diff options
Diffstat (limited to 'src/plugins/nat/det44')
| -rw-r--r-- | src/plugins/nat/det44/det44.api | 4 | ||||
| -rw-r--r-- | src/plugins/nat/det44/det44.c | 56 | ||||
| -rw-r--r-- | src/plugins/nat/det44/det44.h | 7 | ||||
| -rw-r--r-- | src/plugins/nat/det44/det44_api.c | 16 | ||||
| -rw-r--r-- | src/plugins/nat/det44/det44_cli.c | 2 | ||||
| -rw-r--r-- | src/plugins/nat/det44/det44_in2out.c | 2 | ||||
| -rw-r--r-- | src/plugins/nat/det44/det44_inlines.h | 4 | ||||
| -rw-r--r-- | src/plugins/nat/det44/det44_out2in.c | 5 |
8 files changed, 33 insertions, 63 deletions
diff --git a/src/plugins/nat/det44/det44.api b/src/plugins/nat/det44/det44.api index 7b6aef70883..ddb9c497ea0 100644 --- a/src/plugins/nat/det44/det44.api +++ b/src/plugins/nat/det44/det44.api @@ -39,7 +39,6 @@ autoreply define det44_plugin_enable_disable { u32 inside_vrf; u32 outside_vrf; bool enable; - option status="in_progress"; }; /** \brief Enable/disable DET44 feature on the interface @@ -55,7 +54,6 @@ autoreply define det44_interface_add_del_feature { bool is_add; bool is_inside; vl_api_interface_index_t sw_if_index; - option status="in_progress"; }; /** \brief Dump interfaces with DET44 feature @@ -65,7 +63,6 @@ autoreply define det44_interface_add_del_feature { define det44_interface_dump { u32 client_index; u32 context; - option status="in_progress"; }; /** \brief DET44 interface details response @@ -78,7 +75,6 @@ define det44_interface_details { bool is_inside; bool is_outside; vl_api_interface_index_t sw_if_index; - option status="in_progress"; }; /** \brief Add/delete DET44 mapping diff --git a/src/plugins/nat/det44/det44.c b/src/plugins/nat/det44/det44.c index 1dbbfdfdebe..f251bc9c608 100644 --- a/src/plugins/nat/det44/det44.c +++ b/src/plugins/nat/det44/det44.c @@ -29,7 +29,6 @@ det44_main_t det44_main; -/* *INDENT-OFF* */ VNET_FEATURE_INIT (ip4_det44_in2out, static) = { .arc_name = "ip4-unicast", .node_name = "det44-in2out", @@ -47,7 +46,6 @@ VLIB_PLUGIN_REGISTER () = { .version = VPP_BUILD_VER, .description = "Deterministic NAT (CGN)", }; -/* *INDENT-ON* */ void det44_add_del_addr_to_fib (ip4_address_t * addr, u8 p_len, u32 sw_if_index, @@ -150,14 +148,12 @@ snat_det_add_map (ip4_address_t * in_addr, u8 in_plen, } /* Add/del external address range to FIB */ - /* *INDENT-OFF* */ pool_foreach (i, dm->interfaces) { if (det44_interface_is_inside(i)) continue; det44_add_del_addr_to_fib(out_addr, out_plen, i->sw_if_index, is_add); goto out; } - /* *INDENT-ON* */ out: return 0; } @@ -203,7 +199,6 @@ det44_interface_add_del (u32 sw_if_index, u8 is_inside, int is_del) // rather make a structure and when enable call is used // then register nodes - /* *INDENT-OFF* */ pool_foreach (tmp, dm->interfaces) { if (tmp->sw_if_index == sw_if_index) { @@ -211,7 +206,6 @@ det44_interface_add_del (u32 sw_if_index, u8 is_inside, int is_del) goto out; } } - /* *INDENT-ON* */ out: feature_name = is_inside ? "det44-in2out" : "det44-out2in"; @@ -270,7 +264,6 @@ out: // add/del outside interface fib to registry u8 found = 0; det44_fib_t *outside_fib; - /* *INDENT-OFF* */ vec_foreach (outside_fib, dm->outside_fibs) { if (outside_fib->fib_index == fib_index) @@ -292,7 +285,6 @@ out: break; } } - /* *INDENT-ON* */ if (!is_del && !found) { vec_add2 (dm->outside_fibs, outside_fib, 1); @@ -301,12 +293,10 @@ out: } // add/del outside address to FIB snat_det_map_t *mp; - /* *INDENT-OFF* */ pool_foreach (mp, dm->det_maps) { det44_add_del_addr_to_fib(&mp->out_addr, mp->out_plen, sw_if_index, !is_del); } - /* *INDENT-ON* */ } return 0; } @@ -324,19 +314,29 @@ det44_expire_walk_fn (vlib_main_t * vm, vlib_node_runtime_t * rt, snat_det_session_t *ses; snat_det_map_t *mp; - vlib_process_wait_for_event_or_clock (vm, 10.0); - vlib_process_get_events (vm, NULL); - u32 now = (u32) vlib_time_now (vm); - /* *INDENT-OFF* */ - pool_foreach (mp, dm->det_maps) { - vec_foreach(ses, mp->sessions) - { - /* Delete if session expired */ - if (ses->in_port && (ses->expire < now)) - snat_det_ses_close (mp, ses); - } - } - /* *INDENT-ON* */ + while (1) + { + vlib_process_wait_for_event_or_clock (vm, 10.0); + vlib_process_get_events (vm, NULL); + u32 now = (u32) vlib_time_now (vm); + + if (!plugin_enabled ()) + { + continue; + } + + pool_foreach (mp, dm->det_maps) + { + vec_foreach (ses, mp->sessions) + { + // close expired sessions + if (ses->in_port && (ses->expire < now)) + { + snat_det_ses_close (mp, ses); + } + } + } + } return 0; } @@ -374,10 +374,11 @@ det44_plugin_enable (det44_config_t c) c.inside_vrf_id, dm->fib_src_hi); - det44_create_expire_walk_process (); dm->mss_clamping = 0; dm->config = c; dm->enabled = 1; + + det44_create_expire_walk_process (); return 0; } @@ -395,6 +396,8 @@ det44_plugin_disable () return 1; } + dm->enabled = 0; + // DET44 cleanup (order dependent) // 1) remove interfaces (det44_interface_add_del) removes map ranges from fib // 2) free sessions @@ -428,15 +431,12 @@ det44_plugin_disable () } vec_free (interfaces); - /* *INDENT-OFF* */ pool_foreach (mp, dm->det_maps) { vec_free (mp->sessions); } - /* *INDENT-ON* */ det44_reset_timeouts (); - dm->enabled = 0; pool_free (dm->interfaces); pool_free (dm->det_maps); @@ -467,7 +467,6 @@ det44_update_outside_fib (ip4_main_t * im, if (!vec_len (dm->outside_fibs)) return; - /* *INDENT-OFF* */ pool_foreach (i, dm->interfaces) { if (i->sw_if_index == sw_if_index) @@ -477,7 +476,6 @@ det44_update_outside_fib (ip4_main_t * im, match = 1; } } - /* *INDENT-ON* */ if (!match) return; diff --git a/src/plugins/nat/det44/det44.h b/src/plugins/nat/det44/det44.h index 02b0fa7e81d..e576bfb65e8 100644 --- a/src/plugins/nat/det44/det44.h +++ b/src/plugins/nat/det44/det44.h @@ -40,6 +40,7 @@ #include <nat/lib/lib.h> #include <nat/lib/inlines.h> #include <nat/lib/ipfix_logging.h> +#include <nat/lib/nat_proto.h> /* Session state */ #define foreach_det44_session_state \ @@ -228,7 +229,7 @@ plugin_enabled () extern vlib_node_registration_t det44_in2out_node; extern vlib_node_registration_t det44_out2in_node; -int det44_plugin_enable (); +int det44_plugin_enable (det44_config_t); int det44_plugin_disable (); int det44_interface_add_del (u32 sw_if_index, u8 is_inside, int is_del); @@ -278,13 +279,11 @@ snat_det_map_by_user (ip4_address_t * user_addr) { det44_main_t *dm = &det44_main; snat_det_map_t *mp; - /* *INDENT-OFF* */ pool_foreach (mp, dm->det_maps) { if (is_addr_in_net(user_addr, &mp->in_addr, mp->in_plen)) return mp; } - /* *INDENT-ON* */ return 0; } @@ -293,13 +292,11 @@ snat_det_map_by_out (ip4_address_t * out_addr) { det44_main_t *dm = &det44_main; snat_det_map_t *mp; - /* *INDENT-OFF* */ pool_foreach (mp, dm->det_maps) { if (is_addr_in_net(out_addr, &mp->out_addr, mp->out_plen)) return mp; } - /* *INDENT-ON* */ return 0; } diff --git a/src/plugins/nat/det44/det44_api.c b/src/plugins/nat/det44/det44_api.c index 1486180aa99..c7e17dfd147 100644 --- a/src/plugins/nat/det44/det44_api.c +++ b/src/plugins/nat/det44/det44_api.c @@ -67,14 +67,12 @@ vl_api_det44_forward_t_handler (vl_api_det44_forward_t * mp) hi_port = lo_port + m->ports_per_host - 1; send_reply: - /* *INDENT-OFF* */ REPLY_MACRO2 (VL_API_DET44_FORWARD_REPLY, ({ rmp->out_port_lo = ntohs (lo_port); rmp->out_port_hi = ntohs (hi_port); clib_memcpy (rmp->out_addr, &out_addr, 4); })) - /* *INDENT-ON* */ } static void @@ -98,12 +96,10 @@ vl_api_det44_reverse_t_handler (vl_api_det44_reverse_t * mp) snat_det_reverse (m, &out_addr, htons (mp->out_port), &in_addr); send_reply: - /* *INDENT-OFF* */ REPLY_MACRO2 (VL_API_DET44_REVERSE_REPLY, ({ clib_memcpy (rmp->in_addr, &in_addr, 4); })) - /* *INDENT-ON* */ } static void @@ -139,10 +135,8 @@ vl_api_det44_map_dump_t_handler (vl_api_det44_map_dump_t * mp) if (!reg) return; - /* *INDENT-OFF* */ vec_foreach(m, dm->det_maps) sent_det44_map_details(m, reg, mp->context); - /* *INDENT-ON* */ } static void @@ -328,12 +322,10 @@ vl_api_det44_interface_dump_t_handler (vl_api_det44_interface_dump_t * mp) if (!reg) return; - /* *INDENT-OFF* */ pool_foreach (i, dm->interfaces) { det44_send_interface_details(i, reg, mp->context); } - /* *INDENT-ON* */ } static void @@ -359,7 +351,6 @@ vl_api_det44_get_timeouts_t_handler (vl_api_det44_get_timeouts_t * mp) nat_timeouts_t timeouts; int rv = 0; timeouts = det44_get_timeouts (); - /* *INDENT-OFF* */ REPLY_MACRO2 (VL_API_DET44_GET_TIMEOUTS_REPLY, ({ rmp->udp = htonl (timeouts.udp); @@ -367,7 +358,6 @@ vl_api_det44_get_timeouts_t_handler (vl_api_det44_get_timeouts_t * mp) rmp->tcp_transitory = htonl (timeouts.tcp.transitory); rmp->icmp = htonl (timeouts.icmp); })) - /* *INDENT-ON* */ } /* @@ -412,14 +402,12 @@ vl_api_nat_det_forward_t_handler (vl_api_nat_det_forward_t * mp) hi_port = lo_port + m->ports_per_host - 1; send_reply: - /* *INDENT-OFF* */ REPLY_MACRO2 (VL_API_NAT_DET_FORWARD_REPLY, ({ rmp->out_port_lo = ntohs (lo_port); rmp->out_port_hi = ntohs (hi_port); clib_memcpy (rmp->out_addr, &out_addr, 4); })) - /* *INDENT-ON* */ } static void @@ -443,12 +431,10 @@ vl_api_nat_det_reverse_t_handler (vl_api_nat_det_reverse_t * mp) snat_det_reverse (m, &out_addr, htons (mp->out_port), &in_addr); send_reply: - /* *INDENT-OFF* */ REPLY_MACRO2 (VL_API_NAT_DET_REVERSE_REPLY, ({ clib_memcpy (rmp->in_addr, &in_addr, 4); })) - /* *INDENT-ON* */ } static void @@ -484,10 +470,8 @@ vl_api_nat_det_map_dump_t_handler (vl_api_nat_det_map_dump_t * mp) if (!reg) return; - /* *INDENT-OFF* */ vec_foreach(m, dm->det_maps) sent_nat_det_map_details(m, reg, mp->context); - /* *INDENT-ON* */ } static void diff --git a/src/plugins/nat/det44/det44_cli.c b/src/plugins/nat/det44/det44_cli.c index 5bd81d306f4..5d0ad04363e 100644 --- a/src/plugins/nat/det44/det44_cli.c +++ b/src/plugins/nat/det44/det44_cli.c @@ -512,7 +512,7 @@ VLIB_CLI_COMMAND (det44_map_command, static) = { /*? * @cliexpar - * @cliexpstart{show det44 mappings} + * @cliexstart{show det44 mappings} * Show DET44 mappings * vpp# show det44 mappings * DET44 mappings: diff --git a/src/plugins/nat/det44/det44_in2out.c b/src/plugins/nat/det44/det44_in2out.c index 5fe4a9a0658..3f5e05a064c 100644 --- a/src/plugins/nat/det44/det44_in2out.c +++ b/src/plugins/nat/det44/det44_in2out.c @@ -1011,7 +1011,6 @@ VLIB_NODE_FN (det44_in2out_node) (vlib_main_t * vm, return frame->n_vectors; } -/* *INDENT-OFF* */ VLIB_REGISTER_NODE (det44_in2out_node) = { .name = "det44-in2out", .vector_size = sizeof (u32), @@ -1028,7 +1027,6 @@ VLIB_REGISTER_NODE (det44_in2out_node) = { [DET44_IN2OUT_NEXT_ICMP_ERROR] = "ip4-icmp-error", }, }; -/* *INDENT-ON* */ /* * fd.io coding-style-patch-verification: ON diff --git a/src/plugins/nat/det44/det44_inlines.h b/src/plugins/nat/det44/det44_inlines.h index aeb55b385d3..e5e70bbaebc 100644 --- a/src/plugins/nat/det44/det44_inlines.h +++ b/src/plugins/nat/det44/det44_inlines.h @@ -91,7 +91,6 @@ det44_translate (vlib_node_runtime_t * node, u32 sw_if_index0, if (sw_if_index == ~0) { // TODO: go over use cases - /* *INDENT-OFF* */ vec_foreach (outside_fib, dm->outside_fibs) { fei = fib_table_lookup (outside_fib->fib_index, &pfx); @@ -102,18 +101,15 @@ det44_translate (vlib_node_runtime_t * node, u32 sw_if_index0, break; } } - /* *INDENT-ON* */ } if (sw_if_index != ~0) { det44_interface_t *i; - /* *INDENT-OFF* */ pool_foreach (i, dm->interfaces) { /* NAT packet aimed at outside interface */ if ((det44_interface_is_outside (i)) && (sw_if_index == i->sw_if_index)) return 0; } - /* *INDENT-ON* */ } } return 1; diff --git a/src/plugins/nat/det44/det44_out2in.c b/src/plugins/nat/det44/det44_out2in.c index 111bc61c476..ab6acd4f8e9 100644 --- a/src/plugins/nat/det44/det44_out2in.c +++ b/src/plugins/nat/det44/det44_out2in.c @@ -173,6 +173,9 @@ icmp_match_out2in_det (vlib_node_runtime_t * node, } det44_log_info ("unknown dst address: %U", format_ip4_address, &ip0->dst_address); + b0->error = node->errors[DET44_OUT2IN_ERROR_NO_TRANSLATION]; + next0 = DET44_OUT2IN_NEXT_DROP; + goto out; } @@ -815,7 +818,6 @@ VLIB_NODE_FN (det44_out2in_node) (vlib_main_t * vm, return frame->n_vectors; } -/* *INDENT-OFF* */ VLIB_REGISTER_NODE (det44_out2in_node) = { .name = "det44-out2in", .vector_size = sizeof (u32), @@ -832,7 +834,6 @@ VLIB_REGISTER_NODE (det44_out2in_node) = { [DET44_OUT2IN_NEXT_ICMP_ERROR] = "ip4-icmp-error", }, }; -/* *INDENT-ON* */ /* * fd.io coding-style-patch-verification: ON |