summaryrefslogtreecommitdiffstats
path: root/src/plugins/nat
diff options
context:
space:
mode:
Diffstat (limited to 'src/plugins/nat')
-rw-r--r--src/plugins/nat/dslite.c10
-rwxr-xr-xsrc/plugins/nat/nat.c44
-rw-r--r--src/plugins/nat/nat.h4
-rw-r--r--src/plugins/nat/nat64.c9
-rw-r--r--src/plugins/nat/nat64_cli.c9
-rw-r--r--src/plugins/nat/nat66.c5
6 files changed, 46 insertions, 35 deletions
diff --git a/src/plugins/nat/dslite.c b/src/plugins/nat/dslite.c
index 339c12c5656..d9a17293fac 100644
--- a/src/plugins/nat/dslite.c
+++ b/src/plugins/nat/dslite.c
@@ -109,7 +109,7 @@ dslite_set_aftr_ip6_addr (dslite_main_t * dm, ip6_address_t * addr)
.fp_len = 0,
.fp_addr.ip4.as_u32 = 0,
};
- fib_table_entry_special_dpo_add (0, &pfx, FIB_SOURCE_PLUGIN_HI,
+ fib_table_entry_special_dpo_add (0, &pfx, nat_fib_src_hi,
FIB_ENTRY_FLAG_EXCLUSIVE, &dpo);
}
else
@@ -121,7 +121,7 @@ dslite_set_aftr_ip6_addr (dslite_main_t * dm, ip6_address_t * addr)
.fp_addr.ip6.as_u64[0] = addr->as_u64[0],
.fp_addr.ip6.as_u64[1] = addr->as_u64[1],
};
- fib_table_entry_special_dpo_add (0, &pfx, FIB_SOURCE_PLUGIN_HI,
+ fib_table_entry_special_dpo_add (0, &pfx, nat_fib_src_hi,
FIB_ENTRY_FLAG_EXCLUSIVE, &dpo);
}
@@ -153,7 +153,7 @@ dslite_set_b4_ip6_addr (dslite_main_t * dm, ip6_address_t * addr)
.fp_addr.ip6.as_u64[0] = addr->as_u64[0],
.fp_addr.ip6.as_u64[1] = addr->as_u64[1],
};
- fib_table_entry_special_dpo_add (0, &pfx, FIB_SOURCE_PLUGIN_HI,
+ fib_table_entry_special_dpo_add (0, &pfx, nat_fib_src_hi,
FIB_ENTRY_FLAG_EXCLUSIVE, &dpo);
dpo_reset (&dpo);
@@ -218,7 +218,7 @@ dslite_add_del_pool_addr (dslite_main_t * dm, ip4_address_t * addr, u8 is_add)
foreach_snat_protocol
#undef _
dslite_dpo_create (DPO_PROTO_IP4, 0, &dpo_v4);
- fib_table_entry_special_dpo_add (0, &pfx, FIB_SOURCE_PLUGIN_HI,
+ fib_table_entry_special_dpo_add (0, &pfx, nat_fib_src_hi,
FIB_ENTRY_FLAG_EXCLUSIVE, &dpo_v4);
dpo_reset (&dpo_v4);
}
@@ -231,7 +231,7 @@ dslite_add_del_pool_addr (dslite_main_t * dm, ip4_address_t * addr, u8 is_add)
vec_free (a->busy_##n##_ports_per_thread);
foreach_snat_protocol
#undef _
- fib_table_entry_special_remove (0, &pfx, FIB_SOURCE_PLUGIN_HI);
+ fib_table_entry_special_remove (0, &pfx, nat_fib_src_hi);
vec_del1 (dm->addr_pool, i);
}
return 0;
diff --git a/src/plugins/nat/nat.c b/src/plugins/nat/nat.c
index 0a30caf0f21..d7133684b32 100755
--- a/src/plugins/nat/nat.c
+++ b/src/plugins/nat/nat.c
@@ -38,6 +38,9 @@
snat_main_t snat_main;
+fib_source_t nat_fib_src_hi;
+fib_source_t nat_fib_src_low;
+
/* *INDENT-OFF* */
/* Hook up input features */
VNET_FEATURE_INIT (nat_pre_in2out, static) = {
@@ -536,7 +539,7 @@ snat_add_del_addr_to_fib (ip4_address_t * addr, u8 p_len, u32 sw_if_index,
if (is_add)
fib_table_entry_update_one_path (fib_index,
&prefix,
- FIB_SOURCE_PLUGIN_LOW,
+ nat_fib_src_low,
(FIB_ENTRY_FLAG_CONNECTED |
FIB_ENTRY_FLAG_LOCAL |
FIB_ENTRY_FLAG_EXCLUSIVE),
@@ -545,7 +548,7 @@ snat_add_del_addr_to_fib (ip4_address_t * addr, u8 p_len, u32 sw_if_index,
sw_if_index,
~0, 1, NULL, FIB_ROUTE_PATH_FLAG_NONE);
else
- fib_table_entry_delete (fib_index, &prefix, FIB_SOURCE_PLUGIN_LOW);
+ fib_table_entry_delete (fib_index, &prefix, nat_fib_src_low);
}
int
@@ -577,7 +580,7 @@ snat_add_address (snat_main_t * sm, ip4_address_t * addr, u32 vrf_id,
if (vrf_id != ~0)
ap->fib_index =
fib_table_find_or_create_and_lock (FIB_PROTOCOL_IP4, vrf_id,
- FIB_SOURCE_PLUGIN_LOW);
+ nat_fib_src_low);
else
ap->fib_index = ~0;
#define _(N, i, n, s) \
@@ -813,7 +816,7 @@ snat_add_static_mapping (ip4_address_t l_addr, ip4_address_t e_addr,
local->vrf_id = vrf_id;
local->fib_index =
fib_table_find_or_create_and_lock (FIB_PROTOCOL_IP4, vrf_id,
- FIB_SOURCE_PLUGIN_LOW);
+ nat_fib_src_low);
m_key.addr = m->local_addr;
m_key.port = m->local_port;
m_key.protocol = m->proto;
@@ -834,13 +837,13 @@ snat_add_static_mapping (ip4_address_t l_addr, ip4_address_t e_addr,
if (vrf_id != ~0)
fib_index =
fib_table_find_or_create_and_lock (FIB_PROTOCOL_IP4, vrf_id,
- FIB_SOURCE_PLUGIN_LOW);
+ nat_fib_src_low);
/* If not specified use inside VRF id from SNAT plugin startup config */
else
{
fib_index = sm->inside_fib_index;
vrf_id = sm->inside_vrf_id;
- fib_table_lock (fib_index, FIB_PROTOCOL_IP4, FIB_SOURCE_PLUGIN_LOW);
+ fib_table_lock (fib_index, FIB_PROTOCOL_IP4, nat_fib_src_low);
}
if (!(out2in_only || identity_nat))
@@ -1133,7 +1136,7 @@ snat_add_static_mapping (ip4_address_t l_addr, ip4_address_t e_addr,
}
}
- fib_table_unlock (fib_index, FIB_PROTOCOL_IP4, FIB_SOURCE_PLUGIN_LOW);
+ fib_table_unlock (fib_index, FIB_PROTOCOL_IP4, nat_fib_src_low);
if (pool_elts (m->locals))
return 0;
@@ -1291,7 +1294,7 @@ nat44_add_del_lb_static_mapping (ip4_address_t e_addr, u16 e_port,
locals[i].fib_index =
fib_table_find_or_create_and_lock (FIB_PROTOCOL_IP4,
locals[i].vrf_id,
- FIB_SOURCE_PLUGIN_LOW);
+ nat_fib_src_low);
m_key.addr = locals[i].addr;
m_key.fib_index = locals[i].fib_index;
if (!out2in_only)
@@ -1381,7 +1384,7 @@ nat44_add_del_lb_static_mapping (ip4_address_t e_addr, u16 e_port,
pool_foreach (local, m->locals,
({
fib_table_unlock (local->fib_index, FIB_PROTOCOL_IP4,
- FIB_SOURCE_PLUGIN_LOW);
+ nat_fib_src_low);
m_key.addr = local->addr;
if (!out2in_only)
{
@@ -1514,7 +1517,7 @@ nat44_lb_static_mapping_add_del_local (ip4_address_t e_addr, u16 e_port,
local->vrf_id = vrf_id;
local->fib_index =
fib_table_find_or_create_and_lock (FIB_PROTOCOL_IP4, vrf_id,
- FIB_SOURCE_PLUGIN_LOW);
+ nat_fib_src_low);
if (!is_out2in_only_static_mapping (m))
{
@@ -1536,7 +1539,7 @@ nat44_lb_static_mapping_add_del_local (ip4_address_t e_addr, u16 e_port,
return VNET_API_ERROR_UNSPECIFIED;
fib_table_unlock (match_local->fib_index, FIB_PROTOCOL_IP4,
- FIB_SOURCE_PLUGIN_LOW);
+ nat_fib_src_low);
if (!is_out2in_only_static_mapping (m))
{
@@ -1687,7 +1690,7 @@ snat_del_address (snat_main_t * sm, ip4_address_t addr, u8 delete_sm,
}
if (a->fib_index != ~0)
- fib_table_unlock (a->fib_index, FIB_PROTOCOL_IP4, FIB_SOURCE_PLUGIN_LOW);
+ fib_table_unlock (a->fib_index, FIB_PROTOCOL_IP4, nat_fib_src_low);
/* Delete sessions using address */
if (a->busy_tcp_ports || a->busy_udp_ports || a->busy_icmp_ports)
@@ -2464,6 +2467,13 @@ snat_init (vlib_main_t * vm)
};
vec_add1 (ip4_main.table_bind_callbacks, cbt4);
+ nat_fib_src_hi = fib_source_allocate ("nat-hi",
+ FIB_SOURCE_PRIORITY_HI,
+ FIB_SOURCE_BH_SIMPLE);
+ nat_fib_src_low = fib_source_allocate ("nat-low",
+ FIB_SOURCE_PRIORITY_LOW,
+ FIB_SOURCE_BH_SIMPLE);
+
/* Init virtual fragmenentation reassembly */
return nat_reass_init (vm);
}
@@ -2915,13 +2925,13 @@ nat44_add_del_address_dpo (ip4_address_t addr, u8 is_add)
if (is_add)
{
nat_dpo_create (DPO_PROTO_IP4, 0, &dpo_v4);
- fib_table_entry_special_dpo_add (0, &pfx, FIB_SOURCE_PLUGIN_HI,
+ fib_table_entry_special_dpo_add (0, &pfx, nat_fib_src_hi,
FIB_ENTRY_FLAG_EXCLUSIVE, &dpo_v4);
dpo_reset (&dpo_v4);
}
else
{
- fib_table_entry_special_remove (0, &pfx, FIB_SOURCE_PLUGIN_HI);
+ fib_table_entry_special_remove (0, &pfx, nat_fib_src_hi);
}
}
@@ -3836,15 +3846,15 @@ snat_config (vlib_main_t * vm, unformat_input_t * input)
sm->outside_vrf_id = outside_vrf_id;
sm->outside_fib_index = fib_table_find_or_create_and_lock (FIB_PROTOCOL_IP4,
outside_vrf_id,
- FIB_SOURCE_PLUGIN_HI);
+ nat_fib_src_hi);
nm->outside_vrf_id = outside_ip6_vrf_id;
nm->outside_fib_index = fib_table_find_or_create_and_lock (FIB_PROTOCOL_IP6,
outside_ip6_vrf_id,
- FIB_SOURCE_PLUGIN_HI);
+ nat_fib_src_hi);
sm->inside_vrf_id = inside_vrf_id;
sm->inside_fib_index = fib_table_find_or_create_and_lock (FIB_PROTOCOL_IP4,
inside_vrf_id,
- FIB_SOURCE_PLUGIN_HI);
+ nat_fib_src_hi);
sm->static_mapping_only = static_mapping_only;
sm->static_mapping_connection_tracking = static_mapping_connection_tracking;
diff --git a/src/plugins/nat/nat.h b/src/plugins/nat/nat.h
index b65ad1b676f..ee712f4748f 100644
--- a/src/plugins/nat/nat.h
+++ b/src/plugins/nat/nat.h
@@ -23,6 +23,7 @@
#include <vnet/ethernet/ethernet.h>
#include <vnet/ip/icmp46_packet.h>
#include <vnet/api_errno.h>
+#include <vnet/fib/fib_source.h>
#include <vppinfra/elog.h>
#include <vppinfra/bihash_8_8.h>
#include <vppinfra/bihash_16_8.h>
@@ -742,6 +743,9 @@ extern vlib_node_registration_t nat44_ed_in2out_worker_handoff_node;
extern vlib_node_registration_t nat44_ed_in2out_output_worker_handoff_node;
extern vlib_node_registration_t nat44_ed_out2in_worker_handoff_node;
+extern fib_source_t nat_fib_src_hi;
+extern fib_source_t nat_fib_src_low;
+
/* format functions */
format_function_t format_snat_user;
format_function_t format_snat_static_mapping;
diff --git a/src/plugins/nat/nat64.c b/src/plugins/nat/nat64.c
index 0fe29800420..e1afea6510e 100644
--- a/src/plugins/nat/nat64.c
+++ b/src/plugins/nat/nat64.c
@@ -343,7 +343,7 @@ nat64_add_del_pool_addr (u32 thread_index,
if (vrf_id != ~0)
a->fib_index =
fib_table_find_or_create_and_lock (FIB_PROTOCOL_IP6, vrf_id,
- FIB_SOURCE_PLUGIN_HI);
+ nat_fib_src_hi);
#define _(N, id, n, s) \
clib_bitmap_alloc (a->busy_##n##_port_bitmap, 65535); \
a->busy_##n##_ports = 0; \
@@ -357,8 +357,7 @@ nat64_add_del_pool_addr (u32 thread_index,
return VNET_API_ERROR_NO_SUCH_ENTRY;
if (a->fib_index != ~0)
- fib_table_unlock (a->fib_index, FIB_PROTOCOL_IP6,
- FIB_SOURCE_PLUGIN_HI);
+ fib_table_unlock (a->fib_index, FIB_PROTOCOL_IP6, nat_fib_src_hi);
/* Delete sessions using address */
/* *INDENT-OFF* */
vec_foreach (db, nm->db)
@@ -688,7 +687,7 @@ nat64_add_del_static_bib_entry (ip6_address_t * in_addr,
nat64_main_t *nm = &nat64_main;
nat64_db_bib_entry_t *bibe;
u32 fib_index = fib_table_find_or_create_and_lock (FIB_PROTOCOL_IP6, vrf_id,
- FIB_SOURCE_PLUGIN_HI);
+ nat_fib_src_hi);
snat_protocol_t p = ip_proto_to_snat_proto (proto);
ip46_address_t addr;
int i;
@@ -1027,7 +1026,7 @@ nat64_add_del_prefix (ip6_address_t * prefix, u8 plen, u32 vrf_id, u8 is_add)
vec_add2 (nm->pref64, p, 1);
p->fib_index =
fib_table_find_or_create_and_lock (FIB_PROTOCOL_IP6, vrf_id,
- FIB_SOURCE_PLUGIN_HI);
+ nat_fib_src_hi);
p->vrf_id = vrf_id;
}
diff --git a/src/plugins/nat/nat64_cli.c b/src/plugins/nat/nat64_cli.c
index 53152f11996..be468df1753 100644
--- a/src/plugins/nat/nat64_cli.c
+++ b/src/plugins/nat/nat64_cli.c
@@ -633,9 +633,9 @@ nat64_add_del_prefix_command_fn (vlib_main_t * vm, unformat_input_t * input,
{
fib_index =
fib_table_find_or_create_and_lock (FIB_PROTOCOL_IP6,
- vrf_id, FIB_SOURCE_PLUGIN_HI);
+ vrf_id, nat_fib_src_hi);
fib_table_entry_update_one_path (fib_index, &fibpfx,
- FIB_SOURCE_PLUGIN_HI,
+ nat_fib_src_hi,
FIB_ENTRY_FLAG_NONE,
DPO_PROTO_IP6, NULL,
sw_if_index, ~0, 0,
@@ -645,12 +645,11 @@ nat64_add_del_prefix_command_fn (vlib_main_t * vm, unformat_input_t * input,
{
fib_index = fib_table_find (FIB_PROTOCOL_IP6, vrf_id);
fib_table_entry_path_remove (fib_index, &fibpfx,
- FIB_SOURCE_PLUGIN_HI,
+ nat_fib_src_hi,
DPO_PROTO_IP6, NULL,
sw_if_index, ~0, 1,
FIB_ROUTE_PATH_INTF_RX);
- fib_table_unlock (fib_index, FIB_PROTOCOL_IP6,
- FIB_SOURCE_PLUGIN_HI);
+ fib_table_unlock (fib_index, FIB_PROTOCOL_IP6, nat_fib_src_hi);
}
}
diff --git a/src/plugins/nat/nat66.c b/src/plugins/nat/nat66.c
index 2caefab6480..e5e783b31f7 100644
--- a/src/plugins/nat/nat66.c
+++ b/src/plugins/nat/nat66.c
@@ -170,7 +170,7 @@ nat66_static_mapping_add_del (ip6_address_t * l_addr, ip6_address_t * e_addr,
return VNET_API_ERROR_VALUE_EXIST;
fib_index = fib_table_find_or_create_and_lock (FIB_PROTOCOL_IP6, vrf_id,
- FIB_SOURCE_PLUGIN_HI);
+ nat_fib_src_hi);
pool_get (nm->sm, sm);
clib_memset (sm, 0, sizeof (*sm));
sm->l_addr.as_u64[0] = l_addr->as_u64[0];
@@ -214,8 +214,7 @@ nat66_static_mapping_add_del (ip6_address_t * l_addr, ip6_address_t * e_addr,
kv.key[2] = sm_key.as_u64[2];
if (clib_bihash_add_del_24_8 (&nm->sm_e, &kv, 0))
nat_elog_warn ("nat66-static-map-by-external delete key failed");
- fib_table_unlock (sm->fib_index, FIB_PROTOCOL_IP6,
- FIB_SOURCE_PLUGIN_HI);
+ fib_table_unlock (sm->fib_index, FIB_PROTOCOL_IP6, nat_fib_src_hi);
pool_put (nm->sm, sm);
}