aboutsummaryrefslogtreecommitdiffstats
path: root/src/plugins/nat
diff options
context:
space:
mode:
Diffstat (limited to 'src/plugins/nat')
-rwxr-xr-xsrc/plugins/nat/in2out.c29
-rwxr-xr-xsrc/plugins/nat/nat.c15
-rw-r--r--src/plugins/nat/nat.h7
-rwxr-xr-xsrc/plugins/nat/out2in.c64
4 files changed, 98 insertions, 17 deletions
diff --git a/src/plugins/nat/in2out.c b/src/plugins/nat/in2out.c
index 996c626d46c..7d9d6c3e6c1 100755
--- a/src/plugins/nat/in2out.c
+++ b/src/plugins/nat/in2out.c
@@ -490,11 +490,14 @@ icmp_get_ed_key(ip4_header_t *ip0, nat_ed_ses_key_t *p_key0)
}
static inline int
-nat_not_translate_output_feature_fwd (snat_main_t * sm, ip4_header_t * ip)
+nat_not_translate_output_feature_fwd (snat_main_t * sm, ip4_header_t * ip,
+ u32 thread_index)
{
nat_ed_ses_key_t key;
clib_bihash_kv_16_8_t kv, value;
udp_header_t *udp;
+ snat_session_t *s = 0;
+ snat_main_per_thread_data_t *tsm = &sm->per_thread_data[thread_index];
if (!sm->forwarding_enabled)
return 0;
@@ -525,7 +528,19 @@ nat_not_translate_output_feature_fwd (snat_main_t * sm, ip4_header_t * ip)
kv.key[1] = key.as_u64[1];
if (!clib_bihash_search_16_8 (&sm->in2out_ed, &kv, &value))
- return value.value == ~0ULL;
+ {
+ s = pool_elt_at_index (sm->per_thread_data[thread_index].sessions, value.value);
+ if (is_fwd_bypass_session (s))
+ {
+ /* Per-user LRU list maintenance */
+ clib_dlist_remove (tsm->list_pool, s->per_user_index);
+ clib_dlist_addtail (tsm->list_pool, s->per_user_list_head_index,
+ s->per_user_index);
+ return 1;
+ }
+ else
+ return 0;
+ }
return 0;
}
@@ -1348,9 +1363,9 @@ snat_in2out_lb (snat_main_t *sm,
if (!clib_bihash_search_16_8 (&sm->in2out_ed, &s_kv, &s_value))
{
- if (s_value.value == ~0ULL)
- return 0;
s = pool_elt_at_index (tsm->sessions, s_value.value);
+ if (is_fwd_bypass_session (s))
+ return 0;
}
else
{
@@ -1588,7 +1603,7 @@ snat_in2out_node_fn_inline (vlib_main_t * vm,
{
if (is_output_feature)
{
- if (PREDICT_FALSE(nat_not_translate_output_feature_fwd(sm, ip0)))
+ if (PREDICT_FALSE(nat_not_translate_output_feature_fwd(sm, ip0, thread_index)))
goto trace00;
}
@@ -1780,7 +1795,7 @@ snat_in2out_node_fn_inline (vlib_main_t * vm,
{
if (is_output_feature)
{
- if (PREDICT_FALSE(nat_not_translate_output_feature_fwd(sm, ip1)))
+ if (PREDICT_FALSE(nat_not_translate_output_feature_fwd(sm, ip1, thread_index)))
goto trace01;
}
@@ -2008,7 +2023,7 @@ snat_in2out_node_fn_inline (vlib_main_t * vm,
{
if (is_output_feature)
{
- if (PREDICT_FALSE(nat_not_translate_output_feature_fwd(sm, ip0)))
+ if (PREDICT_FALSE(nat_not_translate_output_feature_fwd(sm, ip0, thread_index)))
goto trace0;
}
diff --git a/src/plugins/nat/nat.c b/src/plugins/nat/nat.c
index 764bc1db6bb..51fbb1336e1 100755
--- a/src/plugins/nat/nat.c
+++ b/src/plugins/nat/nat.c
@@ -152,6 +152,21 @@ nat_free_session_data (snat_main_t * sm, snat_session_t * s, u32 thread_index)
snat_main_per_thread_data_t *tsm =
vec_elt_at_index (sm->per_thread_data, thread_index);
+ if (is_fwd_bypass_session (s))
+ {
+ ed_key.l_addr = s->in2out.addr;
+ ed_key.r_addr = s->ext_host_addr;
+ ed_key.l_port = s->in2out.port;
+ ed_key.r_port = s->ext_host_port;
+ ed_key.proto = snat_proto_to_ip_proto (s->in2out.protocol);
+ ed_key.fib_index = 0;
+ ed_kv.key[0] = ed_key.as_u64[0];
+ ed_kv.key[1] = ed_key.as_u64[1];
+ if (clib_bihash_add_del_16_8 (&sm->in2out_ed, &ed_kv, 0))
+ clib_warning ("in2out_ed key del failed");
+ return;
+ }
+
/* Endpoint dependent session lookup tables */
if (is_ed_session (s))
{
diff --git a/src/plugins/nat/nat.h b/src/plugins/nat/nat.h
index fb4ed98f837..8d7d1738fb3 100644
--- a/src/plugins/nat/nat.h
+++ b/src/plugins/nat/nat.h
@@ -129,6 +129,7 @@ typedef enum {
#define SNAT_SESSION_FLAG_UNKNOWN_PROTO 2
#define SNAT_SESSION_FLAG_LOAD_BALANCING 4
#define SNAT_SESSION_FLAG_TWICE_NAT 8
+#define SNAT_SESSION_FLAG_FWD_BYPASS 16
#define NAT_INTERFACE_FLAG_IS_INSIDE 1
#define NAT_INTERFACE_FLAG_IS_OUTSIDE 2
@@ -463,6 +464,12 @@ typedef struct {
*/
#define is_lb_session(s) (s->flags & SNAT_SESSION_FLAG_LOAD_BALANCING)
+/** \brief Check if NAT session is forwarding bypass.
+ @param s NAT session
+ @return 1 if NAT session is load-balancing
+*/
+#define is_fwd_bypass_session(s) (s->flags & SNAT_SESSION_FLAG_FWD_BYPASS)
+
/** \brief Check if NAT session is endpoint dependent.
@param s NAT session
@return 1 if NAT session is endpoint dependent
diff --git a/src/plugins/nat/out2in.c b/src/plugins/nat/out2in.c
index 553883d1144..637a07341e0 100755
--- a/src/plugins/nat/out2in.c
+++ b/src/plugins/nat/out2in.c
@@ -333,11 +333,15 @@ next_src_nat (snat_main_t * sm, ip4_header_t * ip, u32 proto, u16 src_port,
}
static void
-create_bypass_for_fwd(snat_main_t * sm, ip4_header_t * ip)
+create_bypass_for_fwd(snat_main_t * sm, ip4_header_t * ip, u32 rx_fib_index,
+ u32 thread_index)
{
nat_ed_ses_key_t key;
- clib_bihash_kv_16_8_t kv;
+ clib_bihash_kv_16_8_t kv, value;
udp_header_t *udp;
+ snat_user_t *u;
+ snat_session_t *s = 0;
+ snat_main_per_thread_data_t *tsm = &sm->per_thread_data[thread_index];
if (ip->protocol == IP_PROTOCOL_ICMP)
{
@@ -363,10 +367,50 @@ create_bypass_for_fwd(snat_main_t * sm, ip4_header_t * ip)
key.fib_index = 0;
kv.key[0] = key.as_u64[0];
kv.key[1] = key.as_u64[1];
- kv.value = ~0ULL;
- if (clib_bihash_add_del_16_8 (&sm->in2out_ed, &kv, 1))
- clib_warning ("in2out_ed key add failed");
+ if (!clib_bihash_search_16_8 (&sm->in2out_ed, &kv, &value))
+ {
+ s = pool_elt_at_index (tsm->sessions, value.value);
+ }
+ else
+ {
+ if (PREDICT_FALSE (maximum_sessions_exceeded(sm, thread_index)))
+ return;
+
+ u = nat_user_get_or_create (sm, &ip->dst_address, sm->inside_fib_index, thread_index);
+ if (!u)
+ {
+ clib_warning ("create NAT user failed");
+ return;
+ }
+
+ s = nat_session_alloc_or_recycle (sm, u, thread_index);
+ if (!s)
+ {
+ clib_warning ("create NAT session failed");
+ return;
+ }
+
+ s->ext_host_addr = key.r_addr;
+ s->ext_host_port = key.r_port;
+ s->flags |= SNAT_SESSION_FLAG_FWD_BYPASS;
+ s->outside_address_index = ~0;
+ s->out2in.addr = key.l_addr;
+ s->out2in.port = key.l_port;
+ s->out2in.protocol = ip_proto_to_snat_proto (key.proto);
+ s->out2in.fib_index = 0;
+ s->in2out = s->out2in;
+ user_session_increment (sm, u, 0);
+
+ kv.value = s - tsm->sessions;
+ if (clib_bihash_add_del_16_8 (&sm->in2out_ed, &kv, 1))
+ clib_warning ("in2out_ed key add failed");
+ }
+
+ /* Per-user LRU list maintenance */
+ clib_dlist_remove (tsm->list_pool, s->per_user_index);
+ clib_dlist_addtail (tsm->list_pool, s->per_user_list_head_index,
+ s->per_user_index);
}
/**
@@ -446,7 +490,7 @@ u32 icmp_match_out2in_slow(snat_main_t *sm, vlib_node_runtime_t *node,
next0 = SNAT_OUT2IN_NEXT_IN2OUT;
goto out;
}
- create_bypass_for_fwd(sm, ip0);
+ create_bypass_for_fwd(sm, ip0, rx_fib_index0, thread_index);
goto out;
}
}
@@ -1193,7 +1237,7 @@ snat_out2in_node_fn (vlib_main_t * vm,
next0 = SNAT_OUT2IN_NEXT_IN2OUT;
goto trace0;
}
- create_bypass_for_fwd(sm, ip0);
+ create_bypass_for_fwd(sm, ip0, rx_fib_index0, thread_index);
goto trace0;
}
}
@@ -1371,7 +1415,7 @@ snat_out2in_node_fn (vlib_main_t * vm,
next1 = SNAT_OUT2IN_NEXT_IN2OUT;
goto trace1;
}
- create_bypass_for_fwd(sm, ip1);
+ create_bypass_for_fwd(sm, ip1, rx_fib_index1, thread_index);
goto trace1;
}
}
@@ -1585,7 +1629,7 @@ snat_out2in_node_fn (vlib_main_t * vm,
next0 = SNAT_OUT2IN_NEXT_IN2OUT;
goto trace00;
}
- create_bypass_for_fwd(sm, ip0);
+ create_bypass_for_fwd(sm, ip0, rx_fib_index0, thread_index);
goto trace00;
}
}
@@ -1841,7 +1885,7 @@ nat44_out2in_reass_node_fn (vlib_main_t * vm,
next0 = SNAT_OUT2IN_NEXT_IN2OUT;
goto trace0;
}
- create_bypass_for_fwd(sm, ip0);
+ create_bypass_for_fwd(sm, ip0, rx_fib_index0, thread_index);
goto trace0;
}
}