diff options
Diffstat (limited to 'src/plugins/nat/nat44-ed/nat44_ed.h')
-rw-r--r-- | src/plugins/nat/nat44-ed/nat44_ed.h | 114 |
1 files changed, 71 insertions, 43 deletions
diff --git a/src/plugins/nat/nat44-ed/nat44_ed.h b/src/plugins/nat/nat44-ed/nat44_ed.h index 4665f7c0966..e2f5810f9b0 100644 --- a/src/plugins/nat/nat44-ed/nat44_ed.h +++ b/src/plugins/nat/nat44-ed/nat44_ed.h @@ -39,11 +39,6 @@ /* default number of worker handoff frame queue elements */ #define NAT_FQ_NELTS_DEFAULT 64 -/* number of attempts to get a port for ED overloading algorithm, if rolling - * a dice this many times doesn't produce a free port, it's treated - * as if there were no free ports available to conserve resources */ -#define ED_PORT_ALLOC_ATTEMPTS (10) - /* NAT buffer flags */ #define SNAT_FLAG_HAIRPINNING (1 << 0) @@ -177,6 +172,7 @@ typedef enum /* Session flags */ #define SNAT_SESSION_FLAG_STATIC_MAPPING (1 << 0) +#define SNAT_SESSION_FLAG_UNKNOWN_PROTO (1 << 1) #define SNAT_SESSION_FLAG_LOAD_BALANCING (1 << 2) #define SNAT_SESSION_FLAG_TWICE_NAT (1 << 3) #define SNAT_SESSION_FLAG_ENDPOINT_DEPENDENT (1 << 4) @@ -312,7 +308,7 @@ typedef CLIB_PACKED(struct u16 port; } in2out; - ip_protocol_t proto; + nat_protocol_t nat_proto; nat_6t_flow_t i2o; nat_6t_flow_t o2i; @@ -360,6 +356,12 @@ typedef struct { ip4_address_t addr; u32 fib_index; +#define _(N, i, n, s) \ + u32 busy_##n##_ports; \ + u32 * busy_##n##_ports_per_thread; \ + u32 busy_##n##_port_refcounts[65535]; + foreach_nat_protocol +#undef _ } snat_address_t; typedef struct @@ -424,7 +426,7 @@ typedef struct u32 vrf_id; u32 fib_index; /* protocol */ - ip_protocol_t proto; + nat_protocol_t proto; /* 0 = disabled, otherwise client IP affinity sticky time in seconds */ u32 affinity; /* worker threads used by backends/local host */ @@ -453,7 +455,7 @@ typedef struct u16 e_port; u32 sw_if_index; u32 vrf_id; - ip_protocol_t proto; + nat_protocol_t proto; u32 flags; int addr_only; int twice_nat; @@ -498,10 +500,15 @@ u32 nat44_ed_get_out2in_worker_index (vlib_buffer_t *b, ip4_header_t *ip, /* Return worker thread index for given packet */ /* NAT address and port allocation function */ -typedef int (nat_alloc_out_addr_and_port_function_t) ( - snat_address_t *addresses, u32 fib_index, u32 thread_index, - ip_protocol_t proto, ip4_address_t *addr, u16 *port, u16 port_per_thread, - u32 snat_thread_index); +typedef int (nat_alloc_out_addr_and_port_function_t) (snat_address_t * + addresses, + u32 fib_index, + u32 thread_index, + nat_protocol_t proto, + ip4_address_t * addr, + u16 * port, + u16 port_per_thread, + u32 snat_thread_index); typedef struct snat_main_s { @@ -514,6 +521,12 @@ typedef struct snat_main_s /* Per thread data */ snat_main_per_thread_data_t *per_thread_data; + /* Find a static mapping by local */ + clib_bihash_8_8_t static_mapping_by_local; + + /* Find a static mapping by external */ + clib_bihash_8_8_t static_mapping_by_external; + /* Static mapping pool */ snat_static_mapping_t *static_mappings; @@ -702,8 +715,12 @@ extern fib_source_t nat_fib_src_low; format_function_t format_snat_static_mapping; format_function_t format_snat_static_map_to_resolve; format_function_t format_snat_session; +format_function_t format_snat_key; format_function_t format_static_mapping_key; +format_function_t format_nat_protocol; format_function_t format_nat_addr_and_port_alloc_alg; +/* unformat functions */ +unformat_function_t unformat_nat_protocol; /** \brief Check if SNAT session is created from static mapping. @param s SNAT session @@ -715,6 +732,16 @@ nat44_ed_is_session_static (snat_session_t *s) return s->flags & SNAT_SESSION_FLAG_STATIC_MAPPING; } +/** \brief Check if SNAT session for unknown protocol. + @param s SNAT session + @return true if SNAT session for unknown protocol otherwise 0 +*/ +always_inline bool +snat_is_unk_proto_session (snat_session_t *s) +{ + return s->flags & SNAT_SESSION_FLAG_UNKNOWN_PROTO; +} + /** \brief Check if NAT session is twice NAT. @param s NAT session @return true if NAT session is twice NAT @@ -883,25 +910,25 @@ int nat44_ed_add_interface_address (u32 sw_if_index, u8 twice_nat); int nat44_ed_del_interface_address (u32 sw_if_index, u8 twice_nat); int nat44_ed_add_static_mapping (ip4_address_t l_addr, ip4_address_t e_addr, - u16 l_port, u16 e_port, ip_protocol_t proto, + u16 l_port, u16 e_port, nat_protocol_t proto, u32 vrf_id, u32 sw_if_index, u32 flags, ip4_address_t pool_addr, u8 *tag); int nat44_ed_del_static_mapping (ip4_address_t l_addr, ip4_address_t e_addr, - u16 l_port, u16 e_port, ip_protocol_t proto, + u16 l_port, u16 e_port, nat_protocol_t proto, u32 vrf_id, u32 sw_if_index, u32 flags); int nat44_ed_add_lb_static_mapping (ip4_address_t e_addr, u16 e_port, - ip_protocol_t proto, + nat_protocol_t proto, nat44_lb_addr_port_t *locals, u32 flags, u8 *tag, u32 affinity); int nat44_ed_del_lb_static_mapping (ip4_address_t e_addr, u16 e_port, - ip_protocol_t proto, u32 flags); + nat_protocol_t proto, u32 flags); int nat44_ed_add_del_lb_static_mapping_local (ip4_address_t e_addr, u16 e_port, ip4_address_t l_addr, u16 l_port, - ip_protocol_t proto, u32 vrf_id, + nat_protocol_t proto, u32 vrf_id, u8 probability, u8 is_add); /** @@ -920,8 +947,16 @@ int nat44_ed_del_session (snat_main_t *sm, ip4_address_t *addr, u16 port, ip4_address_t *eh_addr, u16 eh_port, u8 proto, u32 vrf_id, int is_in); -void nat44_ed_free_session_data (snat_main_t *sm, snat_session_t *s, - u32 thread_index, u8 is_ha); +/** + * @brief Free NAT44 session data (lookup keys, external address port) + * + * @param sm snat global configuration data + * @param s NAT session + * @param thread_index thread index + * @param is_ha is HA event + */ +void nat_free_session_data (snat_main_t * sm, snat_session_t * s, + u32 thread_index, u8 is_ha); /** * @brief Set NAT44 session limit (session limit, vrf id) @@ -941,6 +976,19 @@ int nat44_set_session_limit (u32 session_limit, u32 vrf_id); */ int nat44_update_session_limit (u32 session_limit, u32 vrf_id); +/** + * @brief Free outside address and port pair + * + * @param addresses vector of outside addresses + * @param thread_index thread index + * @param key address, port and protocol + */ +void +snat_free_outside_address_and_port (snat_address_t * addresses, + u32 thread_index, + ip4_address_t * addr, + u16 port, nat_protocol_t protocol); + void expire_per_vrf_sessions (u32 fib_index); /** @@ -963,9 +1011,9 @@ void expire_per_vrf_sessions (u32 fib_index); */ int snat_static_mapping_match ( vlib_main_t *vm, snat_main_t *sm, ip4_address_t match_addr, u16 match_port, - u32 match_fib_index, ip_protocol_t match_protocol, + u32 match_fib_index, nat_protocol_t match_protocol, ip4_address_t *mapping_addr, u16 *mapping_port, u32 *mapping_fib_index, - int by_external, u8 *is_addr_only, twice_nat_type_t *twice_nat, + u8 by_external, u8 *is_addr_only, twice_nat_type_t *twice_nat, lb_nat_type_t *lb, ip4_address_t *ext_host_addr, u8 *is_identity_nat, snat_static_mapping_t **out); @@ -1012,11 +1060,11 @@ typedef enum nat_translation_error_e nat_6t_flow_buf_translate_i2o ( vlib_main_t *vm, snat_main_t *sm, vlib_buffer_t *b, ip4_header_t *ip, - nat_6t_flow_t *f, ip_protocol_t proto, int is_output_feature); + nat_6t_flow_t *f, nat_protocol_t proto, int is_output_feature); nat_translation_error_e nat_6t_flow_buf_translate_o2i ( vlib_main_t *vm, snat_main_t *sm, vlib_buffer_t *b, ip4_header_t *ip, - nat_6t_flow_t *f, ip_protocol_t proto, int is_output_feature); + nat_6t_flow_t *f, nat_protocol_t proto, int is_output_feature); void nat_6t_l3_l4_csum_calc (nat_6t_flow_t *f); @@ -1024,26 +1072,6 @@ format_function_t format_nat_ed_translation_error; format_function_t format_nat_6t_flow; format_function_t format_ed_session_kvp; -snat_static_mapping_t *nat44_ed_sm_i2o_lookup (snat_main_t *sm, - ip4_address_t addr, u16 port, - u32 fib_index, u8 proto); - -snat_static_mapping_t *nat44_ed_sm_o2i_lookup (snat_main_t *sm, - ip4_address_t addr, u16 port, - u32 fib_index, u8 proto); - -void nat_syslog_nat44_sadd (u32 ssubix, u32 sfibix, ip4_address_t *isaddr, - u16 isport, ip4_address_t *idaddr, u16 idport, - ip4_address_t *xsaddr, u16 xsport, - ip4_address_t *xdaddr, u16 xdport, u8 proto, - u8 is_twicenat); - -void nat_syslog_nat44_sdel (u32 ssubix, u32 sfibix, ip4_address_t *isaddr, - u16 isport, ip4_address_t *idaddr, u16 idport, - ip4_address_t *xsaddr, u16 xsport, - ip4_address_t *xdaddr, u16 xdport, u8 proto, - u8 is_twicenat); - #endif /* __included_nat44_ed_h__ */ /* * fd.io coding-style-patch-verification: ON |