summaryrefslogtreecommitdiffstats
path: root/src/plugins/nat/nat.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/plugins/nat/nat.c')
-rw-r--r--src/plugins/nat/nat.c846
1 files changed, 17 insertions, 829 deletions
diff --git a/src/plugins/nat/nat.c b/src/plugins/nat/nat.c
index eeaa443bfe4..156b6ddf369 100644
--- a/src/plugins/nat/nat.c
+++ b/src/plugins/nat/nat.c
@@ -26,7 +26,6 @@
#include <nat/nat_inlines.h>
#include <nat/nat44/inlines.h>
#include <nat/nat_affinity.h>
-#include <nat/nat_ha.h>
#include <vnet/fib/fib_table.h>
#include <vnet/fib/ip4_fib.h>
#include <vnet/ip/reass/ip4_sv_reass.h>
@@ -34,6 +33,9 @@
#include <nat/nat44/ed_inlines.h>
#include <vnet/ip/ip_table.h>
+#include <nat/nat44-ei/nat44_ei_ha.h>
+#include <nat/nat44-ei/nat44_ei.h>
+
#include <vpp/app/version.h>
snat_main_t snat_main;
@@ -187,14 +189,6 @@ static u32
nat44_ed_get_worker_in2out_cb (ip4_header_t * ip, u32 rx_fib_index,
u8 is_output);
-static u32
-snat_get_worker_out2in_cb (vlib_buffer_t * b, ip4_header_t * ip0,
- u32 rx_fib_index0, u8 is_output);
-
-static u32
-snat_get_worker_in2out_cb (ip4_header_t * ip0, u32 rx_fib_index0,
- u8 is_output);
-
static u32 nat_calc_bihash_buckets (u32 n_elts);
u8 *
@@ -255,124 +249,6 @@ format_ed_session_kvp (u8 * s, va_list * args)
}
void
-nat44_ei_free_session_data (snat_main_t * sm, snat_session_t * s,
- u32 thread_index, u8 is_ha)
-{
- clib_bihash_kv_8_8_t kv;
-
- snat_main_per_thread_data_t *tsm =
- vec_elt_at_index (sm->per_thread_data, thread_index);
-
- init_nat_i2o_k (&kv, s);
- if (clib_bihash_add_del_8_8 (&tsm->in2out, &kv, 0))
- nat_elog_warn ("in2out key del failed");
-
- init_nat_o2i_k (&kv, s);
- if (clib_bihash_add_del_8_8 (&tsm->out2in, &kv, 0))
- nat_elog_warn ("out2in key del failed");
-
- if (!is_ha)
- {
- nat_syslog_nat44_apmdel (s->user_index, s->in2out.fib_index,
- &s->in2out.addr, s->in2out.port,
- &s->out2in.addr, s->out2in.port, s->nat_proto);
-
- nat_ipfix_logging_nat44_ses_delete (thread_index,
- s->in2out.addr.as_u32,
- s->out2in.addr.as_u32,
- s->nat_proto,
- s->in2out.port,
- s->out2in.port,
- s->in2out.fib_index);
-
- nat_ha_sdel (&s->out2in.addr, s->out2in.port, &s->ext_host_addr,
- s->ext_host_port, s->nat_proto, s->out2in.fib_index,
- thread_index);
-
- }
-
- if (snat_is_session_static (s))
- return;
-
- snat_free_outside_address_and_port (sm->addresses, thread_index,
- &s->out2in.addr, s->out2in.port,
- s->nat_proto);
-}
-
-static_always_inline void
-nat44_ei_user_del_sessions (snat_user_t * u, u32 thread_index)
-{
- dlist_elt_t *elt;
- snat_session_t *s;
-
- snat_main_t *sm = &snat_main;
- snat_main_per_thread_data_t *tsm = &sm->per_thread_data[thread_index];
-
- // get head
- elt = pool_elt_at_index (tsm->list_pool,
- u->sessions_per_user_list_head_index);
- // get first element
- elt = pool_elt_at_index (tsm->list_pool, elt->next);
-
- while (elt->value != ~0)
- {
- s = pool_elt_at_index (tsm->sessions, elt->value);
- elt = pool_elt_at_index (tsm->list_pool, elt->next);
-
- nat44_ei_free_session_data (sm, s, thread_index, 0);
- nat44_delete_session (sm, s, thread_index);
- }
-}
-
-int
-nat44_ei_user_del (ip4_address_t * addr, u32 fib_index)
-{
- int rv = 1;
-
- snat_main_t *sm = &snat_main;
- snat_main_per_thread_data_t *tsm;
-
- snat_user_key_t user_key;
- clib_bihash_kv_8_8_t kv, value;
-
- if (sm->endpoint_dependent)
- return rv;
-
- user_key.addr.as_u32 = addr->as_u32;
- user_key.fib_index = fib_index;
- kv.key = user_key.as_u64;
-
- if (sm->num_workers > 1)
- {
- /* *INDENT-OFF* */
- vec_foreach (tsm, sm->per_thread_data)
- {
- if (!clib_bihash_search_8_8 (&tsm->user_hash, &kv, &value))
- {
- nat44_ei_user_del_sessions (
- pool_elt_at_index (tsm->users, value.value),
- tsm->thread_index);
- rv = 0;
- break;
- }
- }
- /* *INDENT-ON* */
- }
- else
- {
- tsm = vec_elt_at_index (sm->per_thread_data, sm->num_workers);
- if (!clib_bihash_search_8_8 (&tsm->user_hash, &kv, &value))
- {
- nat44_ei_user_del_sessions (pool_elt_at_index
- (tsm->users, value.value),
- tsm->thread_index);
- rv = 0;
- }
- }
- return rv;
-}
-
-void
nat_free_session_data (snat_main_t * sm, snat_session_t * s, u32 thread_index,
u8 is_ha)
{
@@ -817,60 +693,6 @@ get_thread_idx_by_port (u16 e_port)
}
void
-nat_ei_static_mapping_del_sessions (snat_main_t * sm,
- snat_main_per_thread_data_t * tsm,
- snat_user_key_t u_key, int addr_only,
- ip4_address_t e_addr, u16 e_port)
-{
- clib_bihash_kv_8_8_t kv, value;
- kv.key = u_key.as_u64;
- u64 user_index;
- dlist_elt_t *head, *elt;
- snat_user_t *u;
- snat_session_t *s;
- u32 elt_index, head_index, ses_index;
-
- if (!clib_bihash_search_8_8 (&tsm->user_hash, &kv, &value))
- {
- user_index = value.value;
- u = pool_elt_at_index (tsm->users, user_index);
- if (u->nstaticsessions)
- {
- head_index = u->sessions_per_user_list_head_index;
- head = pool_elt_at_index (tsm->list_pool, head_index);
- elt_index = head->next;
- elt = pool_elt_at_index (tsm->list_pool, elt_index);
- ses_index = elt->value;
- while (ses_index != ~0)
- {
- s = pool_elt_at_index (tsm->sessions, ses_index);
- elt = pool_elt_at_index (tsm->list_pool, elt->next);
- ses_index = elt->value;
-
- if (!addr_only)
- {
- if ((s->out2in.addr.as_u32 != e_addr.as_u32) ||
- (s->out2in.port != e_port))
- continue;
- }
-
- if (is_lb_session (s))
- continue;
-
- if (!snat_is_session_static (s))
- continue;
-
- nat_free_session_data (sm, s, tsm - sm->per_thread_data, 0);
- nat44_delete_session (sm, s, tsm - sm->per_thread_data);
-
- if (!addr_only)
- break;
- }
- }
- }
-}
-
-void
nat_ed_static_mapping_del_sessions (snat_main_t * sm,
snat_main_per_thread_data_t * tsm,
ip4_address_t l_addr,
@@ -1317,8 +1139,8 @@ snat_add_static_mapping (ip4_address_t l_addr, ip4_address_t e_addr,
u_key.addr = m->local_addr;
u_key.fib_index = fib_index;
kv.key = u_key.as_u64;
- nat_ei_static_mapping_del_sessions (sm, tsm, u_key, addr_only,
- e_addr, e_port);
+ nat44_ei_static_mapping_del_sessions (sm, tsm, u_key, addr_only,
+ e_addr, e_port);
}
}
@@ -2573,12 +2395,6 @@ nat_ip4_add_del_addr_only_sm_cb (ip4_main_t * im,
u32 address_length,
u32 if_address_index, u32 is_delete);
-static int
-nat_alloc_addr_and_port_default (snat_address_t * addresses, u32 fib_index,
- u32 thread_index, nat_protocol_t proto,
- ip4_address_t * addr, u16 * port,
- u16 port_per_thread, u32 snat_thread_index);
-
void
test_key_calc_split ()
{
@@ -2871,10 +2687,6 @@ nat44_plugin_enable (nat44_config_t c)
}
}
- // reset to defaults:
- sm->alloc_addr_and_port = nat_alloc_addr_and_port_default;
- sm->addr_and_port_alloc_alg = NAT_ADDR_AND_PORT_ALLOC_ALG_DEFAULT;
- //
nat_reset_timeouts (&sm->timeouts);
// nat44 feature configuration
@@ -2928,22 +2740,20 @@ nat44_plugin_enable (nat44_config_t c)
clib_bihash_set_kvp_format_fn_16_8 (&sm->out2in_ed,
format_ed_session_kvp);
-
nat_affinity_enable ();
-
- nat_ha_enable (nat_ha_sadd_ed_cb, nat_ha_sdel_ed_cb, nat_ha_sref_ed_cb);
}
else
{
- sm->worker_out2in_cb = snat_get_worker_out2in_cb;
- sm->worker_in2out_cb = snat_get_worker_in2out_cb;
+ sm->worker_out2in_cb = nat44_ei_get_out2in_worker_index;
+ sm->worker_in2out_cb = nat44_ei_get_in2out_worker_index;
+
sm->out2in_node_index = sm->ei_out2in_node_index;
sm->in2out_node_index = sm->ei_in2out_node_index;
sm->in2out_output_node_index = sm->ei_in2out_output_node_index;
sm->icmp_match_out2in_cb = icmp_match_out2in_slow;
sm->icmp_match_in2out_cb = icmp_match_in2out_slow;
- nat_ha_enable (nat_ha_sadd_cb, nat_ha_sdel_cb, nat_ha_sref_cb);
+ nat44_ei_plugin_enable ();
}
// c.static_mapping & c.connection_tracking require
@@ -3018,7 +2828,10 @@ nat44_plugin_disable ()
return 1;
}
- nat_ha_disable ();
+ if (!sm->endpoint_dependent)
+ {
+ nat44_ei_plugin_disable ();
+ }
// first unregister all nodes from interfaces
vec = vec_dup (sm->interfaces);
@@ -3142,10 +2955,10 @@ snat_free_outside_address_and_port (snat_address_t * addresses,
}
}
-static int
-nat_set_outside_address_and_port (snat_address_t * addresses,
- u32 thread_index, ip4_address_t addr,
- u16 port, nat_protocol_t protocol)
+int
+nat_set_outside_address_and_port (snat_address_t *addresses, u32 thread_index,
+ ip4_address_t addr, u16 port,
+ nat_protocol_t protocol)
{
snat_address_t *a = 0;
u32 address_index;
@@ -3339,208 +3152,6 @@ end:
return 0;
}
-int
-snat_alloc_outside_address_and_port (snat_address_t * addresses,
- u32 fib_index,
- u32 thread_index,
- nat_protocol_t proto,
- ip4_address_t * addr,
- u16 * port,
- u16 port_per_thread,
- u32 snat_thread_index)
-{
- snat_main_t *sm = &snat_main;
-
- return sm->alloc_addr_and_port (addresses, fib_index, thread_index, proto,
- addr, port, port_per_thread,
- snat_thread_index);
-}
-
-static int
-nat_alloc_addr_and_port_default (snat_address_t * addresses,
- u32 fib_index,
- u32 thread_index,
- nat_protocol_t proto,
- ip4_address_t * addr,
- u16 * port,
- u16 port_per_thread, u32 snat_thread_index)
-{
- int i;
- snat_address_t *a, *ga = 0;
- u32 portnum;
-
- for (i = 0; i < vec_len (addresses); i++)
- {
- a = addresses + i;
- switch (proto)
- {
-#define _(N, j, n, s) \
- case NAT_PROTOCOL_##N: \
- if (a->busy_##n##_ports_per_thread[thread_index] < port_per_thread) \
- { \
- if (a->fib_index == fib_index) \
- { \
- while (1) \
- { \
- portnum = (port_per_thread * \
- snat_thread_index) + \
- snat_random_port(0, port_per_thread - 1) + 1024; \
- if (a->busy_##n##_port_refcounts[portnum]) \
- continue; \
- --a->busy_##n##_port_refcounts[portnum]; \
- a->busy_##n##_ports_per_thread[thread_index]++; \
- a->busy_##n##_ports++; \
- *addr = a->addr; \
- *port = clib_host_to_net_u16(portnum); \
- return 0; \
- } \
- } \
- else if (a->fib_index == ~0) \
- { \
- ga = a; \
- } \
- } \
- break;
- foreach_nat_protocol
-#undef _
- default:
- nat_elog_info ("unknown protocol");
- return 1;
- }
-
- }
-
- if (ga)
- {
- a = ga;
- switch (proto)
- {
-#define _(N, j, n, s) \
- case NAT_PROTOCOL_##N: \
- while (1) \
- { \
- portnum = (port_per_thread * \
- snat_thread_index) + \
- snat_random_port(0, port_per_thread - 1) + 1024; \
- if (a->busy_##n##_port_refcounts[portnum]) \
- continue; \
- ++a->busy_##n##_port_refcounts[portnum]; \
- a->busy_##n##_ports_per_thread[thread_index]++; \
- a->busy_##n##_ports++; \
- *addr = a->addr; \
- *port = clib_host_to_net_u16(portnum); \
- return 0; \
- }
- break;
- foreach_nat_protocol
-#undef _
- default:
- nat_elog_info ("unknown protocol");
- return 1;
- }
- }
-
- /* Totally out of translations to use... */
- nat_ipfix_logging_addresses_exhausted (thread_index, 0);
- return 1;
-}
-
-static int
-nat_alloc_addr_and_port_mape (snat_address_t * addresses, u32 fib_index,
- u32 thread_index, nat_protocol_t proto,
- ip4_address_t * addr, u16 * port,
- u16 port_per_thread, u32 snat_thread_index)
-{
- snat_main_t *sm = &snat_main;
- snat_address_t *a = addresses;
- u16 m, ports, portnum, A, j;
- m = 16 - (sm->psid_offset + sm->psid_length);
- ports = (1 << (16 - sm->psid_length)) - (1 << m);
-
- if (!vec_len (addresses))
- goto exhausted;
-
- switch (proto)
- {
-#define _(N, i, n, s) \
- case NAT_PROTOCOL_##N: \
- if (a->busy_##n##_ports < ports) \
- { \
- while (1) \
- { \
- A = snat_random_port(1, pow2_mask(sm->psid_offset)); \
- j = snat_random_port(0, pow2_mask(m)); \
- portnum = A | (sm->psid << sm->psid_offset) | (j << (16 - m)); \
- if (a->busy_##n##_port_refcounts[portnum]) \
- continue; \
- ++a->busy_##n##_port_refcounts[portnum]; \
- a->busy_##n##_ports++; \
- *addr = a->addr; \
- *port = clib_host_to_net_u16 (portnum); \
- return 0; \
- } \
- } \
- break;
- foreach_nat_protocol
-#undef _
- default:
- nat_elog_info ("unknown protocol");
- return 1;
- }
-
-exhausted:
- /* Totally out of translations to use... */
- nat_ipfix_logging_addresses_exhausted (thread_index, 0);
- return 1;
-}
-
-static int
-nat_alloc_addr_and_port_range (snat_address_t * addresses, u32 fib_index,
- u32 thread_index, nat_protocol_t proto,
- ip4_address_t * addr, u16 * port,
- u16 port_per_thread, u32 snat_thread_index)
-{
- snat_main_t *sm = &snat_main;
- snat_address_t *a = addresses;
- u16 portnum, ports;
-
- ports = sm->end_port - sm->start_port + 1;
-
- if (!vec_len (addresses))
- goto exhausted;
-
- switch (proto)
- {
-#define _(N, i, n, s) \
- case NAT_PROTOCOL_##N: \
- if (a->busy_##n##_ports < ports) \
- { \
- while (1) \
- { \
- portnum = snat_random_port(sm->start_port, sm->end_port); \
- if (a->busy_##n##_port_refcounts[portnum]) \
- continue; \
- ++a->busy_##n##_port_refcounts[portnum]; \
- a->busy_##n##_ports++; \
- *addr = a->addr; \
- *port = clib_host_to_net_u16 (portnum); \
- return 0; \
- } \
- } \
- break;
- foreach_nat_protocol
-#undef _
- default:
- nat_elog_info ("unknown protocol");
- return 1;
- }
-
-exhausted:
- /* Totally out of translations to use... */
- nat_ipfix_logging_addresses_exhausted (thread_index, 0);
- return 1;
-}
-
void
nat44_add_del_address_dpo (ip4_address_t addr, u8 is_add)
{
@@ -3566,110 +3177,6 @@ nat44_add_del_address_dpo (ip4_address_t addr, u8 is_add)
}
static u32
-snat_get_worker_in2out_cb (ip4_header_t * ip0, u32 rx_fib_index0,
- u8 is_output)
-{
- snat_main_t *sm = &snat_main;
- u32 next_worker_index = 0;
- u32 hash;
-
- next_worker_index = sm->first_worker_index;
- hash = ip0->src_address.as_u32 + (ip0->src_address.as_u32 >> 8) +
- (ip0->src_address.as_u32 >> 16) + (ip0->src_address.as_u32 >> 24);
-
- if (PREDICT_TRUE (is_pow2 (_vec_len (sm->workers))))
- next_worker_index += sm->workers[hash & (_vec_len (sm->workers) - 1)];
- else
- next_worker_index += sm->workers[hash % _vec_len (sm->workers)];
-
- return next_worker_index;
-}
-
-static u32
-snat_get_worker_out2in_cb (vlib_buffer_t * b, ip4_header_t * ip0,
- u32 rx_fib_index0, u8 is_output)
-{
- snat_main_t *sm = &snat_main;
- udp_header_t *udp;
- u16 port;
- clib_bihash_kv_8_8_t kv, value;
- snat_static_mapping_t *m;
- u32 proto;
- u32 next_worker_index = 0;
-
- /* first try static mappings without port */
- if (PREDICT_FALSE (pool_elts (sm->static_mappings)))
- {
- init_nat_k (&kv, ip0->dst_address, 0, rx_fib_index0, 0);
- if (!clib_bihash_search_8_8
- (&sm->static_mapping_by_external, &kv, &value))
- {
- m = pool_elt_at_index (sm->static_mappings, value.value);
- return m->workers[0];
- }
- }
-
- proto = ip_proto_to_nat_proto (ip0->protocol);
- udp = ip4_next_header (ip0);
- port = udp->dst_port;
-
- /* unknown protocol */
- if (PREDICT_FALSE (proto == NAT_PROTOCOL_OTHER))
- {
- /* use current thread */
- return vlib_get_thread_index ();
- }
-
- if (PREDICT_FALSE (ip0->protocol == IP_PROTOCOL_ICMP))
- {
- icmp46_header_t *icmp = (icmp46_header_t *) udp;
- icmp_echo_header_t *echo = (icmp_echo_header_t *) (icmp + 1);
- if (!icmp_type_is_error_message
- (vnet_buffer (b)->ip.reass.icmp_type_or_tcp_flags))
- port = vnet_buffer (b)->ip.reass.l4_src_port;
- else
- {
- /* if error message, then it's not fragmented and we can access it */
- ip4_header_t *inner_ip = (ip4_header_t *) (echo + 1);
- proto = ip_proto_to_nat_proto (inner_ip->protocol);
- void *l4_header = ip4_next_header (inner_ip);
- switch (proto)
- {
- case NAT_PROTOCOL_ICMP:
- icmp = (icmp46_header_t *) l4_header;
- echo = (icmp_echo_header_t *) (icmp + 1);
- port = echo->identifier;
- break;
- case NAT_PROTOCOL_UDP:
- case NAT_PROTOCOL_TCP:
- port = ((tcp_udp_header_t *) l4_header)->src_port;
- break;
- default:
- return vlib_get_thread_index ();
- }
- }
- }
-
- /* try static mappings with port */
- if (PREDICT_FALSE (pool_elts (sm->static_mappings)))
- {
- init_nat_k (&kv, ip0->dst_address, port, rx_fib_index0, proto);
- if (!clib_bihash_search_8_8
- (&sm->static_mapping_by_external, &kv, &value))
- {
- m = pool_elt_at_index (sm->static_mappings, value.value);
- return m->workers[0];
- }
- }
-
- /* worker by outside port */
- next_worker_index = sm->first_worker_index;
- next_worker_index +=
- sm->workers[(clib_net_to_host_u16 (port) - 1024) / sm->port_per_thread];
- return next_worker_index;
-}
-
-static u32
nat44_ed_get_worker_in2out_cb (ip4_header_t * ip, u32 rx_fib_index,
u8 is_output)
{
@@ -3928,293 +3435,6 @@ done:
return next_worker_index;
}
-void
-nat_ha_sadd_cb (ip4_address_t * in_addr, u16 in_port,
- ip4_address_t * out_addr, u16 out_port,
- ip4_address_t * eh_addr, u16 eh_port,
- ip4_address_t * ehn_addr, u16 ehn_port, u8 proto,
- u32 fib_index, u16 flags, u32 thread_index)
-{
- snat_main_t *sm = &snat_main;
- snat_main_per_thread_data_t *tsm = &sm->per_thread_data[thread_index];
- snat_user_t *u;
- snat_session_t *s;
- clib_bihash_kv_8_8_t kv;
- vlib_main_t *vm = vlib_get_main ();
- f64 now = vlib_time_now (vm);
- nat_outside_fib_t *outside_fib;
- fib_node_index_t fei = FIB_NODE_INDEX_INVALID;
- fib_prefix_t pfx = {
- .fp_proto = FIB_PROTOCOL_IP4,
- .fp_len = 32,
- .fp_addr = {
- .ip4.as_u32 = eh_addr->as_u32,
- },
- };
-
- if (!(flags & SNAT_SESSION_FLAG_STATIC_MAPPING))
- {
- if (nat_set_outside_address_and_port
- (sm->addresses, thread_index, *out_addr, out_port, proto))
- return;
- }
-
- u = nat_user_get_or_create (sm, in_addr, fib_index, thread_index);
- if (!u)
- return;
-
- s = nat_session_alloc_or_recycle (sm, u, thread_index, now);
- if (!s)
- return;
-
- if (sm->endpoint_dependent)
- {
- nat_ed_lru_insert (tsm, s, now, nat_proto_to_ip_proto (proto));
- }
-
- s->out2in.addr.as_u32 = out_addr->as_u32;
- s->out2in.port = out_port;
- s->nat_proto = proto;
- s->last_heard = now;
- s->flags = flags;
- s->ext_host_addr.as_u32 = eh_addr->as_u32;
- s->ext_host_port = eh_port;
- user_session_increment (sm, u, snat_is_session_static (s));
- switch (vec_len (sm->outside_fibs))
- {
- case 0:
- s->out2in.fib_index = sm->outside_fib_index;
- break;
- case 1:
- s->out2in.fib_index = sm->outside_fibs[0].fib_index;
- break;
- default:
- /* *INDENT-OFF* */
- vec_foreach (outside_fib, sm->outside_fibs)
- {
- fei = fib_table_lookup (outside_fib->fib_index, &pfx);
- if (FIB_NODE_INDEX_INVALID != fei)
- {
- if (fib_entry_get_resolving_interface (fei) != ~0)
- {
- s->out2in.fib_index = outside_fib->fib_index;
- break;
- }
- }
- }
- /* *INDENT-ON* */
- break;
- }
- init_nat_o2i_kv (&kv, s, s - tsm->sessions);
- if (clib_bihash_add_del_8_8 (&tsm->out2in, &kv, 1))
- nat_elog_warn ("out2in key add failed");
-
- s->in2out.addr.as_u32 = in_addr->as_u32;
- s->in2out.port = in_port;
- s->in2out.fib_index = fib_index;
- init_nat_i2o_kv (&kv, s, s - tsm->sessions);
- if (clib_bihash_add_del_8_8 (&tsm->in2out, &kv, 1))
- nat_elog_warn ("in2out key add failed");
-}
-
-void
-nat_ha_sdel_cb (ip4_address_t * out_addr, u16 out_port,
- ip4_address_t * eh_addr, u16 eh_port, u8 proto, u32 fib_index,
- u32 ti)
-{
- snat_main_t *sm = &snat_main;
- clib_bihash_kv_8_8_t kv, value;
- u32 thread_index;
- snat_session_t *s;
- snat_main_per_thread_data_t *tsm;
-
- if (sm->num_workers > 1)
- thread_index =
- sm->first_worker_index +
- (sm->workers[(clib_net_to_host_u16 (out_port) -
- 1024) / sm->port_per_thread]);
- else
- thread_index = sm->num_workers;
- tsm = vec_elt_at_index (sm->per_thread_data, thread_index);
-
- init_nat_k (&kv, *out_addr, out_port, fib_index, proto);
- if (clib_bihash_search_8_8 (&tsm->out2in, &kv, &value))
- return;
-
- s = pool_elt_at_index (tsm->sessions, value.value);
- nat_free_session_data (sm, s, thread_index, 1);
- nat44_delete_session (sm, s, thread_index);
-}
-
-void
-nat_ha_sref_cb (ip4_address_t * out_addr, u16 out_port,
- ip4_address_t * eh_addr, u16 eh_port, u8 proto, u32 fib_index,
- u32 total_pkts, u64 total_bytes, u32 thread_index)
-{
- snat_main_t *sm = &snat_main;
- clib_bihash_kv_8_8_t kv, value;
- snat_session_t *s;
- snat_main_per_thread_data_t *tsm;
-
- tsm = vec_elt_at_index (sm->per_thread_data, thread_index);
-
- init_nat_k (&kv, *out_addr, out_port, fib_index, proto);
- if (clib_bihash_search_8_8 (&tsm->out2in, &kv, &value))
- return;
-
- s = pool_elt_at_index (tsm->sessions, value.value);
- s->total_pkts = total_pkts;
- s->total_bytes = total_bytes;
-}
-
-void
-nat_ha_sadd_ed_cb (ip4_address_t * in_addr, u16 in_port,
- ip4_address_t * out_addr, u16 out_port,
- ip4_address_t * eh_addr, u16 eh_port,
- ip4_address_t * ehn_addr, u16 ehn_port, u8 proto,
- u32 fib_index, u16 flags, u32 thread_index)
-{
- snat_main_t *sm = &snat_main;
- snat_main_per_thread_data_t *tsm = &sm->per_thread_data[thread_index];
- snat_session_t *s;
- clib_bihash_kv_16_8_t kv;
- vlib_main_t *vm = vlib_get_main ();
- f64 now = vlib_time_now (vm);
- nat_outside_fib_t *outside_fib;
- fib_node_index_t fei = FIB_NODE_INDEX_INVALID;
- fib_prefix_t pfx = {
- .fp_proto = FIB_PROTOCOL_IP4,
- .fp_len = 32,
- .fp_addr = {
- .ip4.as_u32 = eh_addr->as_u32,
- },
- };
-
-
- if (!(flags & SNAT_SESSION_FLAG_STATIC_MAPPING))
- {
- if (nat_set_outside_address_and_port
- (sm->addresses, thread_index, *out_addr, out_port, proto))
- return;
- }
-
- if (flags & SNAT_SESSION_FLAG_TWICE_NAT)
- {
- if (nat_set_outside_address_and_port
- (sm->addresses, thread_index, *ehn_addr, ehn_port, proto))
- return;
- }
-
- s = nat_ed_session_alloc (sm, thread_index, now, proto);
- if (!s)
- return;
-
- s->last_heard = now;
- s->flags = flags;
- s->ext_host_nat_addr.as_u32 = s->ext_host_addr.as_u32 = eh_addr->as_u32;
- s->ext_host_nat_port = s->ext_host_port = eh_port;
- if (is_twice_nat_session (s))
- {
- s->ext_host_nat_addr.as_u32 = ehn_addr->as_u32;
- s->ext_host_nat_port = ehn_port;
- }
- switch (vec_len (sm->outside_fibs))
- {
- case 0:
- s->out2in.fib_index = sm->outside_fib_index;
- break;
- case 1:
- s->out2in.fib_index = sm->outside_fibs[0].fib_index;
- break;
- default:
- /* *INDENT-OFF* */
- vec_foreach (outside_fib, sm->outside_fibs)
- {
- fei = fib_table_lookup (outside_fib->fib_index, &pfx);
- if (FIB_NODE_INDEX_INVALID != fei)
- {
- if (fib_entry_get_resolving_interface (fei) != ~0)
- {
- s->out2in.fib_index = outside_fib->fib_index;
- break;
- }
- }
- }
- /* *INDENT-ON* */
- break;
- }
- s->nat_proto = proto;
- s->out2in.addr.as_u32 = out_addr->as_u32;
- s->out2in.port = out_port;
-
- s->in2out.addr.as_u32 = in_addr->as_u32;
- s->in2out.port = in_port;
- s->in2out.fib_index = fib_index;
-
- init_ed_kv (&kv, *in_addr, in_port, s->ext_host_nat_addr,
- s->ext_host_nat_port, fib_index, nat_proto_to_ip_proto (proto),
- thread_index, s - tsm->sessions);
- if (clib_bihash_add_del_16_8 (&tsm->in2out_ed, &kv, 1))
- nat_elog_warn ("in2out key add failed");
-
- init_ed_kv (&kv, *out_addr, out_port, *eh_addr, eh_port,
- s->out2in.fib_index, nat_proto_to_ip_proto (proto),
- thread_index, s - tsm->sessions);
- if (clib_bihash_add_del_16_8 (&sm->out2in_ed, &kv, 1))
- nat_elog_warn ("out2in key add failed");
-}
-
-void
-nat_ha_sdel_ed_cb (ip4_address_t * out_addr, u16 out_port,
- ip4_address_t * eh_addr, u16 eh_port, u8 proto,
- u32 fib_index, u32 ti)
-{
- snat_main_t *sm = &snat_main;
- clib_bihash_kv_16_8_t kv, value;
- u32 thread_index;
- snat_session_t *s;
- snat_main_per_thread_data_t *tsm;
-
- if (sm->num_workers > 1)
- thread_index =
- sm->first_worker_index +
- (sm->workers[(clib_net_to_host_u16 (out_port) -
- 1024) / sm->port_per_thread]);
- else
- thread_index = sm->num_workers;
- tsm = vec_elt_at_index (sm->per_thread_data, thread_index);
-
- init_ed_k (&kv, *out_addr, out_port, *eh_addr, eh_port, fib_index, proto);
- if (clib_bihash_search_16_8 (&sm->out2in_ed, &kv, &value))
- return;
-
- s = pool_elt_at_index (tsm->sessions, ed_value_get_session_index (&value));
- nat_free_session_data (sm, s, thread_index, 1);
- nat44_delete_session (sm, s, thread_index);
-}
-
-void
-nat_ha_sref_ed_cb (ip4_address_t * out_addr, u16 out_port,
- ip4_address_t * eh_addr, u16 eh_port, u8 proto,
- u32 fib_index, u32 total_pkts, u64 total_bytes,
- u32 thread_index)
-{
- snat_main_t *sm = &snat_main;
- clib_bihash_kv_16_8_t kv, value;
- snat_session_t *s;
- snat_main_per_thread_data_t *tsm;
-
- tsm = vec_elt_at_index (sm->per_thread_data, thread_index);
-
- init_ed_k (&kv, *out_addr, out_port, *eh_addr, eh_port, fib_index, proto);
- if (clib_bihash_search_16_8 (&sm->out2in_ed, &kv, &value))
- return;
-
- s = pool_elt_at_index (tsm->sessions, ed_value_get_session_index (&value));
- s->total_pkts = total_pkts;
- s->total_bytes = total_bytes;
-}
-
static u32
nat_calc_bihash_buckets (u32 n_elts)
{
@@ -4694,38 +3914,6 @@ nat44_del_ed_session (snat_main_t * sm, ip4_address_t * addr, u16 port,
return 0;
}
-void
-nat_set_alloc_addr_and_port_mape (u16 psid, u16 psid_offset, u16 psid_length)
-{
- snat_main_t *sm = &snat_main;
-
- sm->addr_and_port_alloc_alg = NAT_ADDR_AND_PORT_ALLOC_ALG_MAPE;
- sm->alloc_addr_and_port = nat_alloc_addr_and_port_mape;
- sm->psid = psid;
- sm->psid_offset = psid_offset;
- sm->psid_length = psid_length;
-}
-
-void
-nat_set_alloc_addr_and_port_range (u16 start_port, u16 end_port)
-{
- snat_main_t *sm = &snat_main;
-
- sm->addr_and_port_alloc_alg = NAT_ADDR_AND_PORT_ALLOC_ALG_RANGE;
- sm->alloc_addr_and_port = nat_alloc_addr_and_port_range;
- sm->start_port = start_port;
- sm->end_port = end_port;
-}
-
-void
-nat_set_alloc_addr_and_port_default (void)
-{
- snat_main_t *sm = &snat_main;
-
- sm->addr_and_port_alloc_alg = NAT_ADDR_AND_PORT_ALLOC_ALG_DEFAULT;
- sm->alloc_addr_and_port = nat_alloc_addr_and_port_default;
-}
-
VLIB_NODE_FN (nat_default_node) (vlib_main_t * vm,
vlib_node_runtime_t * node,
vlib_frame_t * frame)