ligang/vpp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

nat: Final NAT44 EI/ED split patch

Browse Source 
This patch achieves complete separation of
endpoint-dependent and endpoint-independent IPv4 NAT
features. Some common stuff is also moved to NAT
library.

Type: refactor

Change-Id: I52468b7e2b5ac28958a2baf8e2ea01787322e801
Signed-off-by: Filip Varga <fivarga@cisco.com>
This commit is contained in:
Filip Varga
2021-02-17 14:34:54 +01:00
committed by Ole Tr�an
parent 5db2f4a431
commit 0eaf4e6784
44 changed files with 10845 additions and 5866 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/plugins/nat/CMakeLists.txt
+44 -27
View File
@@ -18,43 +18,60 @@ add_vpp_library(nat
lib/ipfix_logging.c
lib/nat_syslog.c
lib/alloc.c
lib/lib.c
INSTALL_HEADERS
lib/ipfix_logging.h
lib/nat_syslog.h
lib/alloc.h
lib/lib.h
)
add_vpp_plugin(nat
SOURCES
nat.c
nat44_api.c
in2out_ed.c
out2in_ed.c
nat_dpo.c
nat44_cli.c
nat44_handoff.c
nat44_hairpinning.c
nat44_classify.c
nat_affinity.c
nat_format.c
nat44-ei/nat44_ei.c
nat44-ei/nat44_ei_ha.c
nat44-ei/nat44_ei_in2out.c
nat44-ei/nat44_ei_out2in.c
nat44-ed/nat44_ed.c
nat44-ed/nat44_ed_api.c
nat44-ed/nat44_ed_in2out.c
nat44-ed/nat44_ed_out2in.c
nat44-ed/nat44_ed_cli.c
nat44-ed/nat44_ed_format.c
nat44-ed/nat44_ed_affinity.c
nat44-ed/nat44_ed_handoff.c
nat44-ed/nat44_ed_classify.c
MULTIARCH_SOURCES
in2out_ed.c
out2in_ed.c
nat44_classify.c
nat44_hairpinning.c
nat44_handoff.c
nat44-ei/nat44_ei_in2out.c
nat44-ei/nat44_ei_out2in.c
nat44-ed/nat44_ed_in2out.c
nat44-ed/nat44_ed_out2in.c
nat44-ed/nat44_ed_handoff.c
nat44-ed/nat44_ed_classify.c
API_FILES
nat44.api
nat_types.api
nat44-ed/nat44_ed.api
lib/nat_types.api
LINK_LIBRARIES nat
)
add_vpp_plugin(nat44_ei
SOURCES
nat44-ei/nat44_ei.c
nat44-ei/nat44_ei_ha.c
nat44-ei/nat44_ei_cli.c
nat44-ei/nat44_ei_api.c
nat44-ei/nat44_ei_dpo.c
nat44-ei/nat44_ei_in2out.c
nat44-ei/nat44_ei_out2in.c
nat44-ei/nat44_ei_handoff.c
nat44-ei/nat44_ei_hairpinning.c
MULTIARCH_SOURCES
nat44-ei/nat44_ei_in2out.c
nat44-ei/nat44_ei_out2in.c
nat44-ei/nat44_ei_hairpinning.c
API_FILES
nat44-ei/nat44_ei.api
lib/nat_types.api
LINK_LIBRARIES nat
)
@@ -96,7 +113,7 @@ add_vpp_plugin(nat66
API_FILES
nat66/nat66.api
nat_types.api
lib/nat_types.api
LINK_LIBRARIES nat
)
@@ -115,7 +132,7 @@ add_vpp_plugin(det44
API_FILES
det44/det44.api
nat_types.api
lib/nat_types.api
LINK_LIBRARIES nat
)
@@ -135,7 +152,7 @@ add_vpp_plugin(nat64
API_FILES
nat64/nat64.api
nat_types.api
lib/nat_types.api
LINK_LIBRARIES nat
)
src/plugins/nat/FEATURE.yaml
+12 -3
View File
@@ -4,7 +4,17 @@ maintainer:
- Ole Troan <ot@cisco.com>
- Filip Varga <fivarga@cisco.com>
features:
- NAT44:
- NAT44-EI - IPv4 Endpoint Independent NAT
- 1:1 NAT
- 1:1 NAT with ports
- VRF awareness
- Multiple inside interfaces
- Hairpinning
- IPFIX
- Syslog
- TCP MSS clamping
- Local bypass (DHCP)
- NAT44-ED - IPv4 Endpoint Dependent NAT
- 1:1 NAT
- 1:1 NAT with ports
- VRF awareness
@@ -12,13 +22,12 @@ features:
- Hairpinning
- IPFIX
- Syslog
- Endpoint dependent NAT
- TCP MSS clamping
- Local bypass (DHCP)
- DET44 - deterministic NAT (CGN)
- NAT64
- NAT66
- DS-lite
- DSLITE
- 464XLAT
description: "The Network Address Translation (NAT) plugin offers a multiple address
translation functions. These can be used in a raft of different
src/plugins/nat/det44/det44.api
+1 -1
View File
@@ -16,7 +16,7 @@
option version = "1.0.0";
import "vnet/ip/ip_types.api";
import "vnet/interface_types.api";
import "plugins/nat/nat_types.api";
import "plugins/nat/lib/nat_types.api";
/**
* @file det44.api
src/plugins/nat/dslite/dslite_cli.c
-19
View File
@@ -203,25 +203,6 @@ dslite_show_b4_ip6_addr_command_fn (vlib_main_t * vm,
return 0;
}
static u8 *
format_nat_protocol (u8 * s, va_list * args)
{
u32 i = va_arg (*args, u32);
u8 *t = 0;
switch (i)
{
#define _(N, j, n, str) case NAT_PROTOCOL_##N: t = (u8 *) str; break;
foreach_nat_protocol
#undef _
default:
s = format (s, "unknown");
return s;
}
s = format (s, "%s", t);
return s;
}
static u8 *
format_dslite_session (u8 * s, va_list * args)
{
src/plugins/nat/lib/lib.c
+59
View File
@@ -0,0 +1,59 @@
/*
* Copyright (c) 2020 Cisco and/or its affiliates.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at:
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include <nat/lib/lib.h>
uword
unformat_nat_protocol (unformat_input_t *input, va_list *args)
{
u32 *r = va_arg (*args, u32 *);
if (0)
;
#define _(N, i, n, s) else if (unformat (input, s)) *r = NAT_PROTOCOL_##N;
foreach_nat_protocol
#undef _
else return 0;
return 1;
}
u8 *
format_nat_protocol (u8 *s, va_list *args)
{
u32 i = va_arg (*args, u32);
u8 *t = 0;
switch (i)
{
#define _(N, j, n, str) \
case NAT_PROTOCOL_##N: \
t = (u8 *) str; \
break;
foreach_nat_protocol
#undef _
default : s = format (s, "unknown");
return s;
}
s = format (s, "%s", t);
return s;
}
/*
* fd.io coding-style-patch-verification: ON
*
* Local Variables:
* eval: (c-set-style "gnu")
* End:
*/
src/plugins/nat/lib/lib.h
+46 -1
View File
@@ -95,7 +95,52 @@ nat_reset_timeouts (nat_timeouts_t * timeouts)
timeouts->icmp = NAT_ICMP_TIMEOUT;
}
// TODO: move common formating definitions here
static_always_inline u32
nat_session_get_timeout (nat_timeouts_t *timeouts, nat_protocol_t proto,
u8 state)
{
switch (proto)
{
case NAT_PROTOCOL_ICMP:
return timeouts->icmp;
case NAT_PROTOCOL_UDP:
return timeouts->udp;
case NAT_PROTOCOL_TCP:
{
if (state)
return timeouts->tcp.transitory;
else
return timeouts->tcp.established;
}
default:
return timeouts->udp;
}
return 0;
}
static_always_inline u32
nat_calc_bihash_buckets (u32 n_elts)
{
n_elts = n_elts / 2.5;
u64 lower_pow2 = 1;
while (lower_pow2 * 2 < n_elts)
{
lower_pow2 = 2 * lower_pow2;
}
u64 upper_pow2 = 2 * lower_pow2;
if ((upper_pow2 - n_elts) < (n_elts - lower_pow2))
{
if (upper_pow2 <= UINT32_MAX)
{
return upper_pow2;
}
}
return lower_pow2;
}
u8 *format_nat_protocol (u8 *s, va_list *args);
uword unformat_nat_protocol (unformat_input_t *input, va_list *args);
#endif /* included_nat_lib_h__ */
/*
src/plugins/nat/lib/log.h
+214
View File
@@ -0,0 +1,214 @@
/*
* Copyright (c) 2020 Cisco and/or its affiliates.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at:
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/**
* @file
* @brief NAT port/address allocation lib
*/
#ifndef included_nat_log_h__
#define included_nat_log_h__
#include <vppinfra/elog.h>
#define foreach_nat_log_level \
_ (0x00, LOG_NONE) \
_ (0x01, LOG_ERROR) \
_ (0x02, LOG_WARNING) \
_ (0x03, LOG_NOTICE) \
_ (0x04, LOG_INFO) \
_ (0x05, LOG_DEBUG)
typedef enum nat_log_level_t_
{
#define _(n, f) NAT_##f = n,
foreach_nat_log_level
#undef _
} nat_log_level_t;
#define nat_elog(_pm, _level, _str) \
do \
{ \
if (PREDICT_FALSE (_pm->log_level >= _level)) \
{ \
ELOG_TYPE_DECLARE (e) = { \
.format = "nat-msg " _str, \
.format_args = "", \
}; \
ELOG_DATA (&vlib_global_main.elog_main, e); \
} \
} \
while (0);
#define nat_elog_addr(_pm, _level, _str, _addr) \
do \
{ \
if (PREDICT_FALSE (_pm->log_level >= _level)) \
{ \
ELOG_TYPE_DECLARE (e) = { \
.format = "nat-msg " _str " %d.%d.%d.%d", \
.format_args = "i1i1i1i1", \
}; \
CLIB_PACKED (struct { \
u8 oct1; \
u8 oct2; \
u8 oct3; \
u8 oct4; \
}) * \
ed; \
ed = ELOG_DATA (&vlib_global_main.elog_main, e); \
ed->oct4 = _addr >> 24; \
ed->oct3 = _addr >> 16; \
ed->oct2 = _addr >> 8; \
ed->oct1 = _addr; \
} \
} \
while (0);
#define nat_elog_debug_handoff(_pm, _str, _tid, _fib, _src, _dst) \
do \
{ \
if (PREDICT_FALSE (_pm->log_level >= NAT_LOG_DEBUG)) \
{ \
ELOG_TYPE_DECLARE (e) = { \
.format = "nat-msg " _str " ip src: %d.%d.%d.%d dst: %d.%d.%d.%d" \
" tid from: %d to: %d fib: %d", \
.format_args = "i1i1i1i1i1i1i1i1i4i4i4", \
}; \
CLIB_PACKED (struct { \
u8 src_oct1; \
u8 src_oct2; \
u8 src_oct3; \
u8 src_oct4; \
u8 dst_oct1; \
u8 dst_oct2; \
u8 dst_oct3; \
u8 dst_oct4; \
u32 ftid; \
u32 ttid; \
u32 fib; \
}) * \
ed; \
ed = ELOG_DATA (&vlib_global_main.elog_main, e); \
ed->src_oct1 = _src >> 24; \
ed->src_oct2 = _src >> 16; \
ed->src_oct3 = _src >> 8; \
ed->src_oct4 = _src; \
ed->dst_oct1 = _dst >> 24; \
ed->dst_oct2 = _dst >> 16; \
ed->dst_oct3 = _dst >> 8; \
ed->dst_oct4 = _dst; \
ed->ftid = vlib_get_thread_index (); \
ed->ttid = _tid; \
ed->fib = _fib; \
} \
} \
while (0);
#define nat_elog_debug_handoff_v2(_pm, _str, _prt, _fib, _src, _dst) \
do \
{ \
if (PREDICT_FALSE (_pm->log_level >= NAT_LOG_DEBUG)) \
{ \
ELOG_TYPE_DECLARE (e) = { \
.format = \
"nat-msg " _str " ip_src:%d.%d.%d.%d ip_dst:%d.%d.%d.%d" \
" tid:%d prt:%d fib:%d", \
.format_args = "i1i1i1i1i1i1i1i1i4i4i4", \
}; \
CLIB_PACKED (struct { \
u8 src_oct1; \
u8 src_oct2; \
u8 src_oct3; \
u8 src_oct4; \
u8 dst_oct1; \
u8 dst_oct2; \
u8 dst_oct3; \
u8 dst_oct4; \
u32 tid; \
u32 prt; \
u32 fib; \
}) * \
ed; \
ed = ELOG_DATA (&vlib_global_main.elog_main, e); \
ed->src_oct1 = _src >> 24; \
ed->src_oct2 = _src >> 16; \
ed->src_oct3 = _src >> 8; \
ed->src_oct4 = _src; \
ed->dst_oct1 = _dst >> 24; \
ed->dst_oct2 = _dst >> 16; \
ed->dst_oct3 = _dst >> 8; \
ed->dst_oct4 = _dst; \
ed->tid = vlib_get_thread_index (); \
ed->prt = _prt; \
ed->fib = _fib; \
} \
} \
while (0);
#define nat_elog_X1(_pm, _level, _fmt, _arg, _val1) \
do \
{ \
if (PREDICT_FALSE (_pm->log_level >= _level)) \
{ \
ELOG_TYPE_DECLARE (e) = { \
.format = "nat-msg " _fmt, \
.format_args = _arg, \
}; \
CLIB_PACKED (struct { typeof (_val1) val1; }) * ed; \
ed = ELOG_DATA (&vlib_global_main.elog_main, e); \
ed->val1 = _val1; \
} \
} \
while (0);
#define nat_elog_notice(_pm, nat_elog_str) \
nat_elog (_pm, NAT_LOG_INFO, "[notice] " nat_elog_str)
#define nat_elog_warn(_pm, nat_elog_str) \
nat_elog (_pm, NAT_LOG_WARNING, "[warning] " nat_elog_str)
#define nat_elog_err(_pm, nat_elog_str) \
nat_elog (_pm, NAT_LOG_ERROR, "[error] " nat_elog_str)
#define nat_elog_debug(_pm, nat_elog_str) \
nat_elog (_pm, NAT_LOG_DEBUG, "[debug] " nat_elog_str)
#define nat_elog_info(_pm, nat_elog_str) \
nat_elog (_pm, NAT_LOG_INFO, "[info] " nat_elog_str)
#define nat_elog_notice_X1(_pm, nat_elog_fmt_str, nat_elog_fmt_arg, \
nat_elog_val1) \
nat_elog_X1 (_pm, NAT_LOG_NOTICE, "[notice] " nat_elog_fmt_str, \
nat_elog_fmt_arg, nat_elog_val1)
#define nat_elog_warn_X1(_pm, nat_elog_fmt_str, nat_elog_fmt_arg, \
nat_elog_val1) \
nat_elog_X1 (_pm, NAT_LOG_WARNING, "[warning] " nat_elog_fmt_str, \
nat_elog_fmt_arg, nat_elog_val1)
#define nat_elog_err_X1(_pm, nat_elog_fmt_str, nat_elog_fmt_arg, \
nat_elog_val1) \
nat_elog_X1 (_pm, NAT_LOG_ERROR, "[error] " nat_elog_fmt_str, \
nat_elog_fmt_arg, nat_elog_val1)
#define nat_elog_debug_X1(_pm, nat_elog_fmt_str, nat_elog_fmt_arg, \
nat_elog_val1) \
nat_elog_X1 (_pm, NAT_LOG_DEBUG, "[debug] " nat_elog_fmt_str, \
nat_elog_fmt_arg, nat_elog_val1)
#define nat_elog_info_X1(_pm, nat_elog_fmt_str, nat_elog_fmt_arg, \
nat_elog_val1) \
nat_elog_X1 (_pm, NAT_LOG_INFO, "[info] " nat_elog_fmt_str, \
nat_elog_fmt_arg, nat_elog_val1)
#endif /* included_nat_lib_h__ */
/*
* fd.io coding-style-patch-verification: ON
*
* Local Variables:
* eval: (c-set-style "gnu")
* End:
*/
src/plugins/nat/lib/nat_inlines.h
+14
View File
@@ -77,6 +77,20 @@ mss_clamping (u16 mss_clamping, tcp_header_t * tcp, ip_csum_t * sum)
}
}
static_always_inline u16
nat_random_port (u32 *random_seed, u16 min, u16 max)
{
u32 rwide;
u16 r;
rwide = random_u32 (random_seed);
r = rwide & 0xFFFF;
if (r >= min && r <= max)
return r;
return min + (rwide % (max - min + 1));
}
#endif /* __included_lib_nat_inlines_h__ */
/*
src/plugins/nat/nat_types.api → src/plugins/nat/lib/nat_types.api
View File
src/plugins/nat/nat44.api → src/plugins/nat/nat44-ed/nat44_ed.api
+37 -37
View File
@@ -16,7 +16,7 @@
option version = "5.2.0";
import "vnet/ip/ip_types.api";
import "vnet/interface_types.api";
import "plugins/nat/nat_types.api";
import "plugins/nat/lib/nat_types.api";
/**
* @file nat44.api
@@ -390,42 +390,6 @@ define nat_get_timeouts_reply {
u32 icmp;
};
/** \brief Set NAT handoff frame queue options
@param client_index - opaque cookie to identify the sender
@param context - sender context, to match reply w/ request
@param frame_queue_nelts - number of worker handoff frame queue elements
*/
autoreply define nat_set_fq_options {
option in_progress;
u32 client_index;
u32 context;
u32 frame_queue_nelts;
};
/** \brief Show NAT handoff frame queue options
@param client_index - opaque cookie to identify the sender
@param context - sender context, to match reply w/ request
*/
define nat_show_fq_options
{
option in_progress;
u32 client_index;
u32 context;
};
/** \brief Show NAT handoff frame queue options reply
@param context - sender context, to match reply w/ request
@param retval - return code for the request
@param frame_queue_nelts - number of worker handoff frame queue elements
*/
define nat_show_fq_options_reply
{
option in_progress;
u32 context;
i32 retval;
u32 frame_queue_nelts;
};
/** \brief Set address and port assignment algorithm
@param client_index - opaque cookie to identify the sender
@param context - sender context, to match reply w/ request
@@ -1212,3 +1176,39 @@ define nat44_forwarding_is_enabled_reply {
u32 context;
bool enabled;
};
/** \brief Set NAT handoff frame queue options
@param client_index - opaque cookie to identify the sender
@param context - sender context, to match reply w/ request
@param frame_queue_nelts - number of worker handoff frame queue elements
*/
autoreply define nat44_ed_set_fq_options {
option in_progress;
u32 client_index;
u32 context;
u32 frame_queue_nelts;
};
/** \brief Show NAT handoff frame queue options
@param client_index - opaque cookie to identify the sender
@param context - sender context, to match reply w/ request
*/
define nat44_ed_show_fq_options
{
option in_progress;
u32 client_index;
u32 context;
};
/** \brief Show NAT handoff frame queue options reply
@param context - sender context, to match reply w/ request
@param retval - return code for the request
@param frame_queue_nelts - number of worker handoff frame queue elements
*/
define nat44_ed_show_fq_options_reply
{
option in_progress;
u32 context;
i32 retval;
u32 frame_queue_nelts;
};
src/plugins/nat/nat.c → src/plugins/nat/nat44-ed/nat44_ed.c
+221 -857
View File
File diff suppressed because it is too large Load Diff
src/plugins/nat/nat.h → src/plugins/nat/nat44-ed/nat44_ed.h
+10 -385
View File
File diff suppressed because it is too large Load Diff
src/plugins/nat/nat_affinity.c → src/plugins/nat/nat44-ed/nat44_ed_affinity.c
+13 -7
View File
@@ -17,8 +17,10 @@
* @brief NAT plugin client-IP based session affinity for load-balancing
*/
#include <nat/nat_affinity.h>
#include <nat/nat.h>
#include <nat/lib/log.h>
#include <nat/nat44-ed/nat44_ed.h>
#include <nat/nat44-ed/nat44_ed_affinity.h>
nat_affinity_main_t nat_affinity_main;
@@ -109,6 +111,7 @@ nat_affinity_get_per_service_list_head_index (void)
void
nat_affinity_flush_service (u32 affinity_per_service_list_head_index)
{
snat_main_t *sm = &snat_main;
nat_affinity_main_t *nam = &nat_affinity_main;
u32 elt_index;
dlist_elt_t *elt;
@@ -128,7 +131,7 @@ nat_affinity_flush_service (u32 affinity_per_service_list_head_index)
kv.key[1] = a->key.as_u64[1];
pool_put_index (nam->affinity_pool, elt->value);
if (clib_bihash_add_del_16_8 (&nam->affinity_hash, &kv, 0))
nat_elog_warn ("affinity key del failed");
nat_elog_warn (sm, "affinity key del failed");
pool_put_index (nam->list_pool, elt_index);
}
pool_put_index (nam->list_pool, affinity_per_service_list_head_index);
@@ -141,6 +144,7 @@ nat_affinity_find_and_lock (ip4_address_t client_addr,
ip4_address_t service_addr, u8 proto,
u16 service_port, u8 * backend_index)
{
snat_main_t *sm = &snat_main;
nat_affinity_main_t *nam = &nat_affinity_main;
clib_bihash_kv_16_8_t kv, value;
nat_affinity_t *a;
@@ -164,7 +168,7 @@ nat_affinity_find_and_lock (ip4_address_t client_addr,
pool_put_index (nam->list_pool, a->per_service_index);
pool_put_index (nam->affinity_pool, value.value);
if (clib_bihash_add_del_16_8 (&nam->affinity_hash, &kv, 0))
nat_elog_warn ("affinity key del failed");
nat_elog_warn (sm, "affinity key del failed");
rv = 1;
goto unlock;
}
@@ -180,6 +184,7 @@ unlock:
static int
affinity_is_expired_cb (clib_bihash_kv_16_8_t * kv, void *arg)
{
snat_main_t *sm = &snat_main;
nat_affinity_main_t *nam = &nat_affinity_main;
nat_affinity_t *a;
@@ -192,7 +197,7 @@ affinity_is_expired_cb (clib_bihash_kv_16_8_t * kv, void *arg)
pool_put_index (nam->list_pool, a->per_service_index);
pool_put_index (nam->affinity_pool, kv->value);
if (clib_bihash_add_del_16_8 (&nam->affinity_hash, kv, 0))
nat_elog_warn ("affinity key del failed");
nat_elog_warn (sm, "affinity key del failed");
return 1;
}
}
@@ -207,6 +212,7 @@ nat_affinity_create_and_lock (ip4_address_t client_addr,
u32 sticky_time,
u32 affinity_per_service_list_head_index)
{
snat_main_t *sm = &snat_main;
nat_affinity_main_t *nam = &nat_affinity_main;
clib_bihash_kv_16_8_t kv, value;
nat_affinity_t *a;
@@ -218,7 +224,7 @@ nat_affinity_create_and_lock (ip4_address_t client_addr,
if (!clib_bihash_search_16_8 (&nam->affinity_hash, &kv, &value))
{
rv = 1;
nat_elog_notice ("affinity key already exist");
nat_elog_notice (sm, "affinity key already exist");
goto unlock;
}
@@ -229,7 +235,7 @@ nat_affinity_create_and_lock (ip4_address_t client_addr,
affinity_is_expired_cb, NULL);
if (rv)
{
nat_elog_notice ("affinity key add failed");
nat_elog_notice (sm, "affinity key add failed");
pool_put (nam->affinity_pool, a);
goto unlock;
}
src/plugins/nat/nat_affinity.h → src/plugins/nat/nat44-ed/nat44_ed_affinity.h
+3 -3
View File
@@ -17,8 +17,8 @@
* @brief NAT plugin client-IP based session affinity for load-balancing
*/
#ifndef __included_nat_affinity_h__
#define __included_nat_affinity_h__
#ifndef __included_nat44_ed_affinity_h__
#define __included_nat44_ed_affinity_h__
#include <vnet/ip/ip.h>
#include <vppinfra/bihash_16_8.h>
@@ -141,7 +141,7 @@ void nat_affinity_unlock (ip4_address_t client_addr,
ip4_address_t service_addr, u8 proto,
u16 service_port);
#endif /* __included_nat_affinity_h__ */
#endif /* __included_nat44_ed_affinity_h__ */
/*
* fd.io coding-style-patch-verification: ON
src/plugins/nat/nat44_api.c → src/plugins/nat/nat44-ed/nat44_ed_api.c
+164 -373
View File
File diff suppressed because it is too large Load Diff
src/plugins/nat/nat44_classify.c → src/plugins/nat/nat44-ed/nat44_ed_classify.c
+4 -148
View File
@@ -20,9 +20,9 @@
#include <vlib/vlib.h>
#include <vnet/vnet.h>
#include <vnet/fib/ip4_fib.h>
#include <nat/nat.h>
#include <nat/nat_inlines.h>
#include <nat/nat44/ed_inlines.h>
#include <nat/nat44-ed/nat44_ed.h>
#include <nat/nat44-ed/nat44_ed_inlines.h>
#define foreach_nat44_classify_error \
_(NEXT_IN2OUT, "next in2out") \
@@ -37,12 +37,6 @@ typedef enum
NAT44_CLASSIFY_N_ERROR,
} nat44_classify_error_t;
static char *nat44_classify_error_strings[] = {
#define _(sym,string) string,
foreach_nat44_classify_error
#undef _
};
typedef enum
{
NAT44_CLASSIFY_NEXT_IN2OUT,
@@ -69,118 +63,13 @@ format_nat44_classify_trace (u8 * s, va_list * args)
s = format (s, "nat44-classify: fragment cached");
else
{
next = t->next_in2out ? "nat44-in2out" : "nat44-out2in";
next = t->next_in2out ? "nat44-ed-in2out" : "nat44-ed-out2in";
s = format (s, "nat44-classify: next %s", next);
}
return s;
}
static inline uword
nat44_classify_node_fn_inline (vlib_main_t * vm,
vlib_node_runtime_t * node,
vlib_frame_t * frame)
{
u32 n_left_from, *from, *to_next;
nat44_classify_next_t next_index;
snat_main_t *sm = &snat_main;
snat_static_mapping_t *m;
u32 next_in2out = 0, next_out2in = 0;
from = vlib_frame_vector_args (frame);
n_left_from = frame->n_vectors;
next_index = node->cached_next_index;
while (n_left_from > 0)
{
u32 n_left_to_next;
vlib_get_next_frame (vm, node, next_index, to_next, n_left_to_next);
while (n_left_from > 0 && n_left_to_next > 0)
{
u32 bi0;
vlib_buffer_t *b0;
u32 next0 = NAT44_CLASSIFY_NEXT_IN2OUT;
ip4_header_t *ip0;
snat_address_t *ap;
clib_bihash_kv_8_8_t kv0, value0;
/* speculatively enqueue b0 to the current next frame */
bi0 = from[0];
to_next[0] = bi0;
from += 1;
to_next += 1;
n_left_from -= 1;
n_left_to_next -= 1;
b0 = vlib_get_buffer (vm, bi0);
ip0 = vlib_buffer_get_current (b0);
/* *INDENT-OFF* */
vec_foreach (ap, sm->addresses)
{
if (ip0->dst_address.as_u32 == ap->addr.as_u32)
{
next0 = NAT44_CLASSIFY_NEXT_OUT2IN;
goto enqueue0;
}
}
/* *INDENT-ON* */
if (PREDICT_FALSE (pool_elts (sm->static_mappings)))
{
init_nat_k (&kv0, ip0->dst_address, 0, 0, 0);
/* try to classify the fragment based on IP header alone */
if (!clib_bihash_search_8_8 (&sm->static_mapping_by_external,
&kv0, &value0))
{
m = pool_elt_at_index (sm->static_mappings, value0.value);
if (m->local_addr.as_u32 != m->external_addr.as_u32)
next0 = NAT44_CLASSIFY_NEXT_OUT2IN;
goto enqueue0;
}
init_nat_k (&kv0, ip0->dst_address,
vnet_buffer (b0)->ip.reass.l4_dst_port, 0,
ip_proto_to_nat_proto (ip0->protocol));
if (!clib_bihash_search_8_8
(&sm->static_mapping_by_external, &kv0, &value0))
{
m = pool_elt_at_index (sm->static_mappings, value0.value);
if (m->local_addr.as_u32 != m->external_addr.as_u32)
next0 = NAT44_CLASSIFY_NEXT_OUT2IN;
}
}
enqueue0:
if (PREDICT_FALSE ((node->flags & VLIB_NODE_FLAG_TRACE)
&& (b0->flags & VLIB_BUFFER_IS_TRACED)))
{
nat44_classify_trace_t *t =
vlib_add_trace (vm, node, b0, sizeof (*t));
t->cached = 0;
t->next_in2out = next0 == NAT44_CLASSIFY_NEXT_IN2OUT ? 1 : 0;
}
next_in2out += next0 == NAT44_CLASSIFY_NEXT_IN2OUT;
next_out2in += next0 == NAT44_CLASSIFY_NEXT_OUT2IN;
/* verify speculative enqueue, maybe switch current next frame */
vlib_validate_buffer_enqueue_x1 (vm, node, next_index,
to_next, n_left_to_next,
bi0, next0);
}
vlib_put_next_frame (vm, node, next_index, n_left_to_next);
}
vlib_node_increment_counter (vm, node->node_index,
NAT44_CLASSIFY_ERROR_NEXT_IN2OUT, next_in2out);
vlib_node_increment_counter (vm, node->node_index,
NAT44_CLASSIFY_ERROR_NEXT_OUT2IN, next_out2in);
return frame->n_vectors;
}
static inline uword
nat44_handoff_classify_node_fn_inline (vlib_main_t * vm,
vlib_node_runtime_t * node,
@@ -222,7 +111,6 @@ nat44_handoff_classify_node_fn_inline (vlib_main_t * vm,
b0 = vlib_get_buffer (vm, bi0);
ip0 = vlib_buffer_get_current (b0);
/* *INDENT-OFF* */
vec_foreach (ap, sm->addresses)
{
if (ip0->dst_address.as_u32 == ap->addr.as_u32)
@@ -231,7 +119,6 @@ nat44_handoff_classify_node_fn_inline (vlib_main_t * vm,
goto enqueue0;
}
}
/* *INDENT-ON* */
if (PREDICT_FALSE (pool_elts (sm->static_mappings)))
{
@@ -374,7 +261,6 @@ nat44_ed_classify_node_fn_inline (vlib_main_t * vm,
/* session doesn't exist so continue in code */
}
/* *INDENT-OFF* */
vec_foreach (ap, sm->addresses)
{
if (ip0->dst_address.as_u32 == ap->addr.as_u32)
@@ -383,7 +269,6 @@ nat44_ed_classify_node_fn_inline (vlib_main_t * vm,
goto enqueue0;
}
}
/* *INDENT-ON* */
if (PREDICT_FALSE (pool_elts (sm->static_mappings)))
{
@@ -438,30 +323,6 @@ nat44_ed_classify_node_fn_inline (vlib_main_t * vm,
return frame->n_vectors;
}
VLIB_NODE_FN (nat44_classify_node) (vlib_main_t * vm,
vlib_node_runtime_t * node,
vlib_frame_t * frame)
{
return nat44_classify_node_fn_inline (vm, node, frame);
}
/* *INDENT-OFF* */
VLIB_REGISTER_NODE (nat44_classify_node) = {
.name = "nat44-classify",
.vector_size = sizeof (u32),
.format_trace = format_nat44_classify_trace,
.type = VLIB_NODE_TYPE_INTERNAL,
.n_errors = ARRAY_LEN(nat44_classify_error_strings),
.error_strings = nat44_classify_error_strings,
.n_next_nodes = NAT44_CLASSIFY_N_NEXT,
.next_nodes = {
[NAT44_CLASSIFY_NEXT_IN2OUT] = "nat44-in2out",
[NAT44_CLASSIFY_NEXT_OUT2IN] = "nat44-out2in",
[NAT44_CLASSIFY_NEXT_DROP] = "error-drop",
},
};
/* *INDENT-ON* */
VLIB_NODE_FN (nat44_ed_classify_node) (vlib_main_t * vm,
vlib_node_runtime_t * node,
vlib_frame_t * frame)
@@ -469,7 +330,6 @@ VLIB_NODE_FN (nat44_ed_classify_node) (vlib_main_t * vm,
return nat44_ed_classify_node_fn_inline (vm, node, frame);
}
/* *INDENT-OFF* */
VLIB_REGISTER_NODE (nat44_ed_classify_node) = {
.name = "nat44-ed-classify",
.vector_size = sizeof (u32),
@@ -477,7 +337,6 @@ VLIB_REGISTER_NODE (nat44_ed_classify_node) = {
.format_trace = format_nat44_classify_trace,
.type = VLIB_NODE_TYPE_INTERNAL,
};
/* *INDENT-ON* */
VLIB_NODE_FN (nat44_handoff_classify_node) (vlib_main_t * vm,
vlib_node_runtime_t * node,
@@ -486,7 +345,6 @@ VLIB_NODE_FN (nat44_handoff_classify_node) (vlib_main_t * vm,
return nat44_handoff_classify_node_fn_inline (vm, node, frame);
}
/* *INDENT-OFF* */
VLIB_REGISTER_NODE (nat44_handoff_classify_node) = {
.name = "nat44-handoff-classify",
.vector_size = sizeof (u32),
@@ -495,8 +353,6 @@ VLIB_REGISTER_NODE (nat44_handoff_classify_node) = {
.type = VLIB_NODE_TYPE_INTERNAL,
};
/* *INDENT-ON* */
/*
* fd.io coding-style-patch-verification: ON
*
src/plugins/nat/nat44_cli.c → src/plugins/nat/nat44-ed/nat44_ed_cli.c
+20 -588
View File
File diff suppressed because it is too large Load Diff
src/plugins/nat/nat_format.c → src/plugins/nat/nat44-ed/nat44_ed_format.c
+2 -45
View File
@@ -17,8 +17,8 @@
* @brief NAT formatting
*/
#include <nat/nat.h>
#include <nat/nat_inlines.h>
#include <nat/nat44-ed/nat44_ed.h>
#include <nat/nat44-ed/nat44_ed_inlines.h>
uword
unformat_nat_protocol (unformat_input_t * input, va_list * args)
@@ -171,49 +171,6 @@ format_snat_session (u8 * s, va_list * args)
s = format (s, " load-balancing\n");
if (is_twice_nat_session (sess))
s = format (s, " twice-nat\n");
return s;
}
u8 *
format_snat_user (u8 * s, va_list * args)
{
snat_main_per_thread_data_t *tsm =
va_arg (*args, snat_main_per_thread_data_t *);
snat_user_t *u = va_arg (*args, snat_user_t *);
int verbose = va_arg (*args, int);
dlist_elt_t *head, *elt;
u32 elt_index, head_index;
u32 session_index;
snat_session_t *sess;
s = format (s, "%U: %d dynamic translations, %d static translations\n",
format_ip4_address, &u->addr, u->nsessions, u->nstaticsessions);
if (verbose == 0)
return s;
if (u->nsessions || u->nstaticsessions)
{
head_index = u->sessions_per_user_list_head_index;
head = pool_elt_at_index (tsm->list_pool, head_index);
elt_index = head->next;
elt = pool_elt_at_index (tsm->list_pool, elt_index);
session_index = elt->value;
while (session_index != ~0)
{
sess = pool_elt_at_index (tsm->sessions, session_index);
s = format (s, " %U\n", format_snat_session, tsm, sess);
elt_index = elt->next;
elt = pool_elt_at_index (tsm->list_pool, elt_index);
session_index = elt->value;
}
}
return s;
}
src/plugins/nat/nat44_handoff.c → src/plugins/nat/nat44-ed/nat44_ed_handoff.c
+3 -2
View File
@@ -22,8 +22,9 @@
#include <vnet/handoff.h>
#include <vnet/fib/ip4_fib.h>
#include <vppinfra/error.h>
#include <nat/nat.h>
#include <nat/nat_inlines.h>
#include <nat/nat44-ed/nat44_ed.h>
#include <nat/nat44-ed/nat44_ed_inlines.h>
typedef struct
{
src/plugins/nat/in2out_ed.c → src/plugins/nat/nat44-ed/nat44_ed_in2out.c
+103 -55
View File
File diff suppressed because it is too large Load Diff
src/plugins/nat/nat44-ed/nat44_ed_inlines.h
+869
View File
File diff suppressed because it is too large Load Diff
src/plugins/nat/out2in_ed.c → src/plugins/nat/nat44-ed/nat44_ed_out2in.c
+45 -50
View File
@@ -24,12 +24,12 @@
#include <vnet/fib/ip4_fib.h>
#include <vnet/udp/udp_local.h>
#include <vppinfra/error.h>
#include <nat/nat.h>
#include <nat/lib/ipfix_logging.h>
#include <nat/nat_inlines.h>
#include <nat/nat44/inlines.h>
#include <nat/lib/nat_syslog.h>
#include <nat/nat44/ed_inlines.h>
#include <nat/lib/ipfix_logging.h>
#include <nat/nat44-ed/nat44_ed.h>
#include <nat/nat44-ed/nat44_ed_inlines.h>
static char *nat_out2in_ed_error_strings[] = {
#define _(sym,string) string,
@@ -243,6 +243,7 @@ nat_alloc_addr_and_port_exact (snat_address_t * a,
u16 * port,
u16 port_per_thread, u32 snat_thread_index)
{
snat_main_t *sm = &snat_main;
u32 portnum;
switch (proto)
@@ -269,8 +270,7 @@ nat_alloc_addr_and_port_exact (snat_address_t * a,
break;
foreach_nat_protocol
#undef _
default:
nat_elog_info ("unknown protocol");
default : nat_elog_info (sm, "unknown protocol");
return 1;
}
@@ -286,9 +286,10 @@ nat44_ed_alloc_outside_addr_and_port (snat_address_t *addresses, u32 fib_index,
u16 port_per_thread,
u32 snat_thread_index)
{
int i;
snat_main_t *sm = &snat_main;
snat_address_t *a, *ga = 0;
u32 portnum;
int i;
for (i = 0; i < vec_len (addresses); i++)
{
@@ -323,7 +324,7 @@ nat44_ed_alloc_outside_addr_and_port (snat_address_t *addresses, u32 fib_index,
break;
foreach_nat_protocol
#undef _
default : nat_elog_info ("unknown protocol");
default : nat_elog_info (sm, "unknown protocol");
return 1;
}
}
@@ -351,7 +352,7 @@ nat44_ed_alloc_outside_addr_and_port (snat_address_t *addresses, u32 fib_index,
break;
foreach_nat_protocol
#undef _
default : nat_elog_info ("unknown protocol");
default : nat_elog_info (sm, "unknown protocol");
return 1;
}
}
@@ -378,15 +379,15 @@ create_session_for_static_mapping_ed (
(nat44_ed_maximum_sessions_exceeded (sm, rx_fib_index, thread_index)))
{
b->error = node->errors[NAT_OUT2IN_ED_ERROR_MAX_SESSIONS_EXCEEDED];
nat_elog_notice ("maximum sessions exceeded");
nat_elog_notice (sm, "maximum sessions exceeded");
return 0;
}
s = nat_ed_session_alloc (sm, thread_index, now, nat_proto);
if (!s)
{
b->error = node->errors[NAT_OUT2IN_ED_ERROR_MAX_USER_SESS_EXCEEDED];
nat_elog_warn ("create NAT session failed");
b->error = node->errors[NAT_OUT2IN_ED_ERROR_MAX_SESSIONS_EXCEEDED];
nat_elog_warn (sm, "create NAT session failed");
return 0;
}
@@ -429,7 +430,7 @@ create_session_for_static_mapping_ed (
{
b->error = node->errors[NAT_OUT2IN_ED_ERROR_HASH_ADD_FAILED];
nat_ed_session_delete (sm, s, thread_index, 1);
nat_elog_warn ("out2in flow hash add failed");
nat_elog_warn (sm, "out2in flow hash add failed");
return 0;
}
@@ -477,7 +478,7 @@ create_session_for_static_mapping_ed (
b->error = node->errors[NAT_OUT2IN_ED_ERROR_OUT_OF_PORTS];
if (nat_ed_ses_o2i_flow_hash_add_del (sm, thread_index, s, 0))
{
nat_elog_warn ("out2in flow hash del failed");
nat_elog_warn (sm, "out2in flow hash del failed");
}
snat_free_outside_address_and_port (
sm->twice_nat_addresses, thread_index, &s->ext_host_nat_addr,
@@ -541,10 +542,10 @@ create_session_for_static_mapping_ed (
if (nat_ed_ses_i2o_flow_hash_add_del (sm, thread_index, s, 1))
{
nat_elog_notice ("in2out flow hash add failed");
nat_elog_notice (sm, "in2out flow hash add failed");
if (nat_ed_ses_o2i_flow_hash_add_del (sm, thread_index, s, 0))
{
nat_elog_warn ("out2in flow hash del failed");
nat_elog_warn (sm, "out2in flow hash del failed");
}
nat_ed_session_delete (sm, s, thread_index, 1);
return 0;
@@ -557,12 +558,11 @@ create_session_for_static_mapping_ed (
s->in2out.port,
s->out2in.port, s->in2out.fib_index);
nat_syslog_nat44_sadd (s->user_index, s->in2out.fib_index,
&s->in2out.addr, s->in2out.port,
&s->ext_host_nat_addr, s->ext_host_nat_port,
&s->out2in.addr, s->out2in.port,
&s->ext_host_addr, s->ext_host_port,
s->nat_proto, is_twice_nat_session (s));
nat_syslog_nat44_sadd (0, s->in2out.fib_index, &s->in2out.addr,
s->in2out.port, &s->ext_host_nat_addr,
s->ext_host_nat_port, &s->out2in.addr, s->out2in.port,
&s->ext_host_addr, s->ext_host_port, s->nat_proto,
is_twice_nat_session (s));
per_vrf_sessions_register_session (s, thread_index);
@@ -635,7 +635,7 @@ create_bypass_for_fwd (snat_main_t *sm, vlib_buffer_t *b, snat_session_t *s,
s = nat_ed_session_alloc (sm, thread_index, now, ip->protocol);
if (!s)
{
nat_elog_warn ("create NAT session failed");
nat_elog_warn (sm, "create NAT session failed");
return;
}
@@ -663,7 +663,7 @@ create_bypass_for_fwd (snat_main_t *sm, vlib_buffer_t *b, snat_session_t *s,
nat_6t_flow_txfib_rewrite_set (&s->i2o, rx_fib_index);
if (nat_ed_ses_i2o_flow_hash_add_del (sm, thread_index, s, 1))
{
nat_elog_notice ("in2out flow add failed");
nat_elog_notice (sm, "in2out flow add failed");
nat_ed_session_delete (sm, s, thread_index, 1);
return;
}
@@ -700,7 +700,7 @@ nat44_ed_out2in_slowpath_unknown_proto (snat_main_t *sm, vlib_buffer_t *b,
nat44_ed_maximum_sessions_exceeded (sm, rx_fib_index, thread_index)))
{
b->error = node->errors[NAT_OUT2IN_ED_ERROR_MAX_SESSIONS_EXCEEDED];
nat_elog_notice ("maximum sessions exceeded");
nat_elog_notice (sm, "maximum sessions exceeded");
return 0;
}
@@ -717,8 +717,8 @@ nat44_ed_out2in_slowpath_unknown_proto (snat_main_t *sm, vlib_buffer_t *b,
s = nat_ed_session_alloc (sm, thread_index, now, ip->protocol);
if (!s)
{
b->error = node->errors[NAT_OUT2IN_ED_ERROR_MAX_USER_SESS_EXCEEDED];
nat_elog_warn ("create NAT session failed");
b->error = node->errors[NAT_OUT2IN_ED_ERROR_MAX_SESSIONS_EXCEEDED];
nat_elog_warn (sm, "create NAT session failed");
return 0;
}
@@ -737,7 +737,7 @@ nat44_ed_out2in_slowpath_unknown_proto (snat_main_t *sm, vlib_buffer_t *b,
nat_6t_flow_saddr_rewrite_set (&s->i2o, ip->dst_address.as_u32);
if (nat_ed_ses_i2o_flow_hash_add_del (sm, thread_index, s, 1))
{
nat_elog_notice ("in2out key add failed");
nat_elog_notice (sm, "in2out key add failed");
nat_ed_session_delete (sm, s, thread_index, 1);
return NULL;
}
@@ -748,7 +748,7 @@ nat44_ed_out2in_slowpath_unknown_proto (snat_main_t *sm, vlib_buffer_t *b,
nat_6t_flow_txfib_rewrite_set (&s->o2i, m->fib_index);
if (nat_ed_ses_o2i_flow_hash_add_del (sm, thread_index, s, 1))
{
nat_elog_notice ("out2in flow hash add failed");
nat_elog_notice (sm, "out2in flow hash add failed");
nat_ed_session_delete (sm, s, thread_index, 1);
return NULL;
}
@@ -1010,7 +1010,7 @@ nat44_ed_out2in_fast_path_node_fn_inline (vlib_main_t * vm,
switch (proto0)
{
case NAT_PROTOCOL_TCP:
vlib_increment_simple_counter (&sm->counters.fastpath.out2in_ed.tcp,
vlib_increment_simple_counter (&sm->counters.fastpath.out2in.tcp,
thread_index, sw_if_index0, 1);
nat44_set_tcp_session_state_o2i (sm, now, s0,
vnet_buffer (b0)->ip.
@@ -1022,17 +1022,16 @@ nat44_ed_out2in_fast_path_node_fn_inline (vlib_main_t * vm,
thread_index);
break;
case NAT_PROTOCOL_UDP:
vlib_increment_simple_counter (&sm->counters.fastpath.out2in_ed.udp,
vlib_increment_simple_counter (&sm->counters.fastpath.out2in.udp,
thread_index, sw_if_index0, 1);
break;
case NAT_PROTOCOL_ICMP:
vlib_increment_simple_counter (&sm->counters.fastpath.out2in_ed.icmp,
vlib_increment_simple_counter (&sm->counters.fastpath.out2in.icmp,
thread_index, sw_if_index0, 1);
break;
case NAT_PROTOCOL_OTHER:
vlib_increment_simple_counter (
&sm->counters.fastpath.out2in_ed.other, thread_index, sw_if_index0,
1);
vlib_increment_simple_counter (&sm->counters.fastpath.out2in.other,
thread_index, sw_if_index0, 1);
break;
}
@@ -1071,9 +1070,8 @@ nat44_ed_out2in_fast_path_node_fn_inline (vlib_main_t * vm,
if (next[0] == NAT_NEXT_DROP)
{
vlib_increment_simple_counter (&sm->counters.fastpath.
out2in_ed.drops, thread_index,
sw_if_index0, 1);
vlib_increment_simple_counter (&sm->counters.fastpath.out2in.drops,
thread_index, sw_if_index0, 1);
}
n_left_from--;
@@ -1163,9 +1161,8 @@ nat44_ed_out2in_slow_path_node_fn_inline (vlib_main_t * vm,
goto trace0;
}
vlib_increment_simple_counter (&sm->counters.slowpath.
out2in_ed.other, thread_index,
sw_if_index0, 1);
vlib_increment_simple_counter (&sm->counters.slowpath.out2in.other,
thread_index, sw_if_index0, 1);
goto trace0;
}
@@ -1183,9 +1180,8 @@ nat44_ed_out2in_slow_path_node_fn_inline (vlib_main_t * vm,
goto trace0;
}
vlib_increment_simple_counter (&sm->counters.slowpath.
out2in_ed.icmp, thread_index,
sw_if_index0, 1);
vlib_increment_simple_counter (&sm->counters.slowpath.out2in.icmp,
thread_index, sw_if_index0, 1);
goto trace0;
}
@@ -1297,7 +1293,7 @@ nat44_ed_out2in_slow_path_node_fn_inline (vlib_main_t * vm,
if (PREDICT_TRUE (proto0 == NAT_PROTOCOL_TCP))
{
vlib_increment_simple_counter (&sm->counters.slowpath.out2in_ed.tcp,
vlib_increment_simple_counter (&sm->counters.slowpath.out2in.tcp,
thread_index, sw_if_index0, 1);
nat44_set_tcp_session_state_o2i (sm, now, s0,
vnet_buffer (b0)->ip.
@@ -1310,7 +1306,7 @@ nat44_ed_out2in_slow_path_node_fn_inline (vlib_main_t * vm,
}
else
{
vlib_increment_simple_counter (&sm->counters.slowpath.out2in_ed.udp,
vlib_increment_simple_counter (&sm->counters.slowpath.out2in.udp,
thread_index, sw_if_index0, 1);
}
@@ -1347,9 +1343,8 @@ nat44_ed_out2in_slow_path_node_fn_inline (vlib_main_t * vm,
if (next[0] == NAT_NEXT_DROP)
{
vlib_increment_simple_counter (&sm->counters.slowpath.
out2in_ed.drops, thread_index,
sw_if_index0, 1);
vlib_increment_simple_counter (&sm->counters.slowpath.out2in.drops,
thread_index, sw_if_index0, 1);
}
n_left_from--;
src/plugins/nat/nat44-ei/nat44_ei.api
+862
View File
File diff suppressed because it is too large Load Diff
src/plugins/nat/nat44-ei/nat44_ei.c
+2065 -368
View File
File diff suppressed because it is too large Load Diff
src/plugins/nat/nat44-ei/nat44_ei.h
+543 -6
View File
File diff suppressed because it is too large Load Diff
src/plugins/nat/nat44-ei/nat44_ei_api.c
+1199
View File
File diff suppressed because it is too large Load Diff
src/plugins/nat/nat44-ei/nat44_ei_cli.c
+2025
View File
File diff suppressed because it is too large Load Diff
src/plugins/nat/nat_dpo.c → src/plugins/nat/nat44-ei/nat44_ei_dpo.c
+7 -7
View File
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2017 Cisco and/or its affiliates.
* Copyright (c) 2020 Cisco and/or its affiliates.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at:
@@ -14,18 +14,18 @@
*/
#include <vnet/ip/ip.h>
#include <nat/nat_dpo.h>
#include <nat/nat44-ei/nat44_ei_dpo.h>
dpo_type_t nat_dpo_type;
void
nat_dpo_create (dpo_proto_t dproto, u32 aftr_index, dpo_id_t * dpo)
nat_dpo_create (dpo_proto_t dproto, u32 aftr_index, dpo_id_t *dpo)
{
dpo_set (dpo, nat_dpo_type, dproto, aftr_index);
}
u8 *
format_nat_dpo (u8 * s, va_list * args)
format_nat_dpo (u8 *s, va_list *args)
{
index_t index = va_arg (*args, index_t);
CLIB_UNUSED (u32 indent) = va_arg (*args, u32);
@@ -34,12 +34,12 @@ format_nat_dpo (u8 * s, va_list * args)
}
static void
nat_dpo_lock (dpo_id_t * dpo)
nat_dpo_lock (dpo_id_t *dpo)
{
}
static void
nat_dpo_unlock (dpo_id_t * dpo)
nat_dpo_unlock (dpo_id_t *dpo)
{
}
@@ -50,7 +50,7 @@ const static dpo_vft_t nat_dpo_vft = {
};
const static char *const nat_ip4_nodes[] = {
"nat44-out2in",
"nat44-ei-out2in",
NULL,
};
src/plugins/nat/nat_dpo.h → src/plugins/nat/nat44-ei/nat44_ei_dpo.h
+2 -2
View File
@@ -19,9 +19,9 @@
#include <vnet/vnet.h>
#include <vnet/dpo/dpo.h>
void nat_dpo_create (dpo_proto_t dproto, u32 aftr_index, dpo_id_t * dpo);
void nat_dpo_create (dpo_proto_t dproto, u32 aftr_index, dpo_id_t *dpo);
u8 *format_nat_dpo (u8 * s, va_list * args);
u8 *format_nat_dpo (u8 *s, va_list *args);
void nat_dpo_module_init (void);
src/plugins/nat/nat44-ei/nat44_ei_ha.c
+86 -79
View File
File diff suppressed because it is too large Load Diff

Some files were not shown because too many files have changed in this diff Show More