)
raise
- def test_output_feature_and_service2(self):
- """ NAT44 interface output feature and service host direct access """
- self.vapi.nat44_forwarding_enable_disable(1)
- self.nat44_add_address(self.nat_addr)
- self.vapi.nat44_interface_add_del_output_feature(self.pg1.sw_if_index,
- is_inside=0)
-
- # session initiaded from service host - translate
- pkts = self.create_stream_in(self.pg0, self.pg1)
- self.pg0.add_stream(pkts)
- self.pg_enable_capture(self.pg_interfaces)
- self.pg_start()
- capture = self.pg1.get_capture(len(pkts))
- self.verify_capture_out(capture)
-
- pkts = self.create_stream_out(self.pg1)
- self.pg1.add_stream(pkts)
- self.pg_enable_capture(self.pg_interfaces)
- self.pg_start()
- capture = self.pg0.get_capture(len(pkts))
- self.verify_capture_in(capture, self.pg0)
-
- tcp_port_out = self.tcp_port_out
- udp_port_out = self.udp_port_out
- icmp_id_out = self.icmp_id_out
-
- # session initiaded from remote host - do not translate
- pkts = self.create_stream_out(self.pg1,
- self.pg0.remote_ip4,
- use_inside_ports=True)
- self.pg1.add_stream(pkts)
- self.pg_enable_capture(self.pg_interfaces)
- self.pg_start()
- capture = self.pg0.get_capture(len(pkts))
- self.verify_capture_in(capture, self.pg0)
-
- pkts = self.create_stream_in(self.pg0, self.pg1)
- self.pg0.add_stream(pkts)
- self.pg_enable_capture(self.pg_interfaces)
- self.pg_start()
- capture = self.pg1.get_capture(len(pkts))
- self.verify_capture_out(capture, nat_ip=self.pg0.remote_ip4,
- same_port=True)
-
def test_one_armed_nat44(self):
""" One armed NAT44 """
remote_host = self.pg9.remote_hosts[0]