diff options
Diffstat (limited to 'src/plugins/nat')
-rw-r--r-- | src/plugins/nat/nat44-ed/nat44_ed.c | 29 | ||||
-rw-r--r-- | src/plugins/nat/nat44-ed/nat44_ed.h | 22 | ||||
-rw-r--r-- | src/plugins/nat/nat44-ed/nat44_ed_affinity.c | 6 | ||||
-rw-r--r-- | src/plugins/nat/nat44-ed/nat44_ed_affinity.h | 4 | ||||
-rw-r--r-- | src/plugins/nat/nat44-ed/nat44_ed_in2out.c | 47 | ||||
-rw-r--r-- | src/plugins/nat/nat44-ed/nat44_ed_out2in.c | 12 |
6 files changed, 53 insertions, 67 deletions
diff --git a/src/plugins/nat/nat44-ed/nat44_ed.c b/src/plugins/nat/nat44-ed/nat44_ed.c index 0d62e788ec1..c5c2a61f8d5 100644 --- a/src/plugins/nat/nat44-ed/nat44_ed.c +++ b/src/plugins/nat/nat44-ed/nat44_ed.c @@ -2405,19 +2405,14 @@ nat_set_outside_address_and_port (snat_address_t *addresses, u32 thread_index, } int -snat_static_mapping_match (snat_main_t * sm, - ip4_address_t match_addr, - u16 match_port, - u32 match_fib_index, - nat_protocol_t match_protocol, - ip4_address_t * mapping_addr, - u16 * mapping_port, - u32 * mapping_fib_index, - u8 by_external, - u8 * is_addr_only, - twice_nat_type_t * twice_nat, - lb_nat_type_t * lb, ip4_address_t * ext_host_addr, - u8 * is_identity_nat, snat_static_mapping_t ** out) +snat_static_mapping_match (vlib_main_t *vm, snat_main_t *sm, + ip4_address_t match_addr, u16 match_port, + u32 match_fib_index, nat_protocol_t match_protocol, + ip4_address_t *mapping_addr, u16 *mapping_port, + u32 *mapping_fib_index, u8 by_external, + u8 *is_addr_only, twice_nat_type_t *twice_nat, + lb_nat_type_t *lb, ip4_address_t *ext_host_addr, + u8 *is_identity_nat, snat_static_mapping_t **out) { clib_bihash_kv_8_8_t kv, value; clib_bihash_8_8_t *mapping_hash; @@ -2460,11 +2455,9 @@ snat_static_mapping_match (snat_main_t * sm, { if (PREDICT_FALSE (lb != 0)) *lb = m->affinity ? AFFINITY_LB_NAT : LB_NAT; - if (m->affinity && !nat_affinity_find_and_lock (ext_host_addr[0], - match_addr, - match_protocol, - match_port, - &backend_index)) + if (m->affinity && !nat_affinity_find_and_lock ( + vm, ext_host_addr[0], match_addr, + match_protocol, match_port, &backend_index)) { local = pool_elt_at_index (m->locals, backend_index); *mapping_addr = local->addr; diff --git a/src/plugins/nat/nat44-ed/nat44_ed.h b/src/plugins/nat/nat44-ed/nat44_ed.h index c6bccd9f492..66276285584 100644 --- a/src/plugins/nat/nat44-ed/nat44_ed.h +++ b/src/plugins/nat/nat44-ed/nat44_ed.h @@ -1079,21 +1079,13 @@ void expire_per_vrf_sessions (u32 fib_index); * * @returns 0 if match found otherwise 1. */ -int snat_static_mapping_match (snat_main_t * sm, - ip4_address_t match_addr, - u16 match_port, - u32 match_fib_index, - nat_protocol_t match_protocol, - ip4_address_t * mapping_addr, - u16 * mapping_port, - u32 * mapping_fib_index, - u8 by_external, - u8 * is_addr_only, - twice_nat_type_t * twice_nat, - lb_nat_type_t * lb, - ip4_address_t * ext_host_addr, - u8 * is_identity_nat, - snat_static_mapping_t ** out); +int snat_static_mapping_match ( + vlib_main_t *vm, snat_main_t *sm, ip4_address_t match_addr, u16 match_port, + u32 match_fib_index, nat_protocol_t match_protocol, + ip4_address_t *mapping_addr, u16 *mapping_port, u32 *mapping_fib_index, + u8 by_external, u8 *is_addr_only, twice_nat_type_t *twice_nat, + lb_nat_type_t *lb, ip4_address_t *ext_host_addr, u8 *is_identity_nat, + snat_static_mapping_t **out); /** * @brief Add/del NAT address to FIB. diff --git a/src/plugins/nat/nat44-ed/nat44_ed_affinity.c b/src/plugins/nat/nat44-ed/nat44_ed_affinity.c index 6debe401292..89f11c64ef3 100644 --- a/src/plugins/nat/nat44-ed/nat44_ed_affinity.c +++ b/src/plugins/nat/nat44-ed/nat44_ed_affinity.c @@ -140,9 +140,9 @@ nat_affinity_flush_service (u32 affinity_per_service_list_head_index) } int -nat_affinity_find_and_lock (ip4_address_t client_addr, +nat_affinity_find_and_lock (vlib_main_t *vm, ip4_address_t client_addr, ip4_address_t service_addr, u8 proto, - u16 service_port, u8 * backend_index) + u16 service_port, u8 *backend_index) { snat_main_t *sm = &snat_main; nat_affinity_main_t *nam = &nat_affinity_main; @@ -162,7 +162,7 @@ nat_affinity_find_and_lock (ip4_address_t client_addr, /* if already expired delete */ if (a->ref_cnt == 0) { - if (a->expire < vlib_time_now (nam->vlib_main)) + if (a->expire < vlib_time_now (vm)) { clib_dlist_remove (nam->list_pool, a->per_service_index); pool_put_index (nam->list_pool, a->per_service_index); diff --git a/src/plugins/nat/nat44-ed/nat44_ed_affinity.h b/src/plugins/nat/nat44-ed/nat44_ed_affinity.h index 2cfa9d29eb0..bd9b4d6ae59 100644 --- a/src/plugins/nat/nat44-ed/nat44_ed_affinity.h +++ b/src/plugins/nat/nat44-ed/nat44_ed_affinity.h @@ -109,9 +109,9 @@ clib_error_t *nat_affinity_init (vlib_main_t * vm); * * @return 0 on success, non-zero value otherwise. */ -int nat_affinity_find_and_lock (ip4_address_t client_addr, +int nat_affinity_find_and_lock (vlib_main_t *vm, ip4_address_t client_addr, ip4_address_t service_addr, u8 proto, - u16 service_port, u8 * backend_index); + u16 service_port, u8 *backend_index); /** * @brief Create affinity record and take reference counting lock. diff --git a/src/plugins/nat/nat44-ed/nat44_ed_in2out.c b/src/plugins/nat/nat44-ed/nat44_ed_in2out.c index 885851c46b6..fe1a6d94f4c 100644 --- a/src/plugins/nat/nat44-ed/nat44_ed_in2out.c +++ b/src/plugins/nat/nat44-ed/nat44_ed_in2out.c @@ -331,10 +331,11 @@ nat44_ed_external_sm_lookup (snat_main_t *sm, ip4_address_t match_addr, } static u32 -slow_path_ed (snat_main_t *sm, vlib_buffer_t *b, ip4_address_t l_addr, - ip4_address_t r_addr, u16 l_port, u16 r_port, u8 proto, - u32 rx_fib_index, snat_session_t **sessionp, - vlib_node_runtime_t *node, u32 next, u32 thread_index, f64 now) +slow_path_ed (vlib_main_t *vm, snat_main_t *sm, vlib_buffer_t *b, + ip4_address_t l_addr, ip4_address_t r_addr, u16 l_port, + u16 r_port, u8 proto, u32 rx_fib_index, + snat_session_t **sessionp, vlib_node_runtime_t *node, u32 next, + u32 thread_index, f64 now) { snat_main_per_thread_data_t *tsm = &sm->per_thread_data[thread_index]; ip4_address_t outside_addr; @@ -392,9 +393,9 @@ slow_path_ed (snat_main_t *sm, vlib_buffer_t *b, ip4_address_t l_addr, u32 sm_fib_index; /* First try to match static mapping by local address and port */ int is_sm; - if (snat_static_mapping_match (sm, l_addr, l_port, rx_fib_index, nat_proto, - &sm_addr, &sm_port, &sm_fib_index, 0, 0, 0, - &lb, 0, &is_identity_nat, 0)) + if (snat_static_mapping_match (vm, sm, l_addr, l_port, rx_fib_index, + nat_proto, &sm_addr, &sm_port, &sm_fib_index, + 0, 0, 0, &lb, 0, &is_identity_nat, 0)) { is_sm = 0; } @@ -554,9 +555,10 @@ error: } static_always_inline int -nat44_ed_not_translate (snat_main_t *sm, vlib_node_runtime_t *node, - u32 sw_if_index, vlib_buffer_t *b, ip4_header_t *ip, - u32 proto, u32 rx_fib_index, u32 thread_index) +nat44_ed_not_translate (vlib_main_t *vm, snat_main_t *sm, + vlib_node_runtime_t *node, u32 sw_if_index, + vlib_buffer_t *b, ip4_header_t *ip, u32 proto, + u32 rx_fib_index, u32 thread_index) { clib_bihash_kv_16_8_t kv, value; @@ -572,7 +574,7 @@ nat44_ed_not_translate (snat_main_t *sm, vlib_node_runtime_t *node, u16 placeholder_port; u32 placeholder_fib_index; if (!snat_static_mapping_match ( - sm, ip->dst_address, vnet_buffer (b)->ip.reass.l4_dst_port, + vm, sm, ip->dst_address, vnet_buffer (b)->ip.reass.l4_dst_port, sm->outside_fib_index, proto, &placeholder_addr, &placeholder_port, &placeholder_fib_index, 1, 0, 0, 0, 0, 0, 0)) return 0; @@ -742,8 +744,8 @@ icmp_in2out_ed_slow_path (snat_main_t *sm, vlib_buffer_t *b, ip4_header_t *ip, } else { - if (PREDICT_FALSE (nat44_ed_not_translate (sm, node, sw_if_index, b, ip, - NAT_PROTOCOL_ICMP, + if (PREDICT_FALSE (nat44_ed_not_translate (vm, sm, node, sw_if_index, b, + ip, NAT_PROTOCOL_ICMP, rx_fib_index, thread_index))) { return next; @@ -757,9 +759,9 @@ icmp_in2out_ed_slow_path (snat_main_t *sm, vlib_buffer_t *b, ip4_header_t *ip, return NAT_NEXT_DROP; } - next = slow_path_ed (sm, b, ip->src_address, ip->dst_address, lookup_sport, - lookup_dport, ip->protocol, rx_fib_index, &s, node, - next, thread_index, vlib_time_now (vm)); + next = slow_path_ed (vm, sm, b, ip->src_address, ip->dst_address, + lookup_sport, lookup_dport, ip->protocol, rx_fib_index, + &s, node, next, thread_index, vlib_time_now (vm)); if (NAT_NEXT_DROP == next) goto out; @@ -1374,17 +1376,16 @@ nat44_ed_in2out_slow_path_node_fn_inline (vlib_main_t * vm, else { if (PREDICT_FALSE (nat44_ed_not_translate ( - sm, node, sw_if_index0, b0, ip0, proto0, rx_fib_index0, + vm, sm, node, sw_if_index0, b0, ip0, proto0, rx_fib_index0, thread_index))) goto trace0; } - next[0] = - slow_path_ed (sm, b0, ip0->src_address, ip0->dst_address, - vnet_buffer (b0)->ip.reass.l4_src_port, - vnet_buffer (b0)->ip.reass.l4_dst_port, - ip0->protocol, rx_fib_index0, &s0, node, next[0], - thread_index, now); + next[0] = slow_path_ed ( + vm, sm, b0, ip0->src_address, ip0->dst_address, + vnet_buffer (b0)->ip.reass.l4_src_port, + vnet_buffer (b0)->ip.reass.l4_dst_port, ip0->protocol, + rx_fib_index0, &s0, node, next[0], thread_index, now); if (PREDICT_FALSE (next[0] == NAT_NEXT_DROP)) goto trace0; diff --git a/src/plugins/nat/nat44-ed/nat44_ed_out2in.c b/src/plugins/nat/nat44-ed/nat44_ed_out2in.c index d3fd50953e0..2f83ad3f3e7 100644 --- a/src/plugins/nat/nat44-ed/nat44_ed_out2in.c +++ b/src/plugins/nat/nat44-ed/nat44_ed_out2in.c @@ -149,7 +149,7 @@ icmp_out2in_ed_slow_path (snat_main_t *sm, vlib_buffer_t *b, ip4_header_t *ip, } if (snat_static_mapping_match ( - sm, ip->dst_address, lookup_sport, rx_fib_index, + vm, sm, ip->dst_address, lookup_sport, rx_fib_index, ip_proto_to_nat_proto (ip->protocol), &sm_addr, &sm_port, &sm_fib_index, 1, &is_addr_only, 0, 0, 0, &identity_nat, &m)) { @@ -1198,11 +1198,11 @@ nat44_ed_out2in_slow_path_node_fn_inline (vlib_main_t * vm, /* Try to match static mapping by external address and port, destination address and port in packet */ - if (snat_static_mapping_match - (sm, ip0->dst_address, - vnet_buffer (b0)->ip.reass.l4_dst_port, rx_fib_index0, - proto0, &sm_addr, &sm_port, &sm_fib_index, 1, 0, - &twice_nat0, &lb_nat0, &ip0->src_address, &identity_nat0, &m)) + if (snat_static_mapping_match ( + vm, sm, ip0->dst_address, + vnet_buffer (b0)->ip.reass.l4_dst_port, rx_fib_index0, proto0, + &sm_addr, &sm_port, &sm_fib_index, 1, 0, &twice_nat0, &lb_nat0, + &ip0->src_address, &identity_nat0, &m)) { /* * Send DHCP packets to the ipv4 stack, or we won't |