From 98d82ca04ba438cd2ba3c03de6e1e82e4786cd83 Mon Sep 17 00:00:00 2001 From: Klement Sekera Date: Tue, 2 Feb 2021 13:25:40 +0100 Subject: nat: fix EI hairpinning thread safety Avoid doing inter-thread reads without locks by doing a handoff before destination address rewrite. Destination address is read from a session which is possibly owned by a different thread. By splitting the work in two parts with a handoff in the middle, we can do both in a thread safe way. Type: improvement Signed-off-by: Klement Sekera Change-Id: I1c50d188393a610f5564fa230c75771a8065f273 --- src/plugins/nat/nat.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) (limited to 'src/plugins/nat/nat.c') diff --git a/src/plugins/nat/nat.c b/src/plugins/nat/nat.c index 11e2d193240..85d4775c8fe 100644 --- a/src/plugins/nat/nat.c +++ b/src/plugins/nat/nat.c @@ -2514,6 +2514,13 @@ do \ vlib_zero_simple_counter (&c, 0); \ } while (0); +extern vlib_node_registration_t nat44_hairpinning_node; +extern vlib_node_registration_t snat_hairpin_dst_node; +extern vlib_node_registration_t + nat44_in2out_hairpinning_finish_ip4_lookup_node; +extern vlib_node_registration_t + nat44_in2out_hairpinning_finish_interface_output_node; + static clib_error_t * nat_init (vlib_main_t * vm) { @@ -2632,6 +2639,17 @@ nat_init (vlib_main_t * vm) nat_ha_init (vm, sm->num_workers, num_threads); test_key_calc_split (); + + sm->nat44_hairpinning_fq_index = + vlib_frame_queue_main_init (nat44_hairpinning_node.index, 0); + sm->snat_hairpin_dst_fq_index = + vlib_frame_queue_main_init (snat_hairpin_dst_node.index, 0); + sm->nat44_in2out_hairpinning_finish_ip4_lookup_node_fq_index = + vlib_frame_queue_main_init ( + nat44_in2out_hairpinning_finish_ip4_lookup_node.index, 0); + sm->nat44_in2out_hairpinning_finish_interface_output_node_fq_index = + vlib_frame_queue_main_init ( + nat44_in2out_hairpinning_finish_interface_output_node.index, 0); return nat44_api_hookup (vm); } -- cgit 1.2.3-korg