aboutsummaryrefslogtreecommitdiffstats
path: root/src/plugins/nat
diff options
context:
space:
mode:
Diffstat (limited to 'src/plugins/nat')
-rw-r--r--src/plugins/nat/nat44-ed/nat44_ed.c29
-rw-r--r--src/plugins/nat/nat44-ed/nat44_ed.h22
-rw-r--r--src/plugins/nat/nat44-ed/nat44_ed_affinity.c6
-rw-r--r--src/plugins/nat/nat44-ed/nat44_ed_affinity.h4
-rw-r--r--src/plugins/nat/nat44-ed/nat44_ed_in2out.c47
-rw-r--r--src/plugins/nat/nat44-ed/nat44_ed_out2in.c12
6 files changed, 53 insertions, 67 deletions
diff --git a/src/plugins/nat/nat44-ed/nat44_ed.c b/src/plugins/nat/nat44-ed/nat44_ed.c
index 0d62e788ec1..c5c2a61f8d5 100644
--- a/src/plugins/nat/nat44-ed/nat44_ed.c
+++ b/src/plugins/nat/nat44-ed/nat44_ed.c
@@ -2405,19 +2405,14 @@ nat_set_outside_address_and_port (snat_address_t *addresses, u32 thread_index,
}
int
-snat_static_mapping_match (snat_main_t * sm,
- ip4_address_t match_addr,
- u16 match_port,
- u32 match_fib_index,
- nat_protocol_t match_protocol,
- ip4_address_t * mapping_addr,
- u16 * mapping_port,
- u32 * mapping_fib_index,
- u8 by_external,
- u8 * is_addr_only,
- twice_nat_type_t * twice_nat,
- lb_nat_type_t * lb, ip4_address_t * ext_host_addr,
- u8 * is_identity_nat, snat_static_mapping_t ** out)
+snat_static_mapping_match (vlib_main_t *vm, snat_main_t *sm,
+ ip4_address_t match_addr, u16 match_port,
+ u32 match_fib_index, nat_protocol_t match_protocol,
+ ip4_address_t *mapping_addr, u16 *mapping_port,
+ u32 *mapping_fib_index, u8 by_external,
+ u8 *is_addr_only, twice_nat_type_t *twice_nat,
+ lb_nat_type_t *lb, ip4_address_t *ext_host_addr,
+ u8 *is_identity_nat, snat_static_mapping_t **out)
{
clib_bihash_kv_8_8_t kv, value;
clib_bihash_8_8_t *mapping_hash;
@@ -2460,11 +2455,9 @@ snat_static_mapping_match (snat_main_t * sm,
{
if (PREDICT_FALSE (lb != 0))
*lb = m->affinity ? AFFINITY_LB_NAT : LB_NAT;
- if (m->affinity && !nat_affinity_find_and_lock (ext_host_addr[0],
- match_addr,
- match_protocol,
- match_port,
- &backend_index))
+ if (m->affinity && !nat_affinity_find_and_lock (
+ vm, ext_host_addr[0], match_addr,
+ match_protocol, match_port, &backend_index))
{
local = pool_elt_at_index (m->locals, backend_index);
*mapping_addr = local->addr;
diff --git a/src/plugins/nat/nat44-ed/nat44_ed.h b/src/plugins/nat/nat44-ed/nat44_ed.h
index c6bccd9f492..66276285584 100644
--- a/src/plugins/nat/nat44-ed/nat44_ed.h
+++ b/src/plugins/nat/nat44-ed/nat44_ed.h
@@ -1079,21 +1079,13 @@ void expire_per_vrf_sessions (u32 fib_index);
*
* @returns 0 if match found otherwise 1.
*/
-int snat_static_mapping_match (snat_main_t * sm,
- ip4_address_t match_addr,
- u16 match_port,
- u32 match_fib_index,
- nat_protocol_t match_protocol,
- ip4_address_t * mapping_addr,
- u16 * mapping_port,
- u32 * mapping_fib_index,
- u8 by_external,
- u8 * is_addr_only,
- twice_nat_type_t * twice_nat,
- lb_nat_type_t * lb,
- ip4_address_t * ext_host_addr,
- u8 * is_identity_nat,
- snat_static_mapping_t ** out);
+int snat_static_mapping_match (
+ vlib_main_t *vm, snat_main_t *sm, ip4_address_t match_addr, u16 match_port,
+ u32 match_fib_index, nat_protocol_t match_protocol,
+ ip4_address_t *mapping_addr, u16 *mapping_port, u32 *mapping_fib_index,
+ u8 by_external, u8 *is_addr_only, twice_nat_type_t *twice_nat,
+ lb_nat_type_t *lb, ip4_address_t *ext_host_addr, u8 *is_identity_nat,
+ snat_static_mapping_t **out);
/**
* @brief Add/del NAT address to FIB.
diff --git a/src/plugins/nat/nat44-ed/nat44_ed_affinity.c b/src/plugins/nat/nat44-ed/nat44_ed_affinity.c
index 6debe401292..89f11c64ef3 100644
--- a/src/plugins/nat/nat44-ed/nat44_ed_affinity.c
+++ b/src/plugins/nat/nat44-ed/nat44_ed_affinity.c
@@ -140,9 +140,9 @@ nat_affinity_flush_service (u32 affinity_per_service_list_head_index)
}
int
-nat_affinity_find_and_lock (ip4_address_t client_addr,
+nat_affinity_find_and_lock (vlib_main_t *vm, ip4_address_t client_addr,
ip4_address_t service_addr, u8 proto,
- u16 service_port, u8 * backend_index)
+ u16 service_port, u8 *backend_index)
{
snat_main_t *sm = &snat_main;
nat_affinity_main_t *nam = &nat_affinity_main;
@@ -162,7 +162,7 @@ nat_affinity_find_and_lock (ip4_address_t client_addr,
/* if already expired delete */
if (a->ref_cnt == 0)
{
- if (a->expire < vlib_time_now (nam->vlib_main))
+ if (a->expire < vlib_time_now (vm))
{
clib_dlist_remove (nam->list_pool, a->per_service_index);
pool_put_index (nam->list_pool, a->per_service_index);
diff --git a/src/plugins/nat/nat44-ed/nat44_ed_affinity.h b/src/plugins/nat/nat44-ed/nat44_ed_affinity.h
index 2cfa9d29eb0..bd9b4d6ae59 100644
--- a/src/plugins/nat/nat44-ed/nat44_ed_affinity.h
+++ b/src/plugins/nat/nat44-ed/nat44_ed_affinity.h
@@ -109,9 +109,9 @@ clib_error_t *nat_affinity_init (vlib_main_t * vm);
*
* @return 0 on success, non-zero value otherwise.
*/
-int nat_affinity_find_and_lock (ip4_address_t client_addr,
+int nat_affinity_find_and_lock (vlib_main_t *vm, ip4_address_t client_addr,
ip4_address_t service_addr, u8 proto,
- u16 service_port, u8 * backend_index);
+ u16 service_port, u8 *backend_index);
/**
* @brief Create affinity record and take reference counting lock.
diff --git a/src/plugins/nat/nat44-ed/nat44_ed_in2out.c b/src/plugins/nat/nat44-ed/nat44_ed_in2out.c
index 885851c46b6..fe1a6d94f4c 100644
--- a/src/plugins/nat/nat44-ed/nat44_ed_in2out.c
+++ b/src/plugins/nat/nat44-ed/nat44_ed_in2out.c
@@ -331,10 +331,11 @@ nat44_ed_external_sm_lookup (snat_main_t *sm, ip4_address_t match_addr,
}
static u32
-slow_path_ed (snat_main_t *sm, vlib_buffer_t *b, ip4_address_t l_addr,
- ip4_address_t r_addr, u16 l_port, u16 r_port, u8 proto,
- u32 rx_fib_index, snat_session_t **sessionp,
- vlib_node_runtime_t *node, u32 next, u32 thread_index, f64 now)
+slow_path_ed (vlib_main_t *vm, snat_main_t *sm, vlib_buffer_t *b,
+ ip4_address_t l_addr, ip4_address_t r_addr, u16 l_port,
+ u16 r_port, u8 proto, u32 rx_fib_index,
+ snat_session_t **sessionp, vlib_node_runtime_t *node, u32 next,
+ u32 thread_index, f64 now)
{
snat_main_per_thread_data_t *tsm = &sm->per_thread_data[thread_index];
ip4_address_t outside_addr;
@@ -392,9 +393,9 @@ slow_path_ed (snat_main_t *sm, vlib_buffer_t *b, ip4_address_t l_addr,
u32 sm_fib_index;
/* First try to match static mapping by local address and port */
int is_sm;
- if (snat_static_mapping_match (sm, l_addr, l_port, rx_fib_index, nat_proto,
- &sm_addr, &sm_port, &sm_fib_index, 0, 0, 0,
- &lb, 0, &is_identity_nat, 0))
+ if (snat_static_mapping_match (vm, sm, l_addr, l_port, rx_fib_index,
+ nat_proto, &sm_addr, &sm_port, &sm_fib_index,
+ 0, 0, 0, &lb, 0, &is_identity_nat, 0))
{
is_sm = 0;
}
@@ -554,9 +555,10 @@ error:
}
static_always_inline int
-nat44_ed_not_translate (snat_main_t *sm, vlib_node_runtime_t *node,
- u32 sw_if_index, vlib_buffer_t *b, ip4_header_t *ip,
- u32 proto, u32 rx_fib_index, u32 thread_index)
+nat44_ed_not_translate (vlib_main_t *vm, snat_main_t *sm,
+ vlib_node_runtime_t *node, u32 sw_if_index,
+ vlib_buffer_t *b, ip4_header_t *ip, u32 proto,
+ u32 rx_fib_index, u32 thread_index)
{
clib_bihash_kv_16_8_t kv, value;
@@ -572,7 +574,7 @@ nat44_ed_not_translate (snat_main_t *sm, vlib_node_runtime_t *node,
u16 placeholder_port;
u32 placeholder_fib_index;
if (!snat_static_mapping_match (
- sm, ip->dst_address, vnet_buffer (b)->ip.reass.l4_dst_port,
+ vm, sm, ip->dst_address, vnet_buffer (b)->ip.reass.l4_dst_port,
sm->outside_fib_index, proto, &placeholder_addr, &placeholder_port,
&placeholder_fib_index, 1, 0, 0, 0, 0, 0, 0))
return 0;
@@ -742,8 +744,8 @@ icmp_in2out_ed_slow_path (snat_main_t *sm, vlib_buffer_t *b, ip4_header_t *ip,
}
else
{
- if (PREDICT_FALSE (nat44_ed_not_translate (sm, node, sw_if_index, b, ip,
- NAT_PROTOCOL_ICMP,
+ if (PREDICT_FALSE (nat44_ed_not_translate (vm, sm, node, sw_if_index, b,
+ ip, NAT_PROTOCOL_ICMP,
rx_fib_index, thread_index)))
{
return next;
@@ -757,9 +759,9 @@ icmp_in2out_ed_slow_path (snat_main_t *sm, vlib_buffer_t *b, ip4_header_t *ip,
return NAT_NEXT_DROP;
}
- next = slow_path_ed (sm, b, ip->src_address, ip->dst_address, lookup_sport,
- lookup_dport, ip->protocol, rx_fib_index, &s, node,
- next, thread_index, vlib_time_now (vm));
+ next = slow_path_ed (vm, sm, b, ip->src_address, ip->dst_address,
+ lookup_sport, lookup_dport, ip->protocol, rx_fib_index,
+ &s, node, next, thread_index, vlib_time_now (vm));
if (NAT_NEXT_DROP == next)
goto out;
@@ -1374,17 +1376,16 @@ nat44_ed_in2out_slow_path_node_fn_inline (vlib_main_t * vm,
else
{
if (PREDICT_FALSE (nat44_ed_not_translate (
- sm, node, sw_if_index0, b0, ip0, proto0, rx_fib_index0,
+ vm, sm, node, sw_if_index0, b0, ip0, proto0, rx_fib_index0,
thread_index)))
goto trace0;
}
- next[0] =
- slow_path_ed (sm, b0, ip0->src_address, ip0->dst_address,
- vnet_buffer (b0)->ip.reass.l4_src_port,
- vnet_buffer (b0)->ip.reass.l4_dst_port,
- ip0->protocol, rx_fib_index0, &s0, node, next[0],
- thread_index, now);
+ next[0] = slow_path_ed (
+ vm, sm, b0, ip0->src_address, ip0->dst_address,
+ vnet_buffer (b0)->ip.reass.l4_src_port,
+ vnet_buffer (b0)->ip.reass.l4_dst_port, ip0->protocol,
+ rx_fib_index0, &s0, node, next[0], thread_index, now);
if (PREDICT_FALSE (next[0] == NAT_NEXT_DROP))
goto trace0;
diff --git a/src/plugins/nat/nat44-ed/nat44_ed_out2in.c b/src/plugins/nat/nat44-ed/nat44_ed_out2in.c
index d3fd50953e0..2f83ad3f3e7 100644
--- a/src/plugins/nat/nat44-ed/nat44_ed_out2in.c
+++ b/src/plugins/nat/nat44-ed/nat44_ed_out2in.c
@@ -149,7 +149,7 @@ icmp_out2in_ed_slow_path (snat_main_t *sm, vlib_buffer_t *b, ip4_header_t *ip,
}
if (snat_static_mapping_match (
- sm, ip->dst_address, lookup_sport, rx_fib_index,
+ vm, sm, ip->dst_address, lookup_sport, rx_fib_index,
ip_proto_to_nat_proto (ip->protocol), &sm_addr, &sm_port,
&sm_fib_index, 1, &is_addr_only, 0, 0, 0, &identity_nat, &m))
{
@@ -1198,11 +1198,11 @@ nat44_ed_out2in_slow_path_node_fn_inline (vlib_main_t * vm,
/* Try to match static mapping by external address and port,
destination address and port in packet */
- if (snat_static_mapping_match
- (sm, ip0->dst_address,
- vnet_buffer (b0)->ip.reass.l4_dst_port, rx_fib_index0,
- proto0, &sm_addr, &sm_port, &sm_fib_index, 1, 0,
- &twice_nat0, &lb_nat0, &ip0->src_address, &identity_nat0, &m))
+ if (snat_static_mapping_match (
+ vm, sm, ip0->dst_address,
+ vnet_buffer (b0)->ip.reass.l4_dst_port, rx_fib_index0, proto0,
+ &sm_addr, &sm_port, &sm_fib_index, 1, 0, &twice_nat0, &lb_nat0,
+ &ip0->src_address, &identity_nat0, &m))
{
/*
* Send DHCP packets to the ipv4 stack, or we won't