From 0eaf4e6784efb2d058fe2f031578251b6bcc0aa8 Mon Sep 17 00:00:00 2001 From: Filip Varga Date: Wed, 17 Feb 2021 14:34:54 +0100 Subject: nat: Final NAT44 EI/ED split patch This patch achieves complete separation of endpoint-dependent and endpoint-independent IPv4 NAT features. Some common stuff is also moved to NAT library. Type: refactor Change-Id: I52468b7e2b5ac28958a2baf8e2ea01787322e801 Signed-off-by: Filip Varga --- src/plugins/nat/nat44-ei/nat44_ei_in2out.c | 1151 ++++++++++++++-------------- 1 file changed, 585 insertions(+), 566 deletions(-) (limited to 'src/plugins/nat/nat44-ei/nat44_ei_in2out.c') diff --git a/src/plugins/nat/nat44-ei/nat44_ei_in2out.c b/src/plugins/nat/nat44-ei/nat44_ei_in2out.c index 54ed1a92e8b..80beb7a49eb 100644 --- a/src/plugins/nat/nat44-ei/nat44_ei_in2out.c +++ b/src/plugins/nat/nat44-ei/nat44_ei_in2out.c @@ -14,28 +14,27 @@ */ /** * @file - * @brief NAT44 inside to outside network translation + * @brief NAT44 EI inside to outside network translation */ #include -#include +#include #include #include -#include #include -#include -#include -#include -#include -#include -#include +#include #include #include -#include + +#include +#include +#include #include -#include +#include +#include +#include typedef struct { @@ -44,15 +43,15 @@ typedef struct u32 session_index; u32 is_slow_path; u32 is_hairpinning; -} snat_in2out_trace_t; +} nat44_ei_in2out_trace_t; /* packet trace format function */ static u8 * -format_snat_in2out_trace (u8 * s, va_list * args) +format_nat44_ei_in2out_trace (u8 *s, va_list *args) { CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *); CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *); - snat_in2out_trace_t *t = va_arg (*args, snat_in2out_trace_t *); + nat44_ei_in2out_trace_t *t = va_arg (*args, nat44_ei_in2out_trace_t *); char *tag; tag = t->is_slow_path ? "NAT44_IN2OUT_SLOW_PATH" : "NAT44_IN2OUT_FAST_PATH"; @@ -68,11 +67,11 @@ format_snat_in2out_trace (u8 * s, va_list * args) } static u8 * -format_snat_in2out_fast_trace (u8 * s, va_list * args) +format_nat44_ei_in2out_fast_trace (u8 *s, va_list *args) { CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *); CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *); - snat_in2out_trace_t *t = va_arg (*args, snat_in2out_trace_t *); + nat44_ei_in2out_trace_t *t = va_arg (*args, nat44_ei_in2out_trace_t *); s = format (s, "NAT44_IN2OUT_FAST: sw_if_index %d, next index %d", t->sw_if_index, t->next_index); @@ -80,67 +79,125 @@ format_snat_in2out_fast_trace (u8 * s, va_list * args) return s; } -#define foreach_snat_in2out_error \ -_(UNSUPPORTED_PROTOCOL, "unsupported protocol") \ -_(OUT_OF_PORTS, "out of ports") \ -_(BAD_OUTSIDE_FIB, "outside VRF ID not found") \ -_(BAD_ICMP_TYPE, "unsupported ICMP type") \ -_(NO_TRANSLATION, "no translation") \ -_(MAX_SESSIONS_EXCEEDED, "maximum sessions exceeded") \ -_(CANNOT_CREATE_USER, "cannot create NAT user") +#define foreach_nat44_ei_in2out_error \ + _ (UNSUPPORTED_PROTOCOL, "unsupported protocol") \ + _ (OUT_OF_PORTS, "out of ports") \ + _ (BAD_OUTSIDE_FIB, "outside VRF ID not found") \ + _ (BAD_ICMP_TYPE, "unsupported ICMP type") \ + _ (NO_TRANSLATION, "no translation") \ + _ (MAX_SESSIONS_EXCEEDED, "maximum sessions exceeded") \ + _ (CANNOT_CREATE_USER, "cannot create NAT user") typedef enum { -#define _(sym,str) SNAT_IN2OUT_ERROR_##sym, - foreach_snat_in2out_error +#define _(sym, str) NAT44_EI_IN2OUT_ERROR_##sym, + foreach_nat44_ei_in2out_error #undef _ - SNAT_IN2OUT_N_ERROR, -} snat_in2out_error_t; + NAT44_EI_IN2OUT_N_ERROR, +} nat44_ei_in2out_error_t; -static char *snat_in2out_error_strings[] = { +static char *nat44_ei_in2out_error_strings[] = { #define _(sym,string) string, - foreach_snat_in2out_error + foreach_nat44_ei_in2out_error #undef _ }; typedef enum { - SNAT_IN2OUT_NEXT_LOOKUP, - SNAT_IN2OUT_NEXT_DROP, - SNAT_IN2OUT_NEXT_ICMP_ERROR, - SNAT_IN2OUT_NEXT_SLOW_PATH, - SNAT_IN2OUT_NEXT_HAIRPINNING_HANDOFF, - SNAT_IN2OUT_N_NEXT, -} snat_in2out_next_t; + NAT44_EI_IN2OUT_NEXT_LOOKUP, + NAT44_EI_IN2OUT_NEXT_DROP, + NAT44_EI_IN2OUT_NEXT_ICMP_ERROR, + NAT44_EI_IN2OUT_NEXT_SLOW_PATH, + NAT44_EI_IN2OUT_NEXT_HAIRPINNING_HANDOFF, + NAT44_EI_IN2OUT_N_NEXT, +} nat44_ei_in2out_next_t; typedef enum { - NAT44_IN2OUT_HAIRPINNING_FINISH_NEXT_DROP, - NAT44_IN2OUT_HAIRPINNING_FINISH_NEXT_LOOKUP, - NAT44_IN2OUT_HAIRPINNING_FINISH_N_NEXT, -} nat44_in2out_hairpinnig_finish_next_t; + NAT44_EI_IN2OUT_HAIRPINNING_FINISH_NEXT_DROP, + NAT44_EI_IN2OUT_HAIRPINNING_FINISH_NEXT_LOOKUP, + NAT44_EI_IN2OUT_HAIRPINNING_FINISH_N_NEXT, +} nat44_ei_in2out_hairpinnig_finish_next_t; + +static inline int +nat44_ei_not_translate_fast (vlib_node_runtime_t *node, u32 sw_if_index0, + ip4_header_t *ip0, u32 proto0, u32 rx_fib_index0) +{ + nat44_ei_main_t *nm = &nat44_ei_main; + + if (nm->out2in_dpo) + return 0; + + fib_node_index_t fei = FIB_NODE_INDEX_INVALID; + nat44_ei_outside_fib_t *outside_fib; + fib_prefix_t pfx = { + .fp_proto = FIB_PROTOCOL_IP4, + .fp_len = 32, + .fp_addr = { + .ip4.as_u32 = ip0->dst_address.as_u32, + } + , + }; + + /* Don't NAT packet aimed at the intfc address */ + if (PREDICT_FALSE (nat44_ei_is_interface_addr ( + nm->ip4_main, node, sw_if_index0, ip0->dst_address.as_u32))) + return 1; + + fei = fib_table_lookup (rx_fib_index0, &pfx); + if (FIB_NODE_INDEX_INVALID != fei) + { + u32 sw_if_index = fib_entry_get_resolving_interface (fei); + if (sw_if_index == ~0) + { + vec_foreach (outside_fib, nm->outside_fibs) + { + fei = fib_table_lookup (outside_fib->fib_index, &pfx); + if (FIB_NODE_INDEX_INVALID != fei) + { + sw_if_index = fib_entry_get_resolving_interface (fei); + if (sw_if_index != ~0) + break; + } + } + } + if (sw_if_index == ~0) + return 1; + + nat44_ei_interface_t *i; + pool_foreach (i, nm->interfaces) + { + /* NAT packet aimed at outside interface */ + if ((nat44_ei_interface_is_outside (i)) && + (sw_if_index == i->sw_if_index)) + return 0; + } + } + + return 1; +} static inline int -snat_not_translate (snat_main_t * sm, vlib_node_runtime_t * node, - u32 sw_if_index0, ip4_header_t * ip0, u32 proto0, - u32 rx_fib_index0, u32 thread_index) +nat44_ei_not_translate (nat44_ei_main_t *nm, vlib_node_runtime_t *node, + u32 sw_if_index0, ip4_header_t *ip0, u32 proto0, + u32 rx_fib_index0, u32 thread_index) { udp_header_t *udp0 = ip4_next_header (ip0); clib_bihash_kv_8_8_t kv0, value0; - init_nat_k (&kv0, ip0->dst_address, udp0->dst_port, sm->outside_fib_index, + init_nat_k (&kv0, ip0->dst_address, udp0->dst_port, nm->outside_fib_index, proto0); /* NAT packet aimed at external address if */ /* has active sessions */ - if (clib_bihash_search_8_8 (&sm->out2in, &kv0, &value0)) + if (clib_bihash_search_8_8 (&nm->out2in, &kv0, &value0)) { /* or is static mappings */ ip4_address_t placeholder_addr; u16 placeholder_port; u32 placeholder_fib_index; if (!nat44_ei_static_mapping_match (ip0->dst_address, udp0->dst_port, - sm->outside_fib_index, proto0, + nm->outside_fib_index, proto0, &placeholder_addr, &placeholder_port, &placeholder_fib_index, 1, 0, 0)) return 0; @@ -148,37 +205,38 @@ snat_not_translate (snat_main_t * sm, vlib_node_runtime_t * node, else return 0; - if (sm->forwarding_enabled) + if (nm->forwarding_enabled) return 1; - return snat_not_translate_fast (sm, node, sw_if_index0, ip0, proto0, - rx_fib_index0); + return nat44_ei_not_translate_fast (node, sw_if_index0, ip0, proto0, + rx_fib_index0); } static inline int -nat_not_translate_output_feature (snat_main_t * sm, ip4_header_t * ip0, - u32 proto0, u16 src_port, u16 dst_port, - u32 thread_index, u32 sw_if_index) +nat44_ei_not_translate_output_feature (nat44_ei_main_t *nm, ip4_header_t *ip0, + u32 proto0, u16 src_port, u16 dst_port, + u32 thread_index, u32 sw_if_index) { clib_bihash_kv_8_8_t kv0, value0; - snat_interface_t *i; + nat44_ei_interface_t *i; /* src NAT check */ init_nat_k (&kv0, ip0->src_address, src_port, ip4_fib_table_get_index_for_sw_if_index (sw_if_index), proto0); - if (!clib_bihash_search_8_8 (&sm->out2in, &kv0, &value0)) + if (!clib_bihash_search_8_8 (&nm->out2in, &kv0, &value0)) return 1; /* dst NAT check */ init_nat_k (&kv0, ip0->dst_address, dst_port, ip4_fib_table_get_index_for_sw_if_index (sw_if_index), proto0); - if (!clib_bihash_search_8_8 (&sm->in2out, &kv0, &value0)) + if (!clib_bihash_search_8_8 (&nm->in2out, &kv0, &value0)) { /* hairpinning */ - pool_foreach (i, sm->output_feature_interfaces) + pool_foreach (i, nm->output_feature_interfaces) { - if ((nat_interface_is_inside (i)) && (sw_if_index == i->sw_if_index)) + if ((nat44_ei_interface_is_inside (i)) && + (sw_if_index == i->sw_if_index)) return 0; } return 1; @@ -191,21 +249,22 @@ nat_not_translate_output_feature (snat_main_t * sm, ip4_header_t * ip0, int nat44_i2o_is_idle_session_cb (clib_bihash_kv_8_8_t * kv, void *arg) { - snat_main_t *sm = &snat_main; - nat44_is_idle_session_ctx_t *ctx = arg; - snat_session_t *s; + nat44_ei_main_t *nm = &nat44_ei_main; + nat44_ei_is_idle_session_ctx_t *ctx = arg; + nat44_ei_session_t *s; u64 sess_timeout_time; - snat_main_per_thread_data_t *tsm = vec_elt_at_index (sm->per_thread_data, - ctx->thread_index); + nat44_ei_main_per_thread_data_t *tnm = + vec_elt_at_index (nm->per_thread_data, ctx->thread_index); clib_bihash_kv_8_8_t s_kv; - s = pool_elt_at_index (tsm->sessions, kv->value); - sess_timeout_time = s->last_heard + (f64) nat44_session_get_timeout (sm, s); + s = pool_elt_at_index (tnm->sessions, kv->value); + sess_timeout_time = s->last_heard + (f64) nat_session_get_timeout ( + &nm->timeouts, s->nat_proto, s->state); if (ctx->now >= sess_timeout_time) { init_nat_o2i_k (&s_kv, s); - if (clib_bihash_add_del_8_8 (&sm->out2in, &s_kv, 0)) - nat_elog_warn ("out2in key del failed"); + if (clib_bihash_add_del_8_8 (&nm->out2in, &s_kv, 0)) + nat_elog_warn (nm, "out2in key del failed"); nat_ipfix_logging_nat44_ses_delete (ctx->thread_index, s->in2out.addr.as_u32, @@ -223,12 +282,12 @@ nat44_i2o_is_idle_session_cb (clib_bihash_kv_8_8_t * kv, void *arg) s->ext_host_port, s->nat_proto, s->out2in.fib_index, ctx->thread_index); - if (!snat_is_session_static (s)) - snat_free_outside_address_and_port (sm->addresses, ctx->thread_index, - &s->out2in.addr, - s->out2in.port, s->nat_proto); + if (!nat44_ei_is_session_static (s)) + nat44_ei_free_outside_address_and_port ( + nm->addresses, ctx->thread_index, &s->out2in.addr, s->out2in.port, + s->nat_proto); - nat44_delete_session (sm, s, ctx->thread_index); + nat44_ei_delete_session (nm, s, ctx->thread_index); return 1; } @@ -237,20 +296,16 @@ nat44_i2o_is_idle_session_cb (clib_bihash_kv_8_8_t * kv, void *arg) #endif static u32 -slow_path (snat_main_t * sm, vlib_buffer_t * b0, - ip4_header_t * ip0, - ip4_address_t i2o_addr, - u16 i2o_port, - u32 rx_fib_index0, - nat_protocol_t nat_proto, - snat_session_t ** sessionp, - vlib_node_runtime_t * node, u32 next0, u32 thread_index, f64 now) +slow_path (nat44_ei_main_t *nm, vlib_buffer_t *b0, ip4_header_t *ip0, + ip4_address_t i2o_addr, u16 i2o_port, u32 rx_fib_index0, + nat_protocol_t nat_proto, nat44_ei_session_t **sessionp, + vlib_node_runtime_t *node, u32 next0, u32 thread_index, f64 now) { - snat_user_t *u; - snat_session_t *s = 0; + nat44_ei_user_t *u; + nat44_ei_session_t *s = 0; clib_bihash_kv_8_8_t kv0; u8 is_sm = 0; - nat_outside_fib_t *outside_fib; + nat44_ei_outside_fib_t *outside_fib; fib_node_index_t fei = FIB_NODE_INDEX_INVALID; u8 identity_nat; fib_prefix_t pfx = { @@ -260,18 +315,18 @@ slow_path (snat_main_t * sm, vlib_buffer_t * b0, .ip4.as_u32 = ip0->dst_address.as_u32, }, }; - nat44_is_idle_session_ctx_t ctx0; + nat44_ei_is_idle_session_ctx_t ctx0; ip4_address_t sm_addr; u16 sm_port; u32 sm_fib_index; - if (PREDICT_FALSE (nat44_ei_maximum_sessions_exceeded (sm, thread_index))) + if (PREDICT_FALSE (nat44_ei_maximum_sessions_exceeded (nm, thread_index))) { - b0->error = node->errors[SNAT_IN2OUT_ERROR_MAX_SESSIONS_EXCEEDED]; + b0->error = node->errors[NAT44_EI_IN2OUT_ERROR_MAX_SESSIONS_EXCEEDED]; nat_ipfix_logging_max_sessions (thread_index, - sm->max_translations_per_thread); - nat_elog_notice ("maximum sessions exceeded"); - return SNAT_IN2OUT_NEXT_DROP; + nm->max_translations_per_thread); + nat_elog_notice (nm, "maximum sessions exceeded"); + return NAT44_EI_IN2OUT_NEXT_DROP; } /* First try to match static mapping by local address and port */ @@ -280,13 +335,13 @@ slow_path (snat_main_t * sm, vlib_buffer_t * b0, &sm_fib_index, 0, 0, &identity_nat)) { /* Try to create dynamic translation */ - if (sm->alloc_addr_and_port ( - sm->addresses, rx_fib_index0, thread_index, nat_proto, &sm_addr, - &sm_port, sm->port_per_thread, - sm->per_thread_data[thread_index].snat_thread_index)) + if (nm->alloc_addr_and_port ( + nm->addresses, rx_fib_index0, thread_index, nat_proto, &sm_addr, + &sm_port, nm->port_per_thread, + nm->per_thread_data[thread_index].snat_thread_index)) { - b0->error = node->errors[SNAT_IN2OUT_ERROR_OUT_OF_PORTS]; - return SNAT_IN2OUT_NEXT_DROP; + b0->error = node->errors[NAT44_EI_IN2OUT_ERROR_OUT_OF_PORTS]; + return NAT44_EI_IN2OUT_NEXT_DROP; } } else @@ -300,53 +355,53 @@ slow_path (snat_main_t * sm, vlib_buffer_t * b0, is_sm = 1; } - u = nat_user_get_or_create (sm, &ip0->src_address, rx_fib_index0, - thread_index); + u = nat44_ei_user_get_or_create (nm, &ip0->src_address, rx_fib_index0, + thread_index); if (!u) { - b0->error = node->errors[SNAT_IN2OUT_ERROR_CANNOT_CREATE_USER]; - return SNAT_IN2OUT_NEXT_DROP; + b0->error = node->errors[NAT44_EI_IN2OUT_ERROR_CANNOT_CREATE_USER]; + return NAT44_EI_IN2OUT_NEXT_DROP; } - s = nat_session_alloc_or_recycle (sm, u, thread_index, now); + s = nat44_ei_session_alloc_or_recycle (nm, u, thread_index, now); if (!s) { - nat44_delete_user_with_no_session (sm, u, thread_index); - nat_elog_warn ("create NAT session failed"); - return SNAT_IN2OUT_NEXT_DROP; + nat44_ei_delete_user_with_no_session (nm, u, thread_index); + nat_elog_warn (nm, "create NAT session failed"); + return NAT44_EI_IN2OUT_NEXT_DROP; } if (is_sm) - s->flags |= SNAT_SESSION_FLAG_STATIC_MAPPING; - user_session_increment (sm, u, is_sm); + s->flags |= NAT44_EI_SESSION_FLAG_STATIC_MAPPING; + nat44_ei_user_session_increment (nm, u, is_sm); s->in2out.addr = i2o_addr; s->in2out.port = i2o_port; s->in2out.fib_index = rx_fib_index0; s->nat_proto = nat_proto; s->out2in.addr = sm_addr; s->out2in.port = sm_port; - s->out2in.fib_index = sm->outside_fib_index; - switch (vec_len (sm->outside_fibs)) + s->out2in.fib_index = nm->outside_fib_index; + switch (vec_len (nm->outside_fibs)) { case 0: - s->out2in.fib_index = sm->outside_fib_index; + s->out2in.fib_index = nm->outside_fib_index; break; case 1: - s->out2in.fib_index = sm->outside_fibs[0].fib_index; + s->out2in.fib_index = nm->outside_fibs[0].fib_index; break; default: - vec_foreach (outside_fib, sm->outside_fibs) - { - fei = fib_table_lookup (outside_fib->fib_index, &pfx); - if (FIB_NODE_INDEX_INVALID != fei) - { - if (fib_entry_get_resolving_interface (fei) != ~0) - { - s->out2in.fib_index = outside_fib->fib_index; - break; - } - } - } + vec_foreach (outside_fib, nm->outside_fibs) + { + fei = fib_table_lookup (outside_fib->fib_index, &pfx); + if (FIB_NODE_INDEX_INVALID != fei) + { + if (fib_entry_get_resolving_interface (fei) != ~0) + { + s->out2in.fib_index = outside_fib->fib_index; + break; + } + } + } break; } s->ext_host_addr.as_u32 = ip0->dst_address.as_u32; @@ -357,41 +412,38 @@ slow_path (snat_main_t * sm, vlib_buffer_t * b0, ctx0.now = now; ctx0.thread_index = thread_index; init_nat_i2o_kv (&kv0, s, thread_index, - s - sm->per_thread_data[thread_index].sessions); + s - nm->per_thread_data[thread_index].sessions); if (clib_bihash_add_or_overwrite_stale_8_8 ( - &sm->in2out, &kv0, nat44_i2o_is_idle_session_cb, &ctx0)) - nat_elog_notice ("in2out key add failed"); + &nm->in2out, &kv0, nat44_i2o_is_idle_session_cb, &ctx0)) + nat_elog_notice (nm, "in2out key add failed"); init_nat_o2i_kv (&kv0, s, thread_index, - s - sm->per_thread_data[thread_index].sessions); + s - nm->per_thread_data[thread_index].sessions); if (clib_bihash_add_or_overwrite_stale_8_8 ( - &sm->out2in, &kv0, nat44_o2i_is_idle_session_cb, &ctx0)) - nat_elog_notice ("out2in key add failed"); + &nm->out2in, &kv0, nat44_o2i_is_idle_session_cb, &ctx0)) + nat_elog_notice (nm, "out2in key add failed"); /* log NAT event */ - nat_ipfix_logging_nat44_ses_create (thread_index, - s->in2out.addr.as_u32, - s->out2in.addr.as_u32, - s->nat_proto, - s->in2out.port, - s->out2in.port, s->in2out.fib_index); + nat_ipfix_logging_nat44_ses_create ( + thread_index, s->in2out.addr.as_u32, s->out2in.addr.as_u32, s->nat_proto, + s->in2out.port, s->out2in.port, s->in2out.fib_index); - nat_syslog_nat44_apmadd (s->user_index, s->in2out.fib_index, - &s->in2out.addr, s->in2out.port, &s->out2in.addr, - s->out2in.port, s->nat_proto); + nat_syslog_nat44_apmadd (s->user_index, s->in2out.fib_index, &s->in2out.addr, + s->in2out.port, &s->out2in.addr, s->out2in.port, + s->nat_proto); nat_ha_sadd (&s->in2out.addr, s->in2out.port, &s->out2in.addr, s->out2in.port, &s->ext_host_addr, s->ext_host_port, - &s->ext_host_nat_addr, s->ext_host_nat_port, - s->nat_proto, s->in2out.fib_index, s->flags, thread_index, 0); + &s->ext_host_nat_addr, s->ext_host_nat_port, s->nat_proto, + s->in2out.fib_index, s->flags, thread_index, 0); return next0; } #ifndef CLIB_MARCH_VARIANT -static_always_inline snat_in2out_error_t -icmp_get_key (vlib_buffer_t * b, ip4_header_t * ip0, - ip4_address_t * addr, u16 * port, nat_protocol_t * nat_proto) +static_always_inline nat44_ei_in2out_error_t +icmp_get_key (vlib_buffer_t *b, ip4_header_t *ip0, ip4_address_t *addr, + u16 *port, nat_protocol_t *nat_proto) { icmp46_header_t *icmp0; icmp_echo_header_t *echo0, *inner_echo0 = 0; @@ -427,7 +479,7 @@ icmp_get_key (vlib_buffer_t * b, ip4_header_t * ip0, *port = ((tcp_udp_header_t *) l4_header)->dst_port; break; default: - return SNAT_IN2OUT_ERROR_UNSUPPORTED_PROTOCOL; + return NAT44_EI_IN2OUT_ERROR_UNSUPPORTED_PROTOCOL; } } return -1; /* success */ @@ -437,7 +489,7 @@ icmp_get_key (vlib_buffer_t * b, ip4_header_t * ip0, * Get address and port values to be used for ICMP packet translation * and create session if needed * - * @param[in,out] sm NAT main + * @param[in,out] nm NAT main * @param[in,out] node NAT node runtime * @param[in] thread_index thread index * @param[in,out] b0 buffer containing packet to be translated @@ -449,15 +501,16 @@ icmp_get_key (vlib_buffer_t * b, ip4_header_t * ip0, * @param e optional parameter */ u32 -icmp_match_in2out_slow (snat_main_t *sm, vlib_node_runtime_t *node, - u32 thread_index, vlib_buffer_t *b0, ip4_header_t *ip0, - ip4_address_t *addr, u16 *port, u32 *fib_index, - nat_protocol_t *proto, snat_session_t **p_s0, - u8 *dont_translate) +nat44_ei_icmp_match_in2out_slow (vlib_node_runtime_t *node, u32 thread_index, + vlib_buffer_t *b0, ip4_header_t *ip0, + ip4_address_t *addr, u16 *port, + u32 *fib_index, nat_protocol_t *proto, + nat44_ei_session_t **p_s0, u8 *dont_translate) { - snat_main_per_thread_data_t *tsm = &sm->per_thread_data[thread_index]; + nat44_ei_main_t *nm = &nat44_ei_main; + nat44_ei_main_per_thread_data_t *tnm = &nm->per_thread_data[thread_index]; u32 sw_if_index0; - snat_session_t *s0 = 0; + nat44_ei_session_t *s0 = 0; clib_bihash_kv_8_8_t kv0, value0; u32 next0 = ~0; int err; @@ -471,18 +524,17 @@ icmp_match_in2out_slow (snat_main_t *sm, vlib_node_runtime_t *node, if (err != -1) { b0->error = node->errors[err]; - next0 = SNAT_IN2OUT_NEXT_DROP; + next0 = NAT44_EI_IN2OUT_NEXT_DROP; goto out; } init_nat_k (&kv0, *addr, *port, *fib_index, *proto); - if (clib_bihash_search_8_8 (&sm->in2out, &kv0, &value0)) + if (clib_bihash_search_8_8 (&nm->in2out, &kv0, &value0)) { if (vnet_buffer (b0)->sw_if_index[VLIB_TX] != ~0) { - if (PREDICT_FALSE - (nat_not_translate_output_feature - (sm, ip0, *proto, *port, *port, thread_index, sw_if_index0))) + if (PREDICT_FALSE (nat44_ei_not_translate_output_feature ( + nm, ip0, *proto, *port, *port, thread_index, sw_if_index0))) { *dont_translate = 1; goto out; @@ -490,9 +542,9 @@ icmp_match_in2out_slow (snat_main_t *sm, vlib_node_runtime_t *node, } else { - if (PREDICT_FALSE (snat_not_translate (sm, node, sw_if_index0, - ip0, NAT_PROTOCOL_ICMP, - *fib_index, thread_index))) + if (PREDICT_FALSE (nat44_ei_not_translate ( + nm, node, sw_if_index0, ip0, NAT_PROTOCOL_ICMP, *fib_index, + thread_index))) { *dont_translate = 1; goto out; @@ -503,16 +555,15 @@ icmp_match_in2out_slow (snat_main_t *sm, vlib_node_runtime_t *node, (icmp_type_is_error_message (vnet_buffer (b0)->ip.reass.icmp_type_or_tcp_flags))) { - b0->error = node->errors[SNAT_IN2OUT_ERROR_BAD_ICMP_TYPE]; - next0 = SNAT_IN2OUT_NEXT_DROP; + b0->error = node->errors[NAT44_EI_IN2OUT_ERROR_BAD_ICMP_TYPE]; + next0 = NAT44_EI_IN2OUT_NEXT_DROP; goto out; } - next0 = - slow_path (sm, b0, ip0, *addr, *port, *fib_index, *proto, &s0, node, - next0, thread_index, vlib_time_now (vm)); + next0 = slow_path (nm, b0, ip0, *addr, *port, *fib_index, *proto, &s0, + node, next0, thread_index, vlib_time_now (vm)); - if (PREDICT_FALSE (next0 == SNAT_IN2OUT_NEXT_DROP)) + if (PREDICT_FALSE (next0 == NAT44_EI_IN2OUT_NEXT_DROP)) goto out; if (!s0) @@ -531,12 +582,12 @@ icmp_match_in2out_slow (snat_main_t *sm, vlib_node_runtime_t *node, && !icmp_type_is_error_message (vnet_buffer (b0)->ip. reass.icmp_type_or_tcp_flags))) { - b0->error = node->errors[SNAT_IN2OUT_ERROR_BAD_ICMP_TYPE]; - next0 = SNAT_IN2OUT_NEXT_DROP; + b0->error = node->errors[NAT44_EI_IN2OUT_ERROR_BAD_ICMP_TYPE]; + next0 = NAT44_EI_IN2OUT_NEXT_DROP; goto out; } - s0 = pool_elt_at_index (tsm->sessions, + s0 = pool_elt_at_index (tnm->sessions, nat_value_get_session_index (&value0)); } @@ -554,26 +605,12 @@ out: #endif #ifndef CLIB_MARCH_VARIANT -/** - * Get address and port values to be used for ICMP packet translation - * - * @param[in] sm NAT main - * @param[in,out] node NAT node runtime - * @param[in] thread_index thread index - * @param[in,out] b0 buffer containing packet to be translated - * @param[in,out] ip0 ip header - * @param[out] p_proto protocol used for matching - * @param[out] p_value address and port after NAT translation - * @param[out] p_dont_translate if packet should not be translated - * @param d optional parameter - * @param e optional parameter - */ u32 -icmp_match_in2out_fast (snat_main_t *sm, vlib_node_runtime_t *node, - u32 thread_index, vlib_buffer_t *b0, ip4_header_t *ip0, - ip4_address_t *addr, u16 *port, u32 *fib_index, - nat_protocol_t *proto, snat_session_t **s0, - u8 *dont_translate) +nat44_ei_icmp_match_in2out_fast (vlib_node_runtime_t *node, u32 thread_index, + vlib_buffer_t *b0, ip4_header_t *ip0, + ip4_address_t *addr, u16 *port, + u32 *fib_index, nat_protocol_t *proto, + nat44_ei_session_t **s0, u8 *dont_translate) { u32 sw_if_index0; u8 is_addr_only; @@ -588,7 +625,7 @@ icmp_match_in2out_fast (snat_main_t *sm, vlib_node_runtime_t *node, if (err != -1) { b0->error = node->errors[err]; - next0 = SNAT_IN2OUT_NEXT_DROP; + next0 = NAT44_EI_IN2OUT_NEXT_DROP; goto out; } @@ -600,9 +637,8 @@ icmp_match_in2out_fast (snat_main_t *sm, vlib_node_runtime_t *node, &sm_addr, &sm_port, &sm_fib_index, 0, &is_addr_only, 0)) { - if (PREDICT_FALSE (snat_not_translate_fast (sm, node, sw_if_index0, ip0, - IP_PROTOCOL_ICMP, - *fib_index))) + if (PREDICT_FALSE (nat44_ei_not_translate_fast ( + node, sw_if_index0, ip0, IP_PROTOCOL_ICMP, *fib_index))) { *dont_translate = 1; goto out; @@ -611,12 +647,12 @@ icmp_match_in2out_fast (snat_main_t *sm, vlib_node_runtime_t *node, if (icmp_type_is_error_message (vnet_buffer (b0)->ip.reass.icmp_type_or_tcp_flags)) { - next0 = SNAT_IN2OUT_NEXT_DROP; + next0 = NAT44_EI_IN2OUT_NEXT_DROP; goto out; } - b0->error = node->errors[SNAT_IN2OUT_ERROR_NO_TRANSLATION]; - next0 = SNAT_IN2OUT_NEXT_DROP; + b0->error = node->errors[NAT44_EI_IN2OUT_ERROR_NO_TRANSLATION]; + next0 = NAT44_EI_IN2OUT_NEXT_DROP; goto out; } @@ -627,8 +663,8 @@ icmp_match_in2out_fast (snat_main_t *sm, vlib_node_runtime_t *node, && !icmp_type_is_error_message (vnet_buffer (b0)->ip. reass.icmp_type_or_tcp_flags))) { - b0->error = node->errors[SNAT_IN2OUT_ERROR_BAD_ICMP_TYPE]; - next0 = SNAT_IN2OUT_NEXT_DROP; + b0->error = node->errors[NAT44_EI_IN2OUT_ERROR_BAD_ICMP_TYPE]; + next0 = NAT44_EI_IN2OUT_NEXT_DROP; goto out; } @@ -637,23 +673,25 @@ out: } #endif -u32 icmp_in2out (snat_main_t *sm, vlib_buffer_t *b0, ip4_header_t *ip0, - icmp46_header_t *icmp0, u32 sw_if_index0, u32 rx_fib_index0, - vlib_node_runtime_t *node, u32 next0, u32 thread_index, - snat_session_t **p_s0); +u32 nat44_ei_icmp_in2out (vlib_buffer_t *b0, ip4_header_t *ip0, + icmp46_header_t *icmp0, u32 sw_if_index0, + u32 rx_fib_index0, vlib_node_runtime_t *node, + u32 next0, u32 thread_index, + nat44_ei_session_t **p_s0); #ifndef CLIB_MARCH_VARIANT u32 -icmp_in2out (snat_main_t *sm, vlib_buffer_t *b0, ip4_header_t *ip0, - icmp46_header_t *icmp0, u32 sw_if_index0, u32 rx_fib_index0, - vlib_node_runtime_t *node, u32 next0, u32 thread_index, - snat_session_t **p_s0) +nat44_ei_icmp_in2out (vlib_buffer_t *b0, ip4_header_t *ip0, + icmp46_header_t *icmp0, u32 sw_if_index0, + u32 rx_fib_index0, vlib_node_runtime_t *node, u32 next0, + u32 thread_index, nat44_ei_session_t **p_s0) { + nat44_ei_main_t *nm = &nat44_ei_main; vlib_main_t *vm = vlib_get_main (); ip4_address_t addr; u16 port; u32 fib_index; - nat_protocol_t protocol; + nat_protocol_t proto; icmp_echo_header_t *echo0, *inner_echo0 = 0; ip4_header_t *inner_ip0; void *l4_header = 0; @@ -669,12 +707,22 @@ icmp_in2out (snat_main_t *sm, vlib_buffer_t *b0, ip4_header_t *ip0, echo0 = (icmp_echo_header_t *) (icmp0 + 1); - next0_tmp = - sm->icmp_match_in2out_cb (sm, node, thread_index, b0, ip0, &addr, &port, - &fib_index, &protocol, p_s0, &dont_translate); + if (PREDICT_TRUE (nm->pat)) + { + next0_tmp = nat44_ei_icmp_match_in2out_slow ( + node, thread_index, b0, ip0, &addr, &port, &fib_index, &proto, p_s0, + &dont_translate); + } + else + { + next0_tmp = nat44_ei_icmp_match_in2out_fast ( + node, thread_index, b0, ip0, &addr, &port, &fib_index, &proto, p_s0, + &dont_translate); + } + if (next0_tmp != ~0) next0 = next0_tmp; - if (next0 == SNAT_IN2OUT_NEXT_DROP || dont_translate) + if (next0 == NAT44_EI_IN2OUT_NEXT_DROP || dont_translate) goto out; if (PREDICT_TRUE (!ip4_is_fragment (ip0))) @@ -688,7 +736,7 @@ icmp_in2out (snat_main_t *sm, vlib_buffer_t *b0, ip4_header_t *ip0, checksum0 = ~ip_csum_fold (sum0); if (PREDICT_FALSE (checksum0 != 0 && checksum0 != 0xffff)) { - next0 = SNAT_IN2OUT_NEXT_DROP; + next0 = NAT44_EI_IN2OUT_NEXT_DROP; goto out; } } @@ -729,7 +777,7 @@ icmp_in2out (snat_main_t *sm, vlib_buffer_t *b0, ip4_header_t *ip0, if (!ip4_header_checksum_is_valid (inner_ip0)) { - next0 = SNAT_IN2OUT_NEXT_DROP; + next0 = NAT44_EI_IN2OUT_NEXT_DROP; goto out; } @@ -755,7 +803,7 @@ icmp_in2out (snat_main_t *sm, vlib_buffer_t *b0, ip4_header_t *ip0, checksum); icmp0->checksum = ip_csum_fold (sum0); - switch (protocol) + switch (proto) { case NAT_PROTOCOL_ICMP: inner_icmp0 = (icmp46_header_t *) l4_header; @@ -790,13 +838,13 @@ icmp_in2out (snat_main_t *sm, vlib_buffer_t *b0, ip4_header_t *ip0, if (vnet_buffer (b0)->sw_if_index[VLIB_TX] == ~0) { - if (0 != snat_icmp_hairpinning (sm, b0, thread_index, ip0, icmp0, - &required_thread_index)) + if (0 != nat44_ei_icmp_hairpinning (nm, b0, thread_index, ip0, icmp0, + &required_thread_index)) vnet_buffer (b0)->sw_if_index[VLIB_TX] = fib_index; if (thread_index != required_thread_index) { vnet_buffer (b0)->snat.required_thread_index = required_thread_index; - next0 = SNAT_IN2OUT_NEXT_HAIRPINNING_HANDOFF; + next0 = NAT44_EI_IN2OUT_NEXT_HAIRPINNING_HANDOFF; } } @@ -805,48 +853,43 @@ out: } #endif -static inline u32 -icmp_in2out_slow_path (snat_main_t * sm, - vlib_buffer_t * b0, - ip4_header_t * ip0, - icmp46_header_t * icmp0, - u32 sw_if_index0, - u32 rx_fib_index0, - vlib_node_runtime_t * node, - u32 next0, - f64 now, u32 thread_index, snat_session_t ** p_s0) +static_always_inline u32 +nat44_ei_icmp_in2out_slow_path (nat44_ei_main_t *nm, vlib_buffer_t *b0, + ip4_header_t *ip0, icmp46_header_t *icmp0, + u32 sw_if_index0, u32 rx_fib_index0, + vlib_node_runtime_t *node, u32 next0, f64 now, + u32 thread_index, nat44_ei_session_t **p_s0) { vlib_main_t *vm = vlib_get_main (); - next0 = icmp_in2out (sm, b0, ip0, icmp0, sw_if_index0, rx_fib_index0, node, - next0, thread_index, p_s0); - snat_session_t *s0 = *p_s0; - if (PREDICT_TRUE (next0 != SNAT_IN2OUT_NEXT_DROP && s0)) + next0 = nat44_ei_icmp_in2out (b0, ip0, icmp0, sw_if_index0, rx_fib_index0, + node, next0, thread_index, p_s0); + nat44_ei_session_t *s0 = *p_s0; + if (PREDICT_TRUE (next0 != NAT44_EI_IN2OUT_NEXT_DROP && s0)) { /* Accounting */ nat44_ei_session_update_counters ( s0, now, vlib_buffer_length_in_chain (vm, b0), thread_index); /* Per-user LRU list maintenance */ - nat44_session_update_lru (sm, s0, thread_index); + nat44_ei_session_update_lru (nm, s0, thread_index); } return next0; } static int -nat_in2out_sm_unknown_proto (snat_main_t * sm, - vlib_buffer_t * b, - ip4_header_t * ip, u32 rx_fib_index) +nat_in2out_sm_unknown_proto (nat44_ei_main_t *nm, vlib_buffer_t *b, + ip4_header_t *ip, u32 rx_fib_index) { clib_bihash_kv_8_8_t kv, value; - snat_static_mapping_t *m; + nat44_ei_static_mapping_t *m; u32 old_addr, new_addr; ip_csum_t sum; init_nat_k (&kv, ip->src_address, 0, rx_fib_index, 0); - if (clib_bihash_search_8_8 (&sm->static_mapping_by_local, &kv, &value)) + if (clib_bihash_search_8_8 (&nm->static_mapping_by_local, &kv, &value)) return 1; - m = pool_elt_at_index (sm->static_mappings, value.value); + m = pool_elt_at_index (nm->static_mappings, value.value); old_addr = ip->src_address.as_u32; new_addr = ip->src_address.as_u32 = m->external_addr.as_u32; @@ -859,20 +902,19 @@ nat_in2out_sm_unknown_proto (snat_main_t * sm, if (vnet_buffer (b)->sw_if_index[VLIB_TX] == ~0) { vnet_buffer (b)->sw_if_index[VLIB_TX] = m->fib_index; - nat_hairpinning_sm_unknown_proto (sm, b, ip); + nat44_ei_hairpinning_sm_unknown_proto (nm, b, ip); } return 0; } static inline uword -snat_in2out_node_fn_inline (vlib_main_t * vm, - vlib_node_runtime_t * node, - vlib_frame_t * frame, int is_slow_path, - int is_output_feature) +nat44_ei_in2out_node_fn_inline (vlib_main_t *vm, vlib_node_runtime_t *node, + vlib_frame_t *frame, int is_slow_path, + int is_output_feature) { u32 n_left_from, *from; - snat_main_t *sm = &snat_main; + nat44_ei_main_t *nm = &nat44_ei_main; f64 now = vlib_time_now (vm); u32 thread_index = vm->thread_index; @@ -897,7 +939,7 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, icmp46_header_t *icmp0, *icmp1; u32 rx_fib_index0, rx_fib_index1; u32 proto0, proto1; - snat_session_t *s0 = 0, *s1 = 0; + nat44_ei_session_t *s0 = 0, *s1 = 0; clib_bihash_kv_8_8_t kv0, value0, kv1, value1; u32 iph_offset0 = 0, iph_offset1 = 0; @@ -932,10 +974,10 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, icmp0 = (icmp46_header_t *) udp0; sw_if_index0 = vnet_buffer (b0)->sw_if_index[VLIB_RX]; - rx_fib_index0 = vec_elt (sm->ip4_main->fib_index_by_sw_if_index, - sw_if_index0); + rx_fib_index0 = + vec_elt (nm->ip4_main->fib_index_by_sw_if_index, sw_if_index0); - next0 = next1 = SNAT_IN2OUT_NEXT_LOOKUP; + next0 = next1 = NAT44_EI_IN2OUT_NEXT_LOOKUP; if (PREDICT_FALSE (ip0->ttl == 1)) { @@ -943,7 +985,7 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, icmp4_error_set_vnet_buffer (b0, ICMP4_time_exceeded, ICMP4_time_exceeded_ttl_exceeded_in_transit, 0); - next0 = SNAT_IN2OUT_NEXT_ICMP_ERROR; + next0 = NAT44_EI_IN2OUT_NEXT_ICMP_ERROR; goto trace00; } @@ -954,30 +996,28 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, { if (PREDICT_FALSE (proto0 == NAT_PROTOCOL_OTHER)) { - if (nat_in2out_sm_unknown_proto (sm, b0, ip0, rx_fib_index0)) + if (nat_in2out_sm_unknown_proto (nm, b0, ip0, rx_fib_index0)) { - next0 = SNAT_IN2OUT_NEXT_DROP; + next0 = NAT44_EI_IN2OUT_NEXT_DROP; b0->error = - node->errors[SNAT_IN2OUT_ERROR_UNSUPPORTED_PROTOCOL]; + node->errors[NAT44_EI_IN2OUT_ERROR_UNSUPPORTED_PROTOCOL]; } - vlib_increment_simple_counter (is_slow_path ? &sm-> - counters.slowpath.in2out. - other : &sm->counters.fastpath. - in2out.other, thread_index, - sw_if_index0, 1); + vlib_increment_simple_counter ( + is_slow_path ? &nm->counters.slowpath.in2out.other : + &nm->counters.fastpath.in2out.other, + thread_index, sw_if_index0, 1); goto trace00; } if (PREDICT_FALSE (proto0 == NAT_PROTOCOL_ICMP)) { - next0 = icmp_in2out_slow_path - (sm, b0, ip0, icmp0, sw_if_index0, rx_fib_index0, - node, next0, now, thread_index, &s0); - vlib_increment_simple_counter (is_slow_path ? &sm-> - counters.slowpath.in2out. - icmp : &sm->counters.fastpath. - in2out.icmp, thread_index, - sw_if_index0, 1); + next0 = nat44_ei_icmp_in2out_slow_path ( + nm, b0, ip0, icmp0, sw_if_index0, rx_fib_index0, node, next0, + now, thread_index, &s0); + vlib_increment_simple_counter ( + is_slow_path ? &nm->counters.slowpath.in2out.icmp : + &nm->counters.fastpath.in2out.icmp, + thread_index, sw_if_index0, 1); goto trace00; } } @@ -985,13 +1025,13 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, { if (PREDICT_FALSE (proto0 == NAT_PROTOCOL_OTHER)) { - next0 = SNAT_IN2OUT_NEXT_SLOW_PATH; + next0 = NAT44_EI_IN2OUT_NEXT_SLOW_PATH; goto trace00; } if (PREDICT_FALSE (proto0 == NAT_PROTOCOL_ICMP)) { - next0 = SNAT_IN2OUT_NEXT_SLOW_PATH; + next0 = NAT44_EI_IN2OUT_NEXT_SLOW_PATH; goto trace00; } } @@ -999,19 +1039,18 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, init_nat_k (&kv0, ip0->src_address, vnet_buffer (b0)->ip.reass.l4_src_port, rx_fib_index0, proto0); - if (PREDICT_FALSE (clib_bihash_search_8_8 (&sm->in2out, &kv0, &value0) != + if (PREDICT_FALSE (clib_bihash_search_8_8 (&nm->in2out, &kv0, &value0) != 0)) { if (is_slow_path) { if (is_output_feature) { - if (PREDICT_FALSE - (nat_not_translate_output_feature - (sm, ip0, proto0, + if (PREDICT_FALSE (nat44_ei_not_translate_output_feature ( + nm, ip0, proto0, vnet_buffer (b0)->ip.reass.l4_src_port, - vnet_buffer (b0)->ip.reass.l4_dst_port, - thread_index, sw_if_index0))) + vnet_buffer (b0)->ip.reass.l4_dst_port, thread_index, + sw_if_index0))) goto trace00; /* @@ -1028,19 +1067,17 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, } else { - if (PREDICT_FALSE - (snat_not_translate - (sm, node, sw_if_index0, ip0, proto0, - rx_fib_index0, thread_index))) + if (PREDICT_FALSE (nat44_ei_not_translate ( + nm, node, sw_if_index0, ip0, proto0, rx_fib_index0, + thread_index))) goto trace00; } - next0 = slow_path (sm, b0, ip0, - ip0->src_address, + next0 = slow_path (nm, b0, ip0, ip0->src_address, vnet_buffer (b0)->ip.reass.l4_src_port, - rx_fib_index0, - proto0, &s0, node, next0, thread_index, now); - if (PREDICT_FALSE (next0 == SNAT_IN2OUT_NEXT_DROP)) + rx_fib_index0, proto0, &s0, node, next0, + thread_index, now); + if (PREDICT_FALSE (next0 == NAT44_EI_IN2OUT_NEXT_DROP)) goto trace00; if (PREDICT_FALSE (!s0)) @@ -1048,12 +1085,12 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, } else { - next0 = SNAT_IN2OUT_NEXT_SLOW_PATH; + next0 = NAT44_EI_IN2OUT_NEXT_SLOW_PATH; goto trace00; } } else - s0 = pool_elt_at_index (sm->per_thread_data[thread_index].sessions, + s0 = pool_elt_at_index (nm->per_thread_data[thread_index].sessions, nat_value_get_session_index (&value0)); b0->flags |= VNET_BUFFER_F_IS_NATED; @@ -1083,12 +1120,12 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, sum0 = ip_csum_update (sum0, old_port0, new_port0, ip4_header_t /* cheat */ , length /* changed member */ ); - mss_clamping (sm->mss_clamping, tcp0, &sum0); + mss_clamping (nm->mss_clamping, tcp0, &sum0); tcp0->checksum = ip_csum_fold (sum0); } - vlib_increment_simple_counter (is_slow_path ? &sm-> - counters.slowpath.in2out.tcp : &sm-> - counters.fastpath.in2out.tcp, + vlib_increment_simple_counter (is_slow_path ? + &nm->counters.slowpath.in2out.tcp : + &nm->counters.fastpath.in2out.tcp, thread_index, sw_if_index0, 1); } else @@ -1110,9 +1147,9 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, udp0->checksum = ip_csum_fold (sum0); } } - vlib_increment_simple_counter (is_slow_path ? &sm-> - counters.slowpath.in2out.udp : &sm-> - counters.fastpath.in2out.udp, + vlib_increment_simple_counter (is_slow_path ? + &nm->counters.slowpath.in2out.udp : + &nm->counters.fastpath.in2out.udp, thread_index, sw_if_index0, 1); } @@ -1120,29 +1157,28 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, nat44_ei_session_update_counters ( s0, now, vlib_buffer_length_in_chain (vm, b0), thread_index); /* Per-user LRU list maintenance */ - nat44_session_update_lru (sm, s0, thread_index); + nat44_ei_session_update_lru (nm, s0, thread_index); trace00: if (PREDICT_FALSE ((node->flags & VLIB_NODE_FLAG_TRACE) && (b0->flags & VLIB_BUFFER_IS_TRACED))) { - snat_in2out_trace_t *t = vlib_add_trace (vm, node, b0, sizeof (*t)); + nat44_ei_in2out_trace_t *t = + vlib_add_trace (vm, node, b0, sizeof (*t)); t->is_slow_path = is_slow_path; t->sw_if_index = sw_if_index0; t->next_index = next0; t->session_index = ~0; if (s0) - t->session_index = - s0 - sm->per_thread_data[thread_index].sessions; + t->session_index = s0 - nm->per_thread_data[thread_index].sessions; } - if (next0 == SNAT_IN2OUT_NEXT_DROP) + if (next0 == NAT44_EI_IN2OUT_NEXT_DROP) { - vlib_increment_simple_counter (is_slow_path ? &sm-> - counters.slowpath.in2out. - drops : &sm->counters.fastpath. - in2out.drops, thread_index, - sw_if_index0, 1); + vlib_increment_simple_counter ( + is_slow_path ? &nm->counters.slowpath.in2out.drops : + &nm->counters.fastpath.in2out.drops, + thread_index, sw_if_index0, 1); } if (is_output_feature) @@ -1156,8 +1192,8 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, icmp1 = (icmp46_header_t *) udp1; sw_if_index1 = vnet_buffer (b1)->sw_if_index[VLIB_RX]; - rx_fib_index1 = vec_elt (sm->ip4_main->fib_index_by_sw_if_index, - sw_if_index1); + rx_fib_index1 = + vec_elt (nm->ip4_main->fib_index_by_sw_if_index, sw_if_index1); if (PREDICT_FALSE (ip1->ttl == 1)) { @@ -1165,7 +1201,7 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, icmp4_error_set_vnet_buffer (b1, ICMP4_time_exceeded, ICMP4_time_exceeded_ttl_exceeded_in_transit, 0); - next1 = SNAT_IN2OUT_NEXT_ICMP_ERROR; + next1 = NAT44_EI_IN2OUT_NEXT_ICMP_ERROR; goto trace01; } @@ -1176,30 +1212,28 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, { if (PREDICT_FALSE (proto1 == NAT_PROTOCOL_OTHER)) { - if (nat_in2out_sm_unknown_proto (sm, b1, ip1, rx_fib_index1)) + if (nat_in2out_sm_unknown_proto (nm, b1, ip1, rx_fib_index1)) { - next1 = SNAT_IN2OUT_NEXT_DROP; + next1 = NAT44_EI_IN2OUT_NEXT_DROP; b1->error = - node->errors[SNAT_IN2OUT_ERROR_UNSUPPORTED_PROTOCOL]; + node->errors[NAT44_EI_IN2OUT_ERROR_UNSUPPORTED_PROTOCOL]; } - vlib_increment_simple_counter (is_slow_path ? &sm-> - counters.slowpath.in2out. - other : &sm->counters.fastpath. - in2out.other, thread_index, - sw_if_index1, 1); + vlib_increment_simple_counter ( + is_slow_path ? &nm->counters.slowpath.in2out.other : + &nm->counters.fastpath.in2out.other, + thread_index, sw_if_index1, 1); goto trace01; } if (PREDICT_FALSE (proto1 == NAT_PROTOCOL_ICMP)) { - next1 = icmp_in2out_slow_path - (sm, b1, ip1, icmp1, sw_if_index1, rx_fib_index1, node, - next1, now, thread_index, &s1); - vlib_increment_simple_counter (is_slow_path ? &sm-> - counters.slowpath.in2out. - icmp : &sm->counters.fastpath. - in2out.icmp, thread_index, - sw_if_index1, 1); + next1 = nat44_ei_icmp_in2out_slow_path ( + nm, b1, ip1, icmp1, sw_if_index1, rx_fib_index1, node, next1, + now, thread_index, &s1); + vlib_increment_simple_counter ( + is_slow_path ? &nm->counters.slowpath.in2out.icmp : + &nm->counters.fastpath.in2out.icmp, + thread_index, sw_if_index1, 1); goto trace01; } } @@ -1207,13 +1241,13 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, { if (PREDICT_FALSE (proto1 == NAT_PROTOCOL_OTHER)) { - next1 = SNAT_IN2OUT_NEXT_SLOW_PATH; + next1 = NAT44_EI_IN2OUT_NEXT_SLOW_PATH; goto trace01; } if (PREDICT_FALSE (proto1 == NAT_PROTOCOL_ICMP)) { - next1 = SNAT_IN2OUT_NEXT_SLOW_PATH; + next1 = NAT44_EI_IN2OUT_NEXT_SLOW_PATH; goto trace01; } } @@ -1221,19 +1255,18 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, init_nat_k (&kv1, ip1->src_address, vnet_buffer (b1)->ip.reass.l4_src_port, rx_fib_index1, proto1); - if (PREDICT_FALSE (clib_bihash_search_8_8 (&sm->in2out, &kv1, &value1) != + if (PREDICT_FALSE (clib_bihash_search_8_8 (&nm->in2out, &kv1, &value1) != 0)) { if (is_slow_path) { if (is_output_feature) { - if (PREDICT_FALSE - (nat_not_translate_output_feature - (sm, ip1, proto1, + if (PREDICT_FALSE (nat44_ei_not_translate_output_feature ( + nm, ip1, proto1, vnet_buffer (b1)->ip.reass.l4_src_port, - vnet_buffer (b1)->ip.reass.l4_dst_port, - thread_index, sw_if_index1))) + vnet_buffer (b1)->ip.reass.l4_dst_port, thread_index, + sw_if_index1))) goto trace01; /* @@ -1250,19 +1283,17 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, } else { - if (PREDICT_FALSE - (snat_not_translate - (sm, node, sw_if_index1, ip1, proto1, - rx_fib_index1, thread_index))) + if (PREDICT_FALSE (nat44_ei_not_translate ( + nm, node, sw_if_index1, ip1, proto1, rx_fib_index1, + thread_index))) goto trace01; } - next1 = - slow_path (sm, b1, ip1, ip1->src_address, - vnet_buffer (b1)->ip.reass.l4_src_port, - rx_fib_index1, proto1, &s1, node, next1, - thread_index, now); - if (PREDICT_FALSE (next1 == SNAT_IN2OUT_NEXT_DROP)) + next1 = slow_path (nm, b1, ip1, ip1->src_address, + vnet_buffer (b1)->ip.reass.l4_src_port, + rx_fib_index1, proto1, &s1, node, next1, + thread_index, now); + if (PREDICT_FALSE (next1 == NAT44_EI_IN2OUT_NEXT_DROP)) goto trace01; if (PREDICT_FALSE (!s1)) @@ -1270,12 +1301,12 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, } else { - next1 = SNAT_IN2OUT_NEXT_SLOW_PATH; + next1 = NAT44_EI_IN2OUT_NEXT_SLOW_PATH; goto trace01; } } else - s1 = pool_elt_at_index (sm->per_thread_data[thread_index].sessions, + s1 = pool_elt_at_index (nm->per_thread_data[thread_index].sessions, nat_value_get_session_index (&value1)); b1->flags |= VNET_BUFFER_F_IS_NATED; @@ -1304,12 +1335,12 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, sum1 = ip_csum_update (sum1, old_port1, new_port1, ip4_header_t /* cheat */ , length /* changed member */ ); - mss_clamping (sm->mss_clamping, tcp1, &sum1); + mss_clamping (nm->mss_clamping, tcp1, &sum1); tcp1->checksum = ip_csum_fold (sum1); } - vlib_increment_simple_counter (is_slow_path ? &sm-> - counters.slowpath.in2out.tcp : &sm-> - counters.fastpath.in2out.tcp, + vlib_increment_simple_counter (is_slow_path ? + &nm->counters.slowpath.in2out.tcp : + &nm->counters.fastpath.in2out.tcp, thread_index, sw_if_index1, 1); } else @@ -1331,9 +1362,9 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, udp1->checksum = ip_csum_fold (sum1); } } - vlib_increment_simple_counter (is_slow_path ? &sm-> - counters.slowpath.in2out.udp : &sm-> - counters.fastpath.in2out.udp, + vlib_increment_simple_counter (is_slow_path ? + &nm->counters.slowpath.in2out.udp : + &nm->counters.fastpath.in2out.udp, thread_index, sw_if_index1, 1); } @@ -1341,28 +1372,27 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, nat44_ei_session_update_counters ( s1, now, vlib_buffer_length_in_chain (vm, b1), thread_index); /* Per-user LRU list maintenance */ - nat44_session_update_lru (sm, s1, thread_index); + nat44_ei_session_update_lru (nm, s1, thread_index); trace01: if (PREDICT_FALSE ((node->flags & VLIB_NODE_FLAG_TRACE) && (b1->flags & VLIB_BUFFER_IS_TRACED))) { - snat_in2out_trace_t *t = vlib_add_trace (vm, node, b1, sizeof (*t)); + nat44_ei_in2out_trace_t *t = + vlib_add_trace (vm, node, b1, sizeof (*t)); t->sw_if_index = sw_if_index1; t->next_index = next1; t->session_index = ~0; if (s1) - t->session_index = - s1 - sm->per_thread_data[thread_index].sessions; + t->session_index = s1 - nm->per_thread_data[thread_index].sessions; } - if (next1 == SNAT_IN2OUT_NEXT_DROP) + if (next1 == NAT44_EI_IN2OUT_NEXT_DROP) { - vlib_increment_simple_counter (is_slow_path ? &sm-> - counters.slowpath.in2out. - drops : &sm->counters.fastpath. - in2out.drops, thread_index, - sw_if_index1, 1); + vlib_increment_simple_counter ( + is_slow_path ? &nm->counters.slowpath.in2out.drops : + &nm->counters.fastpath.in2out.drops, + thread_index, sw_if_index1, 1); } n_left_from -= 2; @@ -1385,13 +1415,13 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, icmp46_header_t *icmp0; u32 rx_fib_index0; u32 proto0; - snat_session_t *s0 = 0; + nat44_ei_session_t *s0 = 0; clib_bihash_kv_8_8_t kv0, value0; u32 iph_offset0 = 0; b0 = *b; b++; - next0 = SNAT_IN2OUT_NEXT_LOOKUP; + next0 = NAT44_EI_IN2OUT_NEXT_LOOKUP; if (is_output_feature) iph_offset0 = vnet_buffer (b0)->ip.reass.save_rewrite_length; @@ -1404,8 +1434,8 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, icmp0 = (icmp46_header_t *) udp0; sw_if_index0 = vnet_buffer (b0)->sw_if_index[VLIB_RX]; - rx_fib_index0 = vec_elt (sm->ip4_main->fib_index_by_sw_if_index, - sw_if_index0); + rx_fib_index0 = + vec_elt (nm->ip4_main->fib_index_by_sw_if_index, sw_if_index0); if (PREDICT_FALSE (ip0->ttl == 1)) { @@ -1413,7 +1443,7 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, icmp4_error_set_vnet_buffer (b0, ICMP4_time_exceeded, ICMP4_time_exceeded_ttl_exceeded_in_transit, 0); - next0 = SNAT_IN2OUT_NEXT_ICMP_ERROR; + next0 = NAT44_EI_IN2OUT_NEXT_ICMP_ERROR; goto trace0; } @@ -1424,30 +1454,28 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, { if (PREDICT_FALSE (proto0 == NAT_PROTOCOL_OTHER)) { - if (nat_in2out_sm_unknown_proto (sm, b0, ip0, rx_fib_index0)) + if (nat_in2out_sm_unknown_proto (nm, b0, ip0, rx_fib_index0)) { - next0 = SNAT_IN2OUT_NEXT_DROP; + next0 = NAT44_EI_IN2OUT_NEXT_DROP; b0->error = - node->errors[SNAT_IN2OUT_ERROR_UNSUPPORTED_PROTOCOL]; + node->errors[NAT44_EI_IN2OUT_ERROR_UNSUPPORTED_PROTOCOL]; } - vlib_increment_simple_counter (is_slow_path ? &sm-> - counters.slowpath.in2out. - other : &sm->counters.fastpath. - in2out.other, thread_index, - sw_if_index0, 1); + vlib_increment_simple_counter ( + is_slow_path ? &nm->counters.slowpath.in2out.other : + &nm->counters.fastpath.in2out.other, + thread_index, sw_if_index0, 1); goto trace0; } if (PREDICT_FALSE (proto0 == NAT_PROTOCOL_ICMP)) { - next0 = icmp_in2out_slow_path - (sm, b0, ip0, icmp0, sw_if_index0, rx_fib_index0, node, - next0, now, thread_index, &s0); - vlib_increment_simple_counter (is_slow_path ? &sm-> - counters.slowpath.in2out. - icmp : &sm->counters.fastpath. - in2out.icmp, thread_index, - sw_if_index0, 1); + next0 = nat44_ei_icmp_in2out_slow_path ( + nm, b0, ip0, icmp0, sw_if_index0, rx_fib_index0, node, next0, + now, thread_index, &s0); + vlib_increment_simple_counter ( + is_slow_path ? &nm->counters.slowpath.in2out.icmp : + &nm->counters.fastpath.in2out.icmp, + thread_index, sw_if_index0, 1); goto trace0; } } @@ -1455,13 +1483,13 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, { if (PREDICT_FALSE (proto0 == NAT_PROTOCOL_OTHER)) { - next0 = SNAT_IN2OUT_NEXT_SLOW_PATH; + next0 = NAT44_EI_IN2OUT_NEXT_SLOW_PATH; goto trace0; } if (PREDICT_FALSE (proto0 == NAT_PROTOCOL_ICMP)) { - next0 = SNAT_IN2OUT_NEXT_SLOW_PATH; + next0 = NAT44_EI_IN2OUT_NEXT_SLOW_PATH; goto trace0; } } @@ -1470,18 +1498,17 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, vnet_buffer (b0)->ip.reass.l4_src_port, rx_fib_index0, proto0); - if (clib_bihash_search_8_8 (&sm->in2out, &kv0, &value0)) + if (clib_bihash_search_8_8 (&nm->in2out, &kv0, &value0)) { if (is_slow_path) { if (is_output_feature) { - if (PREDICT_FALSE - (nat_not_translate_output_feature - (sm, ip0, proto0, + if (PREDICT_FALSE (nat44_ei_not_translate_output_feature ( + nm, ip0, proto0, vnet_buffer (b0)->ip.reass.l4_src_port, - vnet_buffer (b0)->ip.reass.l4_dst_port, - thread_index, sw_if_index0))) + vnet_buffer (b0)->ip.reass.l4_dst_port, thread_index, + sw_if_index0))) goto trace0; /* @@ -1498,20 +1525,18 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, } else { - if (PREDICT_FALSE - (snat_not_translate - (sm, node, sw_if_index0, ip0, proto0, rx_fib_index0, + if (PREDICT_FALSE (nat44_ei_not_translate ( + nm, node, sw_if_index0, ip0, proto0, rx_fib_index0, thread_index))) goto trace0; } - next0 = - slow_path (sm, b0, ip0, ip0->src_address, - vnet_buffer (b0)->ip.reass.l4_src_port, - rx_fib_index0, proto0, &s0, node, next0, - thread_index, now); + next0 = slow_path (nm, b0, ip0, ip0->src_address, + vnet_buffer (b0)->ip.reass.l4_src_port, + rx_fib_index0, proto0, &s0, node, next0, + thread_index, now); - if (PREDICT_FALSE (next0 == SNAT_IN2OUT_NEXT_DROP)) + if (PREDICT_FALSE (next0 == NAT44_EI_IN2OUT_NEXT_DROP)) goto trace0; if (PREDICT_FALSE (!s0)) @@ -1519,12 +1544,12 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, } else { - next0 = SNAT_IN2OUT_NEXT_SLOW_PATH; + next0 = NAT44_EI_IN2OUT_NEXT_SLOW_PATH; goto trace0; } } else - s0 = pool_elt_at_index (sm->per_thread_data[thread_index].sessions, + s0 = pool_elt_at_index (nm->per_thread_data[thread_index].sessions, nat_value_get_session_index (&value0)); b0->flags |= VNET_BUFFER_F_IS_NATED; @@ -1554,12 +1579,12 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, ip_csum_update (sum0, old_port0, new_port0, ip4_header_t /* cheat */ , length /* changed member */ ); - mss_clamping (sm->mss_clamping, tcp0, &sum0); + mss_clamping (nm->mss_clamping, tcp0, &sum0); tcp0->checksum = ip_csum_fold (sum0); } - vlib_increment_simple_counter (is_slow_path ? &sm-> - counters.slowpath.in2out.tcp : &sm-> - counters.fastpath.in2out.tcp, + vlib_increment_simple_counter (is_slow_path ? + &nm->counters.slowpath.in2out.tcp : + &nm->counters.fastpath.in2out.tcp, thread_index, sw_if_index0, 1); } else @@ -1582,9 +1607,9 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, udp0->checksum = ip_csum_fold (sum0); } } - vlib_increment_simple_counter (is_slow_path ? &sm-> - counters.slowpath.in2out.udp : &sm-> - counters.fastpath.in2out.udp, + vlib_increment_simple_counter (is_slow_path ? + &nm->counters.slowpath.in2out.udp : + &nm->counters.fastpath.in2out.udp, thread_index, sw_if_index0, 1); } @@ -1592,29 +1617,28 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, nat44_ei_session_update_counters ( s0, now, vlib_buffer_length_in_chain (vm, b0), thread_index); /* Per-user LRU list maintenance */ - nat44_session_update_lru (sm, s0, thread_index); + nat44_ei_session_update_lru (nm, s0, thread_index); trace0: if (PREDICT_FALSE ((node->flags & VLIB_NODE_FLAG_TRACE) && (b0->flags & VLIB_BUFFER_IS_TRACED))) { - snat_in2out_trace_t *t = vlib_add_trace (vm, node, b0, sizeof (*t)); + nat44_ei_in2out_trace_t *t = + vlib_add_trace (vm, node, b0, sizeof (*t)); t->is_slow_path = is_slow_path; t->sw_if_index = sw_if_index0; t->next_index = next0; t->session_index = ~0; if (s0) - t->session_index = - s0 - sm->per_thread_data[thread_index].sessions; + t->session_index = s0 - nm->per_thread_data[thread_index].sessions; } - if (next0 == SNAT_IN2OUT_NEXT_DROP) + if (next0 == NAT44_EI_IN2OUT_NEXT_DROP) { - vlib_increment_simple_counter (is_slow_path ? &sm-> - counters.slowpath.in2out. - drops : &sm->counters.fastpath. - in2out.drops, thread_index, - sw_if_index0, 1); + vlib_increment_simple_counter ( + is_slow_path ? &nm->counters.slowpath.in2out.drops : + &nm->counters.fastpath.in2out.drops, + thread_index, sw_if_index0, 1); } n_left_from--; @@ -1627,138 +1651,133 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, return frame->n_vectors; } -VLIB_NODE_FN (snat_in2out_node) (vlib_main_t * vm, - vlib_node_runtime_t * node, - vlib_frame_t * frame) +VLIB_NODE_FN (nat44_ei_in2out_node) +(vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame) { - return snat_in2out_node_fn_inline (vm, node, frame, 0 /* is_slow_path */ , - 0); + return nat44_ei_in2out_node_fn_inline (vm, node, frame, 0 /* is_slow_path */, + 0); } -VLIB_REGISTER_NODE (snat_in2out_node) = { - .name = "nat44-in2out", +VLIB_REGISTER_NODE (nat44_ei_in2out_node) = { + .name = "nat44-ei-in2out", .vector_size = sizeof (u32), - .format_trace = format_snat_in2out_trace, + .format_trace = format_nat44_ei_in2out_trace, .type = VLIB_NODE_TYPE_INTERNAL, - .n_errors = ARRAY_LEN(snat_in2out_error_strings), - .error_strings = snat_in2out_error_strings, + .n_errors = ARRAY_LEN(nat44_ei_in2out_error_strings), + .error_strings = nat44_ei_in2out_error_strings, - .runtime_data_bytes = sizeof (snat_runtime_t), + .runtime_data_bytes = sizeof (nat44_ei_runtime_t), - .n_next_nodes = SNAT_IN2OUT_N_NEXT, + .n_next_nodes = NAT44_EI_IN2OUT_N_NEXT, /* edit / add dispositions here */ .next_nodes = { - [SNAT_IN2OUT_NEXT_DROP] = "error-drop", - [SNAT_IN2OUT_NEXT_LOOKUP] = "ip4-lookup", - [SNAT_IN2OUT_NEXT_SLOW_PATH] = "nat44-in2out-slowpath", - [SNAT_IN2OUT_NEXT_ICMP_ERROR] = "ip4-icmp-error", - [SNAT_IN2OUT_NEXT_HAIRPINNING_HANDOFF] = "nat44-in2out-hairpinning-handoff-ip4-lookup", + [NAT44_EI_IN2OUT_NEXT_DROP] = "error-drop", + [NAT44_EI_IN2OUT_NEXT_LOOKUP] = "ip4-lookup", + [NAT44_EI_IN2OUT_NEXT_SLOW_PATH] = "nat44-ei-in2out-slowpath", + [NAT44_EI_IN2OUT_NEXT_ICMP_ERROR] = "ip4-icmp-error", + [NAT44_EI_IN2OUT_NEXT_HAIRPINNING_HANDOFF] = "nat44-ei-in2out-hairpinning-handoff-ip4-lookup", }, }; -VLIB_NODE_FN (snat_in2out_output_node) (vlib_main_t * vm, - vlib_node_runtime_t * node, - vlib_frame_t * frame) +VLIB_NODE_FN (nat44_ei_in2out_output_node) +(vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame) { - return snat_in2out_node_fn_inline (vm, node, frame, 0 /* is_slow_path */ , - 1); + return nat44_ei_in2out_node_fn_inline (vm, node, frame, 0 /* is_slow_path */, + 1); } -VLIB_REGISTER_NODE (snat_in2out_output_node) = { - .name = "nat44-in2out-output", +VLIB_REGISTER_NODE (nat44_ei_in2out_output_node) = { + .name = "nat44-ei-in2out-output", .vector_size = sizeof (u32), - .format_trace = format_snat_in2out_trace, + .format_trace = format_nat44_ei_in2out_trace, .type = VLIB_NODE_TYPE_INTERNAL, - .n_errors = ARRAY_LEN(snat_in2out_error_strings), - .error_strings = snat_in2out_error_strings, + .n_errors = ARRAY_LEN(nat44_ei_in2out_error_strings), + .error_strings = nat44_ei_in2out_error_strings, - .runtime_data_bytes = sizeof (snat_runtime_t), + .runtime_data_bytes = sizeof (nat44_ei_runtime_t), - .n_next_nodes = SNAT_IN2OUT_N_NEXT, + .n_next_nodes = NAT44_EI_IN2OUT_N_NEXT, /* edit / add dispositions here */ .next_nodes = { - [SNAT_IN2OUT_NEXT_DROP] = "error-drop", - [SNAT_IN2OUT_NEXT_LOOKUP] = "interface-output", - [SNAT_IN2OUT_NEXT_SLOW_PATH] = "nat44-in2out-output-slowpath", - [SNAT_IN2OUT_NEXT_ICMP_ERROR] = "ip4-icmp-error", - [SNAT_IN2OUT_NEXT_HAIRPINNING_HANDOFF] = "nat44-in2out-hairpinning-handoff-interface-output", + [NAT44_EI_IN2OUT_NEXT_DROP] = "error-drop", + [NAT44_EI_IN2OUT_NEXT_LOOKUP] = "interface-output", + [NAT44_EI_IN2OUT_NEXT_SLOW_PATH] = "nat44-ei-in2out-output-slowpath", + [NAT44_EI_IN2OUT_NEXT_ICMP_ERROR] = "ip4-icmp-error", + [NAT44_EI_IN2OUT_NEXT_HAIRPINNING_HANDOFF] = "nat44-ei-in2out-hairpinning-handoff-interface-output", }, }; -VLIB_NODE_FN (snat_in2out_slowpath_node) (vlib_main_t * vm, - vlib_node_runtime_t * node, - vlib_frame_t * frame) +VLIB_NODE_FN (nat44_ei_in2out_slowpath_node) +(vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame) { - return snat_in2out_node_fn_inline (vm, node, frame, 1 /* is_slow_path */ , - 0); + return nat44_ei_in2out_node_fn_inline (vm, node, frame, 1 /* is_slow_path */, + 0); } -VLIB_REGISTER_NODE (snat_in2out_slowpath_node) = { - .name = "nat44-in2out-slowpath", +VLIB_REGISTER_NODE (nat44_ei_in2out_slowpath_node) = { + .name = "nat44-ei-in2out-slowpath", .vector_size = sizeof (u32), - .format_trace = format_snat_in2out_trace, + .format_trace = format_nat44_ei_in2out_trace, .type = VLIB_NODE_TYPE_INTERNAL, - .n_errors = ARRAY_LEN(snat_in2out_error_strings), - .error_strings = snat_in2out_error_strings, + .n_errors = ARRAY_LEN(nat44_ei_in2out_error_strings), + .error_strings = nat44_ei_in2out_error_strings, - .runtime_data_bytes = sizeof (snat_runtime_t), + .runtime_data_bytes = sizeof (nat44_ei_runtime_t), - .n_next_nodes = SNAT_IN2OUT_N_NEXT, + .n_next_nodes = NAT44_EI_IN2OUT_N_NEXT, /* edit / add dispositions here */ .next_nodes = { - [SNAT_IN2OUT_NEXT_DROP] = "error-drop", - [SNAT_IN2OUT_NEXT_LOOKUP] = "ip4-lookup", - [SNAT_IN2OUT_NEXT_SLOW_PATH] = "nat44-in2out-slowpath", - [SNAT_IN2OUT_NEXT_ICMP_ERROR] = "ip4-icmp-error", - [SNAT_IN2OUT_NEXT_HAIRPINNING_HANDOFF] = "nat44-in2out-hairpinning-handoff-ip4-lookup", + [NAT44_EI_IN2OUT_NEXT_DROP] = "error-drop", + [NAT44_EI_IN2OUT_NEXT_LOOKUP] = "ip4-lookup", + [NAT44_EI_IN2OUT_NEXT_SLOW_PATH] = "nat44-ei-in2out-slowpath", + [NAT44_EI_IN2OUT_NEXT_ICMP_ERROR] = "ip4-icmp-error", + [NAT44_EI_IN2OUT_NEXT_HAIRPINNING_HANDOFF] = "nat44-ei-in2out-hairpinning-handoff-ip4-lookup", }, }; -VLIB_NODE_FN (snat_in2out_output_slowpath_node) (vlib_main_t * vm, - vlib_node_runtime_t * node, - vlib_frame_t * frame) +VLIB_NODE_FN (nat44_ei_in2out_output_slowpath_node) +(vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame) { - return snat_in2out_node_fn_inline (vm, node, frame, 1 /* is_slow_path */ , - 1); + return nat44_ei_in2out_node_fn_inline (vm, node, frame, 1 /* is_slow_path */, + 1); } -VLIB_REGISTER_NODE (snat_in2out_output_slowpath_node) = { - .name = "nat44-in2out-output-slowpath", +VLIB_REGISTER_NODE (nat44_ei_in2out_output_slowpath_node) = { + .name = "nat44-ei-in2out-output-slowpath", .vector_size = sizeof (u32), - .format_trace = format_snat_in2out_trace, + .format_trace = format_nat44_ei_in2out_trace, .type = VLIB_NODE_TYPE_INTERNAL, - .n_errors = ARRAY_LEN(snat_in2out_error_strings), - .error_strings = snat_in2out_error_strings, + .n_errors = ARRAY_LEN(nat44_ei_in2out_error_strings), + .error_strings = nat44_ei_in2out_error_strings, - .runtime_data_bytes = sizeof (snat_runtime_t), + .runtime_data_bytes = sizeof (nat44_ei_runtime_t), - .n_next_nodes = SNAT_IN2OUT_N_NEXT, + .n_next_nodes = NAT44_EI_IN2OUT_N_NEXT, /* edit / add dispositions here */ .next_nodes = { - [SNAT_IN2OUT_NEXT_DROP] = "error-drop", - [SNAT_IN2OUT_NEXT_LOOKUP] = "interface-output", - [SNAT_IN2OUT_NEXT_SLOW_PATH] = "nat44-in2out-output-slowpath", - [SNAT_IN2OUT_NEXT_ICMP_ERROR] = "ip4-icmp-error", - [SNAT_IN2OUT_NEXT_HAIRPINNING_HANDOFF] = "nat44-in2out-hairpinning-handoff-interface-output", + [NAT44_EI_IN2OUT_NEXT_DROP] = "error-drop", + [NAT44_EI_IN2OUT_NEXT_LOOKUP] = "interface-output", + [NAT44_EI_IN2OUT_NEXT_SLOW_PATH] = "nat44-ei-in2out-output-slowpath", + [NAT44_EI_IN2OUT_NEXT_ICMP_ERROR] = "ip4-icmp-error", + [NAT44_EI_IN2OUT_NEXT_HAIRPINNING_HANDOFF] = "nat44-ei-in2out-hairpinning-handoff-interface-output", }, }; -VLIB_NODE_FN (snat_in2out_fast_node) (vlib_main_t * vm, - vlib_node_runtime_t * node, - vlib_frame_t * frame) +VLIB_NODE_FN (nat44_ei_in2out_fast_node) +(vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame) { u32 n_left_from, *from, *to_next; u32 thread_index = vm->thread_index; - snat_in2out_next_t next_index; - snat_main_t *sm = &snat_main; + nat44_ei_in2out_next_t next_index; + nat44_ei_main_t *nm = &nat44_ei_main; int is_hairpinning = 0; from = vlib_frame_vector_args (frame); @@ -1800,7 +1819,7 @@ VLIB_NODE_FN (snat_in2out_fast_node) (vlib_main_t * vm, n_left_to_next -= 1; b0 = vlib_get_buffer (vm, bi0); - next0 = SNAT_IN2OUT_NEXT_LOOKUP; + next0 = NAT44_EI_IN2OUT_NEXT_LOOKUP; ip0 = vlib_buffer_get_current (b0); udp0 = ip4_next_header (ip0); @@ -1817,7 +1836,7 @@ VLIB_NODE_FN (snat_in2out_fast_node) (vlib_main_t * vm, icmp4_error_set_vnet_buffer (b0, ICMP4_time_exceeded, ICMP4_time_exceeded_ttl_exceeded_in_transit, 0); - next0 = SNAT_IN2OUT_NEXT_ICMP_ERROR; + next0 = NAT44_EI_IN2OUT_NEXT_ICMP_ERROR; goto trace0; } @@ -1828,8 +1847,8 @@ VLIB_NODE_FN (snat_in2out_fast_node) (vlib_main_t * vm, if (PREDICT_FALSE (proto0 == NAT_PROTOCOL_ICMP)) { - next0 = icmp_in2out (sm, b0, ip0, icmp0, sw_if_index0, - rx_fib_index0, node, next0, ~0, 0); + next0 = nat44_ei_icmp_in2out (b0, ip0, icmp0, sw_if_index0, + rx_fib_index0, node, next0, ~0, 0); goto trace0; } @@ -1837,8 +1856,8 @@ VLIB_NODE_FN (snat_in2out_fast_node) (vlib_main_t * vm, ip0->src_address, udp0->src_port, rx_fib_index0, proto0, &sm0_addr, &sm0_port, &sm0_fib_index, 0, 0, 0)) { - b0->error = node->errors[SNAT_IN2OUT_ERROR_NO_TRANSLATION]; - next0 = SNAT_IN2OUT_NEXT_DROP; + b0->error = node->errors[NAT44_EI_IN2OUT_ERROR_NO_TRANSLATION]; + next0 = NAT44_EI_IN2OUT_NEXT_DROP; goto trace0; } @@ -1868,7 +1887,7 @@ VLIB_NODE_FN (snat_in2out_fast_node) (vlib_main_t * vm, sum0 = ip_csum_update (sum0, old_port0, new_port0, ip4_header_t /* cheat */ , length /* changed member */ ); - mss_clamping (sm->mss_clamping, tcp0, &sum0); + mss_clamping (nm->mss_clamping, tcp0, &sum0); tcp0->checksum = ip_csum_fold (sum0); } else if (udp0->checksum) @@ -1891,7 +1910,7 @@ VLIB_NODE_FN (snat_in2out_fast_node) (vlib_main_t * vm, sum0 = ip_csum_update (sum0, old_addr0, new_addr0, ip4_header_t, dst_address /* changed member */ ); - mss_clamping (sm->mss_clamping, tcp0, &sum0); + mss_clamping (nm->mss_clamping, tcp0, &sum0); tcp0->checksum = ip_csum_fold (sum0); } else if (udp0->checksum) @@ -1905,34 +1924,34 @@ VLIB_NODE_FN (snat_in2out_fast_node) (vlib_main_t * vm, } /* Hairpinning */ - is_hairpinning = snat_hairpinning ( - vm, node, sm, thread_index, b0, ip0, udp0, tcp0, proto0, + is_hairpinning = nat44_ei_hairpinning ( + vm, node, nm, thread_index, b0, ip0, udp0, tcp0, proto0, 0 /* do_trace */, &required_thread_index); if (thread_index != required_thread_index) { vnet_buffer (b0)->snat.required_thread_index = required_thread_index; - next0 = SNAT_IN2OUT_NEXT_HAIRPINNING_HANDOFF; + next0 = NAT44_EI_IN2OUT_NEXT_HAIRPINNING_HANDOFF; } trace0: if (PREDICT_FALSE ((node->flags & VLIB_NODE_FLAG_TRACE) && (b0->flags & VLIB_BUFFER_IS_TRACED))) { - snat_in2out_trace_t *t = + nat44_ei_in2out_trace_t *t = vlib_add_trace (vm, node, b0, sizeof (*t)); t->sw_if_index = sw_if_index0; t->next_index = next0; t->is_hairpinning = is_hairpinning; } - if (next0 != SNAT_IN2OUT_NEXT_DROP) + if (next0 != NAT44_EI_IN2OUT_NEXT_DROP) { - vlib_increment_simple_counter (&sm->counters.fastpath. - in2out.other, sw_if_index0, - vm->thread_index, 1); + vlib_increment_simple_counter ( + &nm->counters.fastpath.in2out.other, sw_if_index0, + vm->thread_index, 1); } /* verify speculative enqueue, maybe switch current next frame */ @@ -1947,43 +1966,43 @@ VLIB_NODE_FN (snat_in2out_fast_node) (vlib_main_t * vm, return frame->n_vectors; } -VLIB_REGISTER_NODE (snat_in2out_fast_node) = { - .name = "nat44-in2out-fast", +VLIB_REGISTER_NODE (nat44_ei_in2out_fast_node) = { + .name = "nat44-ei-in2out-fast", .vector_size = sizeof (u32), - .format_trace = format_snat_in2out_fast_trace, + .format_trace = format_nat44_ei_in2out_fast_trace, .type = VLIB_NODE_TYPE_INTERNAL, - .n_errors = ARRAY_LEN(snat_in2out_error_strings), - .error_strings = snat_in2out_error_strings, + .n_errors = ARRAY_LEN(nat44_ei_in2out_error_strings), + .error_strings = nat44_ei_in2out_error_strings, - .runtime_data_bytes = sizeof (snat_runtime_t), + .runtime_data_bytes = sizeof (nat44_ei_runtime_t), - .n_next_nodes = SNAT_IN2OUT_N_NEXT, + .n_next_nodes = NAT44_EI_IN2OUT_N_NEXT, /* edit / add dispositions here */ .next_nodes = { - [SNAT_IN2OUT_NEXT_DROP] = "error-drop", - [SNAT_IN2OUT_NEXT_LOOKUP] = "ip4-lookup", - [SNAT_IN2OUT_NEXT_SLOW_PATH] = "nat44-in2out-slowpath", - [SNAT_IN2OUT_NEXT_ICMP_ERROR] = "ip4-icmp-error", - [SNAT_IN2OUT_NEXT_HAIRPINNING_HANDOFF] = "nat44-in2out-hairpinning-handoff-ip4-lookup", + [NAT44_EI_IN2OUT_NEXT_DROP] = "error-drop", + [NAT44_EI_IN2OUT_NEXT_LOOKUP] = "ip4-lookup", + [NAT44_EI_IN2OUT_NEXT_SLOW_PATH] = "nat44-ei-in2out-slowpath", + [NAT44_EI_IN2OUT_NEXT_ICMP_ERROR] = "ip4-icmp-error", + [NAT44_EI_IN2OUT_NEXT_HAIRPINNING_HANDOFF] = "nat44-ei-in2out-hairpinning-handoff-ip4-lookup", }, }; -VLIB_NODE_FN (nat44_in2out_hairpinning_handoff_ip4_lookup_node) +VLIB_NODE_FN (nat44_ei_in2out_hairpinning_handoff_ip4_lookup_node) (vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame) { - return nat44_hairpinning_handoff_fn_inline ( + return nat44_ei_hairpinning_handoff_fn_inline ( vm, node, frame, - snat_main.nat44_in2out_hairpinning_finish_ip4_lookup_node_fq_index); + nat44_ei_main.in2out_hairpinning_finish_ip4_lookup_node_fq_index); } -VLIB_REGISTER_NODE (nat44_in2out_hairpinning_handoff_ip4_lookup_node) = { - .name = "nat44-in2out-hairpinning-handoff-ip4-lookup", +VLIB_REGISTER_NODE (nat44_ei_in2out_hairpinning_handoff_ip4_lookup_node) = { + .name = "nat44-ei-in2out-hairpinning-handoff-ip4-lookup", .vector_size = sizeof (u32), - .n_errors = ARRAY_LEN(nat44_hairpinning_handoff_error_strings), - .error_strings = nat44_hairpinning_handoff_error_strings, - .format_trace = format_nat44_hairpinning_handoff_trace, + .n_errors = ARRAY_LEN(nat44_ei_hairpinning_handoff_error_strings), + .error_strings = nat44_ei_hairpinning_handoff_error_strings, + .format_trace = format_nat44_ei_hairpinning_handoff_trace, .n_next_nodes = 1, @@ -1992,20 +2011,20 @@ VLIB_REGISTER_NODE (nat44_in2out_hairpinning_handoff_ip4_lookup_node) = { }, }; -VLIB_NODE_FN (nat44_in2out_hairpinning_handoff_interface_output_node) +VLIB_NODE_FN (nat44_ei_in2out_hairpinning_handoff_interface_output_node) (vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame) { - return nat44_hairpinning_handoff_fn_inline ( + return nat44_ei_hairpinning_handoff_fn_inline ( vm, node, frame, - snat_main.nat44_in2out_hairpinning_finish_interface_output_node_fq_index); + nat44_ei_main.in2out_hairpinning_finish_interface_output_node_fq_index); } -VLIB_REGISTER_NODE (nat44_in2out_hairpinning_handoff_interface_output_node) = { - .name = "nat44-in2out-hairpinning-handoff-interface-output", +VLIB_REGISTER_NODE (nat44_ei_in2out_hairpinning_handoff_interface_output_node) = { + .name = "nat44-ei-in2out-hairpinning-handoff-interface-output", .vector_size = sizeof (u32), - .n_errors = ARRAY_LEN(nat44_hairpinning_handoff_error_strings), - .error_strings = nat44_hairpinning_handoff_error_strings, - .format_trace = format_nat44_hairpinning_handoff_trace, + .n_errors = ARRAY_LEN(nat44_ei_hairpinning_handoff_error_strings), + .error_strings = nat44_ei_hairpinning_handoff_error_strings, + .format_trace = format_nat44_ei_hairpinning_handoff_trace, .n_next_nodes = 1, @@ -2015,14 +2034,14 @@ VLIB_REGISTER_NODE (nat44_in2out_hairpinning_handoff_interface_output_node) = { }; static_always_inline int -nat44_in2out_hairpinning_finish_inline (vlib_main_t *vm, - vlib_node_runtime_t *node, - vlib_frame_t *frame) +nat44_ei_in2out_hairpinning_finish_inline (vlib_main_t *vm, + vlib_node_runtime_t *node, + vlib_frame_t *frame) { u32 n_left_from, *from, *to_next; u32 thread_index = vm->thread_index; - snat_in2out_next_t next_index; - snat_main_t *sm = &snat_main; + nat44_ei_in2out_next_t next_index; + nat44_ei_main_t *nm = &nat44_ei_main; int is_hairpinning = 0; from = vlib_frame_vector_args (frame); @@ -2057,7 +2076,7 @@ nat44_in2out_hairpinning_finish_inline (vlib_main_t *vm, n_left_to_next -= 1; b0 = vlib_get_buffer (vm, bi0); - next0 = NAT44_IN2OUT_HAIRPINNING_FINISH_NEXT_LOOKUP; + next0 = NAT44_EI_IN2OUT_HAIRPINNING_FINISH_NEXT_LOOKUP; ip0 = vlib_buffer_get_current (b0); udp0 = ip4_next_header (ip0); @@ -2072,41 +2091,41 @@ nat44_in2out_hairpinning_finish_inline (vlib_main_t *vm, case NAT_PROTOCOL_TCP: // fallthrough case NAT_PROTOCOL_UDP: - is_hairpinning = snat_hairpinning ( - vm, node, sm, thread_index, b0, ip0, udp0, tcp0, proto0, + is_hairpinning = nat44_ei_hairpinning ( + vm, node, nm, thread_index, b0, ip0, udp0, tcp0, proto0, 0 /* do_trace */, &required_thread_index); break; case NAT_PROTOCOL_ICMP: - is_hairpinning = - (0 == snat_icmp_hairpinning (sm, b0, thread_index, ip0, icmp0, - &required_thread_index)); + is_hairpinning = (0 == nat44_ei_icmp_hairpinning ( + nm, b0, thread_index, ip0, icmp0, + &required_thread_index)); break; case NAT_PROTOCOL_OTHER: // this should never happen - next0 = NAT44_IN2OUT_HAIRPINNING_FINISH_NEXT_DROP; + next0 = NAT44_EI_IN2OUT_HAIRPINNING_FINISH_NEXT_DROP; break; } if (thread_index != required_thread_index) { // but we already did a handoff ... - next0 = NAT44_IN2OUT_HAIRPINNING_FINISH_NEXT_DROP; + next0 = NAT44_EI_IN2OUT_HAIRPINNING_FINISH_NEXT_DROP; } if (PREDICT_FALSE ((node->flags & VLIB_NODE_FLAG_TRACE) && (b0->flags & VLIB_BUFFER_IS_TRACED))) { - snat_in2out_trace_t *t = + nat44_ei_in2out_trace_t *t = vlib_add_trace (vm, node, b0, sizeof (*t)); t->sw_if_index = sw_if_index0; t->next_index = next0; t->is_hairpinning = is_hairpinning; } - if (next0 != NAT44_IN2OUT_HAIRPINNING_FINISH_NEXT_DROP) + if (next0 != NAT44_EI_IN2OUT_HAIRPINNING_FINISH_NEXT_DROP) { vlib_increment_simple_counter ( - &sm->counters.fastpath.in2out.other, sw_if_index0, + &nm->counters.fastpath.in2out.other, sw_if_index0, vm->thread_index, 1); } @@ -2121,55 +2140,55 @@ nat44_in2out_hairpinning_finish_inline (vlib_main_t *vm, return frame->n_vectors; } -VLIB_NODE_FN (nat44_in2out_hairpinning_finish_ip4_lookup_node) +VLIB_NODE_FN (nat44_ei_in2out_hairpinning_finish_ip4_lookup_node) (vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame) { - return nat44_in2out_hairpinning_finish_inline (vm, node, frame); + return nat44_ei_in2out_hairpinning_finish_inline (vm, node, frame); } -VLIB_REGISTER_NODE (nat44_in2out_hairpinning_finish_ip4_lookup_node) = { - .name = "nat44-in2out-hairpinning-finish-ip4-lookup", +VLIB_REGISTER_NODE (nat44_ei_in2out_hairpinning_finish_ip4_lookup_node) = { + .name = "nat44-ei-in2out-hairpinning-finish-ip4-lookup", .vector_size = sizeof (u32), - .format_trace = format_snat_in2out_fast_trace, + .format_trace = format_nat44_ei_in2out_fast_trace, .type = VLIB_NODE_TYPE_INTERNAL, - .n_errors = ARRAY_LEN(snat_in2out_error_strings), - .error_strings = snat_in2out_error_strings, + .n_errors = ARRAY_LEN(nat44_ei_in2out_error_strings), + .error_strings = nat44_ei_in2out_error_strings, - .runtime_data_bytes = sizeof (snat_runtime_t), + .runtime_data_bytes = sizeof (nat44_ei_runtime_t), - .n_next_nodes = NAT44_IN2OUT_HAIRPINNING_FINISH_N_NEXT, + .n_next_nodes = NAT44_EI_IN2OUT_HAIRPINNING_FINISH_N_NEXT, /* edit / add dispositions here */ .next_nodes = { - [NAT44_IN2OUT_HAIRPINNING_FINISH_NEXT_DROP] = "error-drop", - [NAT44_IN2OUT_HAIRPINNING_FINISH_NEXT_LOOKUP] = "ip4-lookup", + [NAT44_EI_IN2OUT_HAIRPINNING_FINISH_NEXT_DROP] = "error-drop", + [NAT44_EI_IN2OUT_HAIRPINNING_FINISH_NEXT_LOOKUP] = "ip4-lookup", }, }; -VLIB_NODE_FN (nat44_in2out_hairpinning_finish_interface_output_node) +VLIB_NODE_FN (nat44_ei_in2out_hairpinning_finish_interface_output_node) (vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame) { - return nat44_in2out_hairpinning_finish_inline (vm, node, frame); + return nat44_ei_in2out_hairpinning_finish_inline (vm, node, frame); } -VLIB_REGISTER_NODE (nat44_in2out_hairpinning_finish_interface_output_node) = { - .name = "nat44-in2out-hairpinning-finish-interface-output", +VLIB_REGISTER_NODE (nat44_ei_in2out_hairpinning_finish_interface_output_node) = { + .name = "nat44-ei-in2out-hairpinning-finish-interface-output", .vector_size = sizeof (u32), - .format_trace = format_snat_in2out_fast_trace, + .format_trace = format_nat44_ei_in2out_fast_trace, .type = VLIB_NODE_TYPE_INTERNAL, - .n_errors = ARRAY_LEN(snat_in2out_error_strings), - .error_strings = snat_in2out_error_strings, + .n_errors = ARRAY_LEN(nat44_ei_in2out_error_strings), + .error_strings = nat44_ei_in2out_error_strings, - .runtime_data_bytes = sizeof (snat_runtime_t), + .runtime_data_bytes = sizeof (nat44_ei_runtime_t), - .n_next_nodes = NAT44_IN2OUT_HAIRPINNING_FINISH_N_NEXT, + .n_next_nodes = NAT44_EI_IN2OUT_HAIRPINNING_FINISH_N_NEXT, /* edit / add dispositions here */ .next_nodes = { - [NAT44_IN2OUT_HAIRPINNING_FINISH_NEXT_DROP] = "error-drop", - [NAT44_IN2OUT_HAIRPINNING_FINISH_NEXT_LOOKUP] = "interface-output", + [NAT44_EI_IN2OUT_HAIRPINNING_FINISH_NEXT_DROP] = "error-drop", + [NAT44_EI_IN2OUT_HAIRPINNING_FINISH_NEXT_LOOKUP] = "interface-output", }, }; -- cgit 1.2.3-korg