diff options
-rwxr-xr-x | src/plugins/nat/in2out.c | 65 | ||||
-rwxr-xr-x | src/plugins/nat/out2in.c | 58 | ||||
-rw-r--r-- | test/test_nat.py | 44 |
3 files changed, 6 insertions, 161 deletions
diff --git a/src/plugins/nat/in2out.c b/src/plugins/nat/in2out.c index 134d652feb0..fae930b607f 100755 --- a/src/plugins/nat/in2out.c +++ b/src/plugins/nat/in2out.c @@ -464,47 +464,6 @@ icmp_get_ed_key(ip4_header_t *ip0, nat_ed_ses_key_t *p_key0) return 0; } -static inline int -nat_not_translate_output_feature_fwd (snat_main_t * sm, ip4_header_t * ip) -{ - nat_ed_ses_key_t key; - clib_bihash_kv_16_8_t kv, value; - udp_header_t *udp; - - if (!sm->forwarding_enabled) - return 0; - - if (ip->protocol == IP_PROTOCOL_ICMP) - { - if (icmp_get_ed_key (ip, &key)) - return 0; - } - else if (ip->protocol == IP_PROTOCOL_UDP || ip->protocol == IP_PROTOCOL_TCP) - { - udp = ip4_next_header(ip); - key.l_addr = ip->src_address; - key.r_addr = ip->dst_address; - key.proto = ip->protocol; - key.r_port = udp->dst_port; - key.l_port = udp->src_port; - } - else - { - key.l_addr = ip->src_address; - key.r_addr = ip->dst_address; - key.proto = ip->protocol; - key.l_port = key.r_port = 0; - } - key.fib_index = 0; - kv.key[0] = key.as_u64[0]; - kv.key[1] = key.as_u64[1]; - - if (!clib_bihash_search_16_8 (&sm->in2out_ed, &kv, &value)) - return value.value == ~0ULL; - - return 0; -} - /** * Get address and port values to be used for ICMP packet translation * and create session if needed @@ -1324,8 +1283,6 @@ snat_in2out_lb (snat_main_t *sm, if (!clib_bihash_search_16_8 (&sm->in2out_ed, &s_kv, &s_value)) { - if (s_value.value == ~0ULL) - return 0; s = pool_elt_at_index (tsm->sessions, s_value.value); } else @@ -1560,12 +1517,6 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, } else { - if (is_output_feature) - { - if (PREDICT_FALSE(nat_not_translate_output_feature_fwd(sm, ip0))) - goto trace00; - } - if (PREDICT_FALSE (proto0 == ~0 || proto0 == SNAT_PROTOCOL_ICMP)) { next0 = SNAT_IN2OUT_NEXT_SLOW_PATH; @@ -1752,12 +1703,6 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, } else { - if (is_output_feature) - { - if (PREDICT_FALSE(nat_not_translate_output_feature_fwd(sm, ip1))) - goto trace01; - } - if (PREDICT_FALSE (proto1 == ~0 || proto1 == SNAT_PROTOCOL_ICMP)) { next1 = SNAT_IN2OUT_NEXT_SLOW_PATH; @@ -1771,6 +1716,8 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, } } + b1->flags |= VNET_BUFFER_F_IS_NATED; + key1.addr = ip1->src_address; key1.port = udp1->src_port; key1.protocol = proto1; @@ -1833,8 +1780,6 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, } } - b1->flags |= VNET_BUFFER_F_IS_NATED; - old_addr1 = ip1->src_address.as_u32; ip1->src_address = s1->out2in.addr; new_addr1 = ip1->src_address.as_u32; @@ -1980,12 +1925,6 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, } else { - if (is_output_feature) - { - if (PREDICT_FALSE(nat_not_translate_output_feature_fwd(sm, ip0))) - goto trace0; - } - if (PREDICT_FALSE (proto0 == ~0 || proto0 == SNAT_PROTOCOL_ICMP)) { next0 = SNAT_IN2OUT_NEXT_SLOW_PATH; diff --git a/src/plugins/nat/out2in.c b/src/plugins/nat/out2in.c index e6854e55440..97cd2903a9d 100755 --- a/src/plugins/nat/out2in.c +++ b/src/plugins/nat/out2in.c @@ -311,43 +311,6 @@ icmp_get_ed_key(ip4_header_t *ip0, nat_ed_ses_key_t *p_key0) return 0; } -static void -create_bypass_for_fwd(snat_main_t * sm, ip4_header_t * ip) -{ - nat_ed_ses_key_t key; - clib_bihash_kv_16_8_t kv; - udp_header_t *udp; - - if (ip->protocol == IP_PROTOCOL_ICMP) - { - if (icmp_get_ed_key (ip, &key)) - return; - } - else if (ip->protocol == IP_PROTOCOL_UDP || ip->protocol == IP_PROTOCOL_TCP) - { - udp = ip4_next_header(ip); - key.r_addr = ip->src_address; - key.l_addr = ip->dst_address; - key.proto = ip->protocol; - key.l_port = udp->dst_port; - key.r_port = udp->src_port; - } - else - { - key.r_addr = ip->src_address; - key.l_addr = ip->dst_address; - key.proto = ip->protocol; - key.l_port = key.r_port = 0; - } - key.fib_index = 0; - kv.key[0] = key.as_u64[0]; - kv.key[1] = key.as_u64[1]; - kv.value = ~0ULL; - - if (clib_bihash_add_del_16_8 (&sm->in2out_ed, &kv, 1)) - clib_warning ("in2out_ed key add failed"); -} - /** * Get address and port values to be used for ICMP packet translation * and create session if needed @@ -419,7 +382,6 @@ u32 icmp_match_out2in_slow(snat_main_t *sm, vlib_node_runtime_t *node, } else { - create_bypass_for_fwd(sm, ip0); dont_translate = 1; goto out; } @@ -1151,10 +1113,7 @@ snat_out2in_node_fn (vlib_main_t * vm, goto trace0; } else - { - create_bypass_for_fwd(sm, ip0); - goto trace0; - } + goto trace0; } /* Create session initiated by host from external network */ @@ -1318,10 +1277,7 @@ snat_out2in_node_fn (vlib_main_t * vm, goto trace1; } else - { - create_bypass_for_fwd(sm, ip1); - goto trace1; - } + goto trace1; } /* Create session initiated by host from external network */ @@ -1521,10 +1477,7 @@ snat_out2in_node_fn (vlib_main_t * vm, goto trace00; } else - { - create_bypass_for_fwd(sm, ip0); - goto trace00; - } + goto trace00; } /* Create session initiated by host from external network */ @@ -1764,10 +1717,7 @@ nat44_out2in_reass_node_fn (vlib_main_t * vm, goto trace0; } else - { - create_bypass_for_fwd(sm, ip0); - goto trace0; - } + goto trace0; } /* Create session initiated by host from external network */ diff --git a/test/test_nat.py b/test/test_nat.py index f039faf84fe..c89180609fe 100644 --- a/test/test_nat.py +++ b/test/test_nat.py @@ -2697,50 +2697,6 @@ class TestNAT44(MethodHolder): self.logger.error(ppp("Unexpected or invalid packet:"), p) raise - def test_output_feature_and_service2(self): - """ NAT44 interface output feature and service host direct access """ - self.vapi.nat44_forwarding_enable_disable(1) - self.nat44_add_address(self.nat_addr) - self.vapi.nat44_interface_add_del_output_feature(self.pg1.sw_if_index, - is_inside=0) - - # session initiaded from service host - translate - pkts = self.create_stream_in(self.pg0, self.pg1) - self.pg0.add_stream(pkts) - self.pg_enable_capture(self.pg_interfaces) - self.pg_start() - capture = self.pg1.get_capture(len(pkts)) - self.verify_capture_out(capture) - - pkts = self.create_stream_out(self.pg1) - self.pg1.add_stream(pkts) - self.pg_enable_capture(self.pg_interfaces) - self.pg_start() - capture = self.pg0.get_capture(len(pkts)) - self.verify_capture_in(capture, self.pg0) - - tcp_port_out = self.tcp_port_out - udp_port_out = self.udp_port_out - icmp_id_out = self.icmp_id_out - - # session initiaded from remote host - do not translate - pkts = self.create_stream_out(self.pg1, - self.pg0.remote_ip4, - use_inside_ports=True) - self.pg1.add_stream(pkts) - self.pg_enable_capture(self.pg_interfaces) - self.pg_start() - capture = self.pg0.get_capture(len(pkts)) - self.verify_capture_in(capture, self.pg0) - - pkts = self.create_stream_in(self.pg0, self.pg1) - self.pg0.add_stream(pkts) - self.pg_enable_capture(self.pg_interfaces) - self.pg_start() - capture = self.pg1.get_capture(len(pkts)) - self.verify_capture_out(capture, nat_ip=self.pg0.remote_ip4, - same_port=True) - def test_one_armed_nat44(self): """ One armed NAT44 """ remote_host = self.pg9.remote_hosts[0] |