summaryrefslogtreecommitdiffstats
path: root/src/plugins/nat
diff options
context:
space:
mode:
Diffstat (limited to 'src/plugins/nat')
-rwxr-xr-xsrc/plugins/nat/in2out.c65
-rwxr-xr-xsrc/plugins/nat/out2in.c58
2 files changed, 6 insertions, 117 deletions
diff --git a/src/plugins/nat/in2out.c b/src/plugins/nat/in2out.c
index 134d652feb0..fae930b607f 100755
--- a/src/plugins/nat/in2out.c
+++ b/src/plugins/nat/in2out.c
@@ -464,47 +464,6 @@ icmp_get_ed_key(ip4_header_t *ip0, nat_ed_ses_key_t *p_key0)
return 0;
}
-static inline int
-nat_not_translate_output_feature_fwd (snat_main_t * sm, ip4_header_t * ip)
-{
- nat_ed_ses_key_t key;
- clib_bihash_kv_16_8_t kv, value;
- udp_header_t *udp;
-
- if (!sm->forwarding_enabled)
- return 0;
-
- if (ip->protocol == IP_PROTOCOL_ICMP)
- {
- if (icmp_get_ed_key (ip, &key))
- return 0;
- }
- else if (ip->protocol == IP_PROTOCOL_UDP || ip->protocol == IP_PROTOCOL_TCP)
- {
- udp = ip4_next_header(ip);
- key.l_addr = ip->src_address;
- key.r_addr = ip->dst_address;
- key.proto = ip->protocol;
- key.r_port = udp->dst_port;
- key.l_port = udp->src_port;
- }
- else
- {
- key.l_addr = ip->src_address;
- key.r_addr = ip->dst_address;
- key.proto = ip->protocol;
- key.l_port = key.r_port = 0;
- }
- key.fib_index = 0;
- kv.key[0] = key.as_u64[0];
- kv.key[1] = key.as_u64[1];
-
- if (!clib_bihash_search_16_8 (&sm->in2out_ed, &kv, &value))
- return value.value == ~0ULL;
-
- return 0;
-}
-
/**
* Get address and port values to be used for ICMP packet translation
* and create session if needed
@@ -1324,8 +1283,6 @@ snat_in2out_lb (snat_main_t *sm,
if (!clib_bihash_search_16_8 (&sm->in2out_ed, &s_kv, &s_value))
{
- if (s_value.value == ~0ULL)
- return 0;
s = pool_elt_at_index (tsm->sessions, s_value.value);
}
else
@@ -1560,12 +1517,6 @@ snat_in2out_node_fn_inline (vlib_main_t * vm,
}
else
{
- if (is_output_feature)
- {
- if (PREDICT_FALSE(nat_not_translate_output_feature_fwd(sm, ip0)))
- goto trace00;
- }
-
if (PREDICT_FALSE (proto0 == ~0 || proto0 == SNAT_PROTOCOL_ICMP))
{
next0 = SNAT_IN2OUT_NEXT_SLOW_PATH;
@@ -1752,12 +1703,6 @@ snat_in2out_node_fn_inline (vlib_main_t * vm,
}
else
{
- if (is_output_feature)
- {
- if (PREDICT_FALSE(nat_not_translate_output_feature_fwd(sm, ip1)))
- goto trace01;
- }
-
if (PREDICT_FALSE (proto1 == ~0 || proto1 == SNAT_PROTOCOL_ICMP))
{
next1 = SNAT_IN2OUT_NEXT_SLOW_PATH;
@@ -1771,6 +1716,8 @@ snat_in2out_node_fn_inline (vlib_main_t * vm,
}
}
+ b1->flags |= VNET_BUFFER_F_IS_NATED;
+
key1.addr = ip1->src_address;
key1.port = udp1->src_port;
key1.protocol = proto1;
@@ -1833,8 +1780,6 @@ snat_in2out_node_fn_inline (vlib_main_t * vm,
}
}
- b1->flags |= VNET_BUFFER_F_IS_NATED;
-
old_addr1 = ip1->src_address.as_u32;
ip1->src_address = s1->out2in.addr;
new_addr1 = ip1->src_address.as_u32;
@@ -1980,12 +1925,6 @@ snat_in2out_node_fn_inline (vlib_main_t * vm,
}
else
{
- if (is_output_feature)
- {
- if (PREDICT_FALSE(nat_not_translate_output_feature_fwd(sm, ip0)))
- goto trace0;
- }
-
if (PREDICT_FALSE (proto0 == ~0 || proto0 == SNAT_PROTOCOL_ICMP))
{
next0 = SNAT_IN2OUT_NEXT_SLOW_PATH;
diff --git a/src/plugins/nat/out2in.c b/src/plugins/nat/out2in.c
index e6854e55440..97cd2903a9d 100755
--- a/src/plugins/nat/out2in.c
+++ b/src/plugins/nat/out2in.c
@@ -311,43 +311,6 @@ icmp_get_ed_key(ip4_header_t *ip0, nat_ed_ses_key_t *p_key0)
return 0;
}
-static void
-create_bypass_for_fwd(snat_main_t * sm, ip4_header_t * ip)
-{
- nat_ed_ses_key_t key;
- clib_bihash_kv_16_8_t kv;
- udp_header_t *udp;
-
- if (ip->protocol == IP_PROTOCOL_ICMP)
- {
- if (icmp_get_ed_key (ip, &key))
- return;
- }
- else if (ip->protocol == IP_PROTOCOL_UDP || ip->protocol == IP_PROTOCOL_TCP)
- {
- udp = ip4_next_header(ip);
- key.r_addr = ip->src_address;
- key.l_addr = ip->dst_address;
- key.proto = ip->protocol;
- key.l_port = udp->dst_port;
- key.r_port = udp->src_port;
- }
- else
- {
- key.r_addr = ip->src_address;
- key.l_addr = ip->dst_address;
- key.proto = ip->protocol;
- key.l_port = key.r_port = 0;
- }
- key.fib_index = 0;
- kv.key[0] = key.as_u64[0];
- kv.key[1] = key.as_u64[1];
- kv.value = ~0ULL;
-
- if (clib_bihash_add_del_16_8 (&sm->in2out_ed, &kv, 1))
- clib_warning ("in2out_ed key add failed");
-}
-
/**
* Get address and port values to be used for ICMP packet translation
* and create session if needed
@@ -419,7 +382,6 @@ u32 icmp_match_out2in_slow(snat_main_t *sm, vlib_node_runtime_t *node,
}
else
{
- create_bypass_for_fwd(sm, ip0);
dont_translate = 1;
goto out;
}
@@ -1151,10 +1113,7 @@ snat_out2in_node_fn (vlib_main_t * vm,
goto trace0;
}
else
- {
- create_bypass_for_fwd(sm, ip0);
- goto trace0;
- }
+ goto trace0;
}
/* Create session initiated by host from external network */
@@ -1318,10 +1277,7 @@ snat_out2in_node_fn (vlib_main_t * vm,
goto trace1;
}
else
- {
- create_bypass_for_fwd(sm, ip1);
- goto trace1;
- }
+ goto trace1;
}
/* Create session initiated by host from external network */
@@ -1521,10 +1477,7 @@ snat_out2in_node_fn (vlib_main_t * vm,
goto trace00;
}
else
- {
- create_bypass_for_fwd(sm, ip0);
- goto trace00;
- }
+ goto trace00;
}
/* Create session initiated by host from external network */
@@ -1764,10 +1717,7 @@ nat44_out2in_reass_node_fn (vlib_main_t * vm,
goto trace0;
}
else
- {
- create_bypass_for_fwd(sm, ip0);
- goto trace0;
- }
+ goto trace0;
}
/* Create session initiated by host from external network */