diff options
Diffstat (limited to 'src/plugins/nat/nat64_db.c')
-rw-r--r-- | src/plugins/nat/nat64_db.c | 63 |
1 files changed, 62 insertions, 1 deletions
diff --git a/src/plugins/nat/nat64_db.c b/src/plugins/nat/nat64_db.c index 7ce28bc6c7f..3edc1a43006 100644 --- a/src/plugins/nat/nat64_db.c +++ b/src/plugins/nat/nat64_db.c @@ -17,6 +17,8 @@ * @brief NAT64 DB */ #include <nat/nat64_db.h> +#include <nat/nat_ipfix_logging.h> +#include <vnet/fib/fib_table.h> int nat64_db_init (nat64_db_t * db, u32 bib_buckets, u32 bib_memory_size, @@ -36,6 +38,12 @@ nat64_db_init (nat64_db_t * db, u32 bib_buckets, u32 bib_memory_size, st_memory_size); db->free_addr_port_cb = free_addr_port_cb; + db->bib.limit = 10 * bib_buckets; + db->bib.bib_entries_num = 0; + db->st.limit = 10 * st_buckets; + db->st.st_entries_num = 0; + db->addr_free = 0; + return 0; } @@ -48,6 +56,14 @@ nat64_db_bib_entry_create (nat64_db_t * db, ip6_address_t * in_addr, nat64_db_bib_entry_t *bibe; nat64_db_bib_entry_key_t bibe_key; clib_bihash_kv_24_8_t kv; + fib_table_t *fib; + + if (db->bib.bib_entries_num >= db->bib.limit) + { + db->free_addr_port_cb (db, out_addr, out_port, proto); + nat_ipfix_logging_max_bibs (db->bib.limit); + return 0; + } /* create pool entry */ switch (ip_proto_to_snat_proto (proto)) @@ -66,6 +82,9 @@ nat64_db_bib_entry_create (nat64_db_t * db, ip6_address_t * in_addr, kv.value = bibe - db->bib._unk_proto_bib; break; } + + db->bib.bib_entries_num++; + memset (bibe, 0, sizeof (*bibe)); bibe->in_addr.as_u64[0] = in_addr->as_u64[0]; bibe->in_addr.as_u64[1] = in_addr->as_u64[1]; @@ -97,6 +116,9 @@ nat64_db_bib_entry_create (nat64_db_t * db, ip6_address_t * in_addr, kv.key[2] = bibe_key.as_u64[2]; clib_bihash_add_del_24_8 (&db->bib.out2in, &kv, 1); + fib = fib_table_get (bibe->fib_index, FIB_PROTOCOL_IP6); + nat_ipfix_logging_nat64_bib (in_addr, out_addr, proto, in_port, out_port, + fib->ft_table_id, 1); return bibe; } @@ -108,6 +130,7 @@ nat64_db_bib_entry_free (nat64_db_t * db, nat64_db_bib_entry_t * bibe) nat64_db_bib_entry_t *bib; u32 *ste_to_be_free = 0, *ste_index, bibe_index; nat64_db_st_entry_t *st, *ste; + fib_table_t *fib; switch (ip_proto_to_snat_proto (bibe->proto)) { @@ -126,6 +149,8 @@ nat64_db_bib_entry_free (nat64_db_t * db, nat64_db_bib_entry_t * bibe) break; } + db->bib.bib_entries_num--; + bibe_index = bibe - bib; /* delete ST entries for static BIB entry */ @@ -162,7 +187,14 @@ nat64_db_bib_entry_free (nat64_db_t * db, nat64_db_bib_entry_t * bibe) kv.key[2] = bibe_key.as_u64[2]; clib_bihash_add_del_24_8 (&db->bib.out2in, &kv, 0); - db->free_addr_port_cb (db, &bibe->out_addr, bibe->out_port, bibe->proto); + if (!db->addr_free) + db->free_addr_port_cb (db, &bibe->out_addr, bibe->out_port, bibe->proto); + + fib = fib_table_get (bibe->fib_index, FIB_PROTOCOL_IP6); + nat_ipfix_logging_nat64_bib (&bibe->in_addr, &bibe->out_addr, bibe->proto, + bibe->in_port, bibe->out_port, + fib->ft_table_id, 0); + /* delete from pool */ pool_put (bib, bibe); @@ -344,6 +376,13 @@ nat64_db_st_entry_create (nat64_db_t * db, nat64_db_bib_entry_t * bibe, nat64_db_bib_entry_t *bib; nat64_db_st_entry_key_t ste_key; clib_bihash_kv_48_8_t kv; + fib_table_t *fib; + + if (db->st.st_entries_num >= db->st.limit) + { + nat_ipfix_logging_max_sessions (db->st.limit); + return 0; + } /* create pool entry */ switch (ip_proto_to_snat_proto (bibe->proto)) @@ -364,6 +403,9 @@ nat64_db_st_entry_create (nat64_db_t * db, nat64_db_bib_entry_t * bibe, bib = db->bib._unk_proto_bib; break; } + + db->st.st_entries_num++; + memset (ste, 0, sizeof (*ste)); ste->in_r_addr.as_u64[0] = in_r_addr->as_u64[0]; ste->in_r_addr.as_u64[1] = in_r_addr->as_u64[1]; @@ -407,6 +449,13 @@ nat64_db_st_entry_create (nat64_db_t * db, nat64_db_bib_entry_t * bibe, kv.key[5] = ste_key.as_u64[5]; clib_bihash_add_del_48_8 (&db->st.out2in, &kv, 1); + fib = fib_table_get (bibe->fib_index, FIB_PROTOCOL_IP6); + nat_ipfix_logging_nat64_session (&bibe->in_addr, &bibe->out_addr, + bibe->proto, bibe->in_port, bibe->out_port, + &ste->in_r_addr, &ste->out_r_addr, + ste->r_port, ste->r_port, fib->ft_table_id, + 1); + return ste; } @@ -417,6 +466,7 @@ nat64_db_st_entry_free (nat64_db_t * db, nat64_db_st_entry_t * ste) nat64_db_bib_entry_t *bib, *bibe; nat64_db_st_entry_key_t ste_key; clib_bihash_kv_48_8_t kv; + fib_table_t *fib; switch (ip_proto_to_snat_proto (ste->proto)) { @@ -437,6 +487,8 @@ nat64_db_st_entry_free (nat64_db_t * db, nat64_db_st_entry_t * ste) bibe = pool_elt_at_index (bib, ste->bibe_index); + db->st.st_entries_num--; + /* delete hash lookup */ memset (&ste_key, 0, sizeof (ste_key)); ste_key.l_addr.as_u64[0] = bibe->in_addr.as_u64[0]; @@ -469,6 +521,13 @@ nat64_db_st_entry_free (nat64_db_t * db, nat64_db_st_entry_t * ste) kv.key[5] = ste_key.as_u64[5]; clib_bihash_add_del_48_8 (&db->st.out2in, &kv, 0); + fib = fib_table_get (bibe->fib_index, FIB_PROTOCOL_IP6); + nat_ipfix_logging_nat64_session (&bibe->in_addr, &bibe->out_addr, + bibe->proto, bibe->in_port, bibe->out_port, + &ste->in_r_addr, &ste->out_r_addr, + ste->r_port, ste->r_port, fib->ft_table_id, + 0); + /* delete from pool */ pool_put (st, ste); @@ -613,6 +672,7 @@ nat64_db_free_out_addr (nat64_db_t * db, ip4_address_t * out_addr) nat64_db_st_entry_t *st, *ste; nat64_db_bib_entry_t *bibe; + db->addr_free = 1; /* *INDENT-OFF* */ #define _(N, i, n, s) \ st = db->st._##n##_st; \ @@ -636,6 +696,7 @@ nat64_db_free_out_addr (nat64_db_t * db, ip4_address_t * out_addr) vec_foreach (ste_index, ste_to_be_free) nat64_db_st_entry_free (db, pool_elt_at_index(st, ste_index[0])); vec_free (ste_to_be_free); + db->addr_free = 0; /* *INDENT-ON* */ } |