54 tag = t->
is_slow_path ?
"NAT44_IN2OUT_SLOW_PATH" :
"NAT44_IN2OUT_FAST_PATH";
56 s =
format (s,
"%s: sw_if_index %d, next index %d, session %d", tag,
69 s =
format (s,
"NAT44_IN2OUT_FAST: sw_if_index %d, next index %d",
82 #define foreach_snat_in2out_error \ 83 _(UNSUPPORTED_PROTOCOL, "unsupported protocol") \ 84 _(IN2OUT_PACKETS, "good in2out packets processed") \ 85 _(OUT_OF_PORTS, "out of ports") \ 86 _(BAD_OUTSIDE_FIB, "outside VRF ID not found") \ 87 _(BAD_ICMP_TYPE, "unsupported ICMP type") \ 88 _(NO_TRANSLATION, "no translation") \ 89 _(MAX_SESSIONS_EXCEEDED, "maximum sessions exceeded") \ 90 _(DROP_FRAGMENT, "drop fragment") \ 91 _(MAX_REASS, "maximum reassemblies exceeded") \ 92 _(MAX_FRAG, "maximum fragments per reassembly exceeded")\ 93 _(TCP_PACKETS, "TCP packets") \ 94 _(UDP_PACKETS, "UDP packets") \ 95 _(ICMP_PACKETS, "ICMP packets") \ 96 _(OTHER_PACKETS, "other protocol packets") \ 97 _(FRAGMENTS, "fragments") \ 98 _(CACHED_FRAGMENTS, "cached fragments") \ 99 _(PROCESSED_FRAGMENTS, "processed fragments") 103 #define _(sym,str) SNAT_IN2OUT_ERROR_##sym, 110 #define _(sym,string) string, 128 u32 rx_fib_index0,
u32 thread_index)
175 if (!clib_bihash_search_8_8
184 if (!clib_bihash_search_8_8
191 if ((nat_interface_is_inside(i)) && (sw_if_index == i->sw_if_index))
207 u64 sess_timeout_time;
214 if (ctx->
now >= sess_timeout_time)
216 s_kv.
key = s->out2in.as_u64;
217 if (clib_bihash_add_del_8_8 (&tsm->
out2in, &s_kv, 0))
221 s->out2in.addr.as_u32,
225 s->in2out.fib_index);
228 &s->in2out.addr, s->in2out.port,
229 &s->out2in.addr, s->out2in.port,
248 snat_session_t ** sessionp,
252 snat_session_t *s = 0;
271 b0->
error = node->
errors[SNAT_IN2OUT_ERROR_MAX_SESSIONS_EXCEEDED];
281 (sm, *key0, &key1, 0, 0, 0, 0, 0, &identity_nat))
290 b0->
error = node->
errors[SNAT_IN2OUT_ERROR_OUT_OF_PORTS];
345 s->out2in.fib_index = outside_fib->
fib_index;
360 kv0.
key = s->in2out.as_u64;
362 if (clib_bihash_add_or_overwrite_stale_8_8
367 kv0.
key = s->out2in.as_u64;
370 if (clib_bihash_add_or_overwrite_stale_8_8
377 s->out2in.addr.as_u32,
380 s->out2in.port, s->in2out.fib_index);
383 &s->in2out.addr, s->in2out.port, &s->out2in.addr,
384 s->out2in.port, s->in2out.protocol);
393 icmp46_header_t *icmp0;
398 icmp46_header_t *inner_icmp0;
417 case SNAT_PROTOCOL_ICMP:
418 inner_icmp0 = (icmp46_header_t *) l4_header;
422 case SNAT_PROTOCOL_UDP:
423 case SNAT_PROTOCOL_TCP:
427 return SNAT_IN2OUT_ERROR_UNSUPPORTED_PROTOCOL;
453 u8 * p_dont_translate,
void *d,
void *e)
455 icmp46_header_t *icmp0;
459 snat_session_t *s0 = 0;
460 u8 dont_translate = 0;
499 ip0, SNAT_PROTOCOL_ICMP,
510 b0->
error = node->
errors[SNAT_IN2OUT_ERROR_BAD_ICMP_TYPE];
515 next0 =
slow_path (sm, b0, ip0, rx_fib_index0, &key0, &s0, node, next0,
530 icmp0->type != ICMP4_echo_reply &&
533 b0->
error = node->
errors[SNAT_IN2OUT_ERROR_BAD_ICMP_TYPE];
545 *p_value = s0->out2in;
546 *p_dont_translate = dont_translate;
548 *(snat_session_t **) d = s0;
570 u8 * p_dont_translate,
void *d,
void *e)
572 icmp46_header_t *icmp0;
577 u8 dont_translate = 0;
596 (sm, key0, &sm0, 0, &is_addr_only, 0, 0, 0, 0))
612 b0->
error = node->
errors[SNAT_IN2OUT_ERROR_NO_TRANSLATION];
618 (icmp0->type != ICMP4_echo_reply || !is_addr_only) &&
621 b0->
error = node->
errors[SNAT_IN2OUT_ERROR_BAD_ICMP_TYPE];
630 *p_dont_translate = dont_translate;
638 icmp46_header_t * icmp0,
642 u32 next0,
u32 thread_index,
void *d,
void *e)
649 icmp46_header_t *inner_icmp0;
651 u32 new_addr0, old_addr0;
652 u16 old_id0, new_id0;
653 u16 old_checksum0, new_checksum0;
661 &protocol, &sm0, &dont_translate, d,
691 if (icmp0->checksum == 0)
692 icmp0->checksum = 0xffff;
703 sum0 = icmp0->checksum;
724 sum0 = icmp0->checksum;
730 old_checksum0 = inner_ip0->
checksum;
735 new_checksum0 = inner_ip0->
checksum;
736 sum0 = icmp0->checksum;
743 case SNAT_PROTOCOL_ICMP:
744 inner_icmp0 = (icmp46_header_t *) l4_header;
751 sum0 = icmp0->checksum;
756 case SNAT_PROTOCOL_UDP:
757 case SNAT_PROTOCOL_TCP:
762 sum0 = icmp0->checksum;
788 icmp46_header_t * icmp0,
793 f64 now,
u32 thread_index, snat_session_t ** p_s0)
795 next0 =
icmp_in2out (sm, b0, ip0, icmp0, sw_if_index0, rx_fib_index0, node,
796 next0, thread_index, p_s0, 0);
797 snat_session_t *s0 = *p_s0;
818 u32 old_addr, new_addr;
852 int is_output_feature)
854 u32 n_left_from, *from, *to_next;
856 u32 pkts_processed = 0;
859 u32 stats_node_index;
861 u32 tcp_packets = 0, udp_packets = 0, icmp_packets = 0, other_packets =
871 while (n_left_from > 0)
877 while (n_left_from >= 4 && n_left_to_next >= 2)
882 u32 sw_if_index0, sw_if_index1;
885 u32 new_addr0, old_addr0, new_addr1, old_addr1;
886 u16 old_port0, new_port0, old_port1, new_port1;
889 icmp46_header_t *icmp0, *icmp1;
891 u32 rx_fib_index0, rx_fib_index1;
893 snat_session_t *s0 = 0, *s1 = 0;
895 u32 iph_offset0 = 0, iph_offset1 = 0;
912 to_next[0] = bi0 = from[0];
913 to_next[1] = bi1 = from[1];
922 if (is_output_feature)
923 iph_offset0 =
vnet_buffer (b0)->ip.save_rewrite_length;
930 icmp0 = (icmp46_header_t *) udp0;
942 ICMP4_time_exceeded_ttl_exceeded_in_transit,
956 (sm, b0, ip0, rx_fib_index0))
960 node->
errors[SNAT_IN2OUT_ERROR_UNSUPPORTED_PROTOCOL];
969 (sm, b0, ip0, icmp0, sw_if_index0, rx_fib_index0,
970 node, next0, now, thread_index, &s0);
1005 (clib_bihash_search_8_8
1011 if (is_output_feature)
1026 (sm, node, sw_if_index0, ip0, proto0,
1027 rx_fib_index0, thread_index)))
1031 next0 =
slow_path (sm, b0, ip0, rx_fib_index0, &key0,
1032 &s0, node, next0, thread_index, now);
1050 b0->
flags |= VNET_BUFFER_F_IS_NATED;
1055 if (!is_output_feature)
1066 old_port0 = tcp0->src_port;
1067 tcp0->src_port = s0->out2in.port;
1068 new_port0 = tcp0->src_port;
1070 sum0 = tcp0->checksum;
1098 && (b0->
flags & VLIB_BUFFER_IS_TRACED)))
1113 if (is_output_feature)
1114 iph_offset1 =
vnet_buffer (b1)->ip.save_rewrite_length;
1121 icmp1 = (icmp46_header_t *) udp1;
1131 ICMP4_time_exceeded_ttl_exceeded_in_transit,
1145 (sm, b1, ip1, rx_fib_index1))
1149 node->
errors[SNAT_IN2OUT_ERROR_UNSUPPORTED_PROTOCOL];
1158 (sm, b1, ip1, icmp1, sw_if_index1, rx_fib_index1, node,
1159 next1, now, thread_index, &s1);
1194 (clib_bihash_search_8_8
1200 if (is_output_feature)
1215 (sm, node, sw_if_index1, ip1, proto1,
1216 rx_fib_index1, thread_index)))
1220 next1 =
slow_path (sm, b1, ip1, rx_fib_index1, &key1,
1221 &s1, node, next1, thread_index, now);
1239 b1->
flags |= VNET_BUFFER_F_IS_NATED;
1244 if (!is_output_feature)
1255 old_port1 = tcp1->src_port;
1256 tcp1->src_port = s1->out2in.port;
1257 new_port1 = tcp1->src_port;
1259 sum1 = tcp1->checksum;
1287 && (b1->
flags & VLIB_BUFFER_IS_TRACED)))
1303 to_next, n_left_to_next,
1304 bi0, bi1, next0, next1);
1307 while (n_left_from > 0 && n_left_to_next > 0)
1315 u32 new_addr0, old_addr0;
1316 u16 old_port0, new_port0;
1319 icmp46_header_t *icmp0;
1323 snat_session_t *s0 = 0;
1325 u32 iph_offset0 = 0;
1333 n_left_to_next -= 1;
1338 if (is_output_feature)
1339 iph_offset0 =
vnet_buffer (b0)->ip.save_rewrite_length;
1346 icmp0 = (icmp46_header_t *) udp0;
1356 ICMP4_time_exceeded_ttl_exceeded_in_transit,
1370 (sm, b0, ip0, rx_fib_index0))
1374 node->
errors[SNAT_IN2OUT_ERROR_UNSUPPORTED_PROTOCOL];
1383 (sm, b0, ip0, icmp0, sw_if_index0, rx_fib_index0, node,
1384 next0, now, thread_index, &s0);
1418 if (clib_bihash_search_8_8
1423 if (is_output_feature)
1438 (sm, node, sw_if_index0, ip0, proto0,
1439 rx_fib_index0, thread_index)))
1443 next0 =
slow_path (sm, b0, ip0, rx_fib_index0, &key0,
1444 &s0, node, next0, thread_index, now);
1463 b0->
flags |= VNET_BUFFER_F_IS_NATED;
1468 if (!is_output_feature)
1479 old_port0 = tcp0->src_port;
1480 tcp0->src_port = s0->out2in.port;
1481 new_port0 = tcp0->src_port;
1483 sum0 = tcp0->checksum;
1511 && (b0->
flags & VLIB_BUFFER_IS_TRACED)))
1528 to_next, n_left_to_next,
1536 SNAT_IN2OUT_ERROR_IN2OUT_PACKETS,
1539 SNAT_IN2OUT_ERROR_TCP_PACKETS, tcp_packets);
1541 SNAT_IN2OUT_ERROR_UDP_PACKETS, tcp_packets);
1543 SNAT_IN2OUT_ERROR_ICMP_PACKETS, icmp_packets);
1545 SNAT_IN2OUT_ERROR_OTHER_PACKETS,
1548 SNAT_IN2OUT_ERROR_FRAGMENTS, fragments);
1564 .name =
"nat44-in2out",
1565 .vector_size =
sizeof (
u32),
1601 .name =
"nat44-in2out-output",
1602 .vector_size =
sizeof (
u32),
1638 .name =
"nat44-in2out-slowpath",
1639 .vector_size =
sizeof (
u32),
1676 .name =
"nat44-in2out-output-slowpath",
1677 .vector_size =
sizeof (
u32),
1706 u32 n_left_from, *from, *to_next;
1708 u32 pkts_processed = 0, cached_fragments = 0;
1714 u32 *fragments_to_drop = 0;
1715 u32 *fragments_to_loopback = 0;
1721 while (n_left_from > 0)
1727 while (n_left_from > 0 && n_left_to_next > 0)
1729 u32 bi0, sw_if_index0, proto0, rx_fib_index0, new_addr0, old_addr0;
1734 nat_reass_ip4_t *reass0;
1737 icmp46_header_t *icmp0;
1740 snat_session_t *s0 = 0;
1741 u16 old_port0, new_port0;
1750 n_left_to_next -= 1;
1763 b0->
error = node->
errors[SNAT_IN2OUT_ERROR_DROP_FRAGMENT];
1770 icmp0 = (icmp46_header_t *) udp0;
1777 1, &fragments_to_drop);
1782 b0->
error = node->
errors[SNAT_IN2OUT_ERROR_MAX_REASS];
1792 (sm, b0, ip0, icmp0, sw_if_index0, rx_fib_index0, node,
1793 next0, now, thread_index, &s0);
1798 reass0->sess_index = s0 - per_thread_data->
sessions;
1802 &fragments_to_loopback);
1814 if (clib_bihash_search_8_8
1815 (&per_thread_data->
in2out, &kv0, &value0))
1819 (sm, node, sw_if_index0, ip0, proto0, rx_fib_index0,
1823 next0 =
slow_path (sm, b0, ip0, rx_fib_index0, &key0,
1824 &s0, node, next0, thread_index, now);
1832 reass0->sess_index = s0 - per_thread_data->
sessions;
1838 reass0->sess_index = value0.
value;
1847 (reass0, bi0, &fragments_to_drop))
1849 b0->
error = node->
errors[SNAT_IN2OUT_ERROR_MAX_FRAG];
1851 (
"maximum fragments per reassembly exceeded");
1859 reass0->sess_index);
1877 old_port0 = tcp0->src_port;
1878 tcp0->src_port = s0->out2in.port;
1879 new_port0 = tcp0->src_port;
1881 sum0 = tcp0->checksum;
1900 s0->ext_host_port, proto0, 0);
1911 && (b0->
flags & VLIB_BUFFER_IS_TRACED)))
1932 to_next, n_left_to_next,
1936 if (n_left_from == 0 &&
vec_len (fragments_to_loopback))
1943 sizeof (
u32) * len);
1962 SNAT_IN2OUT_ERROR_PROCESSED_FRAGMENTS,
1965 SNAT_IN2OUT_ERROR_CACHED_FRAGMENTS,
1969 &node->
errors[SNAT_IN2OUT_ERROR_DROP_FRAGMENT],
1980 .name =
"nat44-in2out-reass",
1981 .vector_size =
sizeof (
u32),
2007 u32 n_left_from, *from, *to_next;
2009 u32 pkts_processed = 0;
2011 u32 stats_node_index;
2019 while (n_left_from > 0)
2025 while (n_left_from > 0 && n_left_to_next > 0)
2033 u32 new_addr0, old_addr0;
2034 u16 old_port0, new_port0;
2037 icmp46_header_t *icmp0;
2048 n_left_to_next -= 1;
2056 icmp0 = (icmp46_header_t *) udp0;
2066 ICMP4_time_exceeded_ttl_exceeded_in_transit,
2079 next0 =
icmp_in2out (sm, b0, ip0, icmp0, sw_if_index0,
2080 rx_fib_index0, node, next0, ~0, 0, 0);
2091 b0->
error = node->
errors[SNAT_IN2OUT_ERROR_NO_TRANSLATION];
2097 new_port0 = sm0.
port;
2112 old_port0 = tcp0->src_port;
2113 tcp0->src_port = new_port0;
2115 sum0 = tcp0->checksum;
2136 sum0 = tcp0->checksum;
2150 && (b0->
flags & VLIB_BUFFER_IS_TRACED)))
2162 to_next, n_left_to_next,
2170 SNAT_IN2OUT_ERROR_IN2OUT_PACKETS,
2179 .name =
"nat44-in2out-fast",
2180 .vector_size =
sizeof (
u32),
ip4_address_t external_addr
void nat_ipfix_logging_max_sessions(u32 limit)
Generate maximum session entries exceeded event.
fib_protocol_t fp_proto
protocol type
static ip_csum_t ip_incremental_checksum_buffer(vlib_main_t *vm, vlib_buffer_t *first_buffer, u32 first_buffer_offset, u32 n_bytes_to_checksum, ip_csum_t sum)
nat_outside_fib_t * outside_fibs
static u32 slow_path(snat_main_t *sm, vlib_buffer_t *b0, ip4_header_t *ip0, u32 rx_fib_index0, snat_session_key_t *key0, snat_session_t **sessionp, vlib_node_runtime_t *node, u32 next0, u32 thread_index, f64 now)
#define snat_is_session_static(s)
Check if SNAT session is created from static mapping.
static u8 * format_snat_in2out_trace(u8 *s, va_list *args)
static uword snat_in2out_slow_path_fn(vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame)
static int nat_not_translate_output_feature(snat_main_t *sm, ip4_header_t *ip0, u32 proto0, u16 src_port, u16 dst_port, u32 thread_index, u32 sw_if_index)
static u32 nat44_session_get_timeout(snat_main_t *sm, snat_session_t *s)
static u8 * format_snat_in2out_fast_trace(u8 *s, va_list *args)
static uword snat_in2out_node_fn_inline(vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame, int is_slow_path, int is_output_feature)
static_always_inline u8 icmp_is_error_message(icmp46_header_t *icmp)
#define clib_memcpy_fast(a, b, c)
static f64 vlib_time_now(vlib_main_t *vm)
static char * snat_in2out_error_strings[]
u32 fib_table_get_index_for_sw_if_index(fib_protocol_t proto, u32 sw_if_index)
Get the index of the FIB bound to the interface.
#define nat_log_warn(...)
u32 * fib_index_by_sw_if_index
Table index indexed by software interface.
vlib_error_t * errors
Vector of errors for this node.
static uword vlib_buffer_length_in_chain(vlib_main_t *vm, vlib_buffer_t *b)
Get length in bytes of the buffer chain.
struct _tcp_header tcp_header_t
int snat_hairpinning(snat_main_t *sm, vlib_buffer_t *b0, ip4_header_t *ip0, udp_header_t *udp0, tcp_header_t *tcp0, u32 proto0, int is_ed)
VLIB_NODE_FUNCTION_MULTIARCH(snat_in2out_node, snat_in2out_fast_path_fn)
u32 icmp_match_in2out_fast(snat_main_t *sm, vlib_node_runtime_t *node, u32 thread_index, vlib_buffer_t *b0, ip4_header_t *ip0, u8 *p_proto, snat_session_key_t *p_value, u8 *p_dont_translate, void *d, void *e)
Get address and port values to be used for ICMP packet translation.
#define vec_reset_length(v)
Reset vector length to zero NULL-pointer tolerant.
static int ip4_is_fragment(const ip4_header_t *i)
static int snat_not_translate_fast(snat_main_t *sm, vlib_node_runtime_t *node, u32 sw_if_index0, ip4_header_t *ip0, u32 proto0, u32 rx_fib_index0)
Check if packet should be translated.
static uword snat_in2out_output_slow_path_fn(vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame)
vlib_node_registration_t snat_in2out_output_slowpath_node
(constructor) VLIB_REGISTER_NODE (snat_in2out_output_slowpath_node)
u32 ip4_fib_table_get_index_for_sw_if_index(u32 sw_if_index)
#define static_always_inline
static uword ip4_header_checksum_is_valid(ip4_header_t *i)
#define pool_foreach(VAR, POOL, BODY)
Iterate through pool.
vlib_node_registration_t snat_in2out_fast_node
(constructor) VLIB_REGISTER_NODE (snat_in2out_fast_node)
static int snat_not_translate(snat_main_t *sm, vlib_node_runtime_t *node, u32 sw_if_index0, ip4_header_t *ip0, u32 proto0, u32 rx_fib_index0, u32 thread_index)
#define vlib_prefetch_buffer_header(b, type)
Prefetch buffer metadata.
#define vec_elt_at_index(v, i)
Get vector value at index i checking that i is in bounds.
Aggregrate type for a prefix.
u32 icmp_in2out(snat_main_t *sm, vlib_buffer_t *b0, ip4_header_t *ip0, icmp46_header_t *icmp0, u32 sw_if_index0, u32 rx_fib_index0, vlib_node_runtime_t *node, u32 next0, u32 thread_index, void *d, void *e)
#define NAT_REASS_FLAG_ED_DONT_TRANSLATE
static void * ip4_next_header(ip4_header_t *i)
vlib_node_registration_t snat_in2out_slowpath_node
(constructor) VLIB_REGISTER_NODE (snat_in2out_slowpath_node)
fib_node_index_t fib_table_lookup(u32 fib_index, const fib_prefix_t *prefix)
Perfom a longest prefix match in the non-forwarding table.
static u8 maximum_sessions_exceeded(snat_main_t *sm, u32 thread_index)
int snat_static_mapping_match(snat_main_t *sm, snat_session_key_t match, snat_session_key_t *mapping, u8 by_external, u8 *is_addr_only, twice_nat_type_t *twice_nat, lb_nat_type_t *lb, ip4_address_t *ext_host_addr, u8 *is_identity_nat)
Match NAT44 static mapping.
void snat_free_outside_address_and_port(snat_address_t *addresses, u32 thread_index, snat_session_key_t *k)
Free outside address and port pair.
static void nat44_delete_session(snat_main_t *sm, snat_session_t *ses, u32 thread_index)
#define foreach_snat_in2out_error
static void mss_clamping(snat_main_t *sm, tcp_header_t *tcp, ip_csum_t *sum)
int snat_alloc_outside_address_and_port(snat_address_t *addresses, u32 fib_index, u32 thread_index, snat_session_key_t *k, u16 port_per_thread, u32 snat_thread_index)
Alloc outside address and port.
snat_user_t * nat_user_get_or_create(snat_main_t *sm, ip4_address_t *addr, u32 fib_index, u32 thread_index)
Find or create NAT user.
#define pool_elt_at_index(p, i)
Returns pointer to element at given index.
static uword nat44_in2out_reass_node_fn(vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame)
static u32 icmp_in2out_slow_path(snat_main_t *sm, vlib_buffer_t *b0, ip4_header_t *ip0, icmp46_header_t *icmp0, u32 sw_if_index0, u32 rx_fib_index0, vlib_node_runtime_t *node, u32 next0, f64 now, u32 thread_index, snat_session_t **p_s0)
snat_static_mapping_t * static_mappings
static void * vlib_buffer_get_current(vlib_buffer_t *b)
Get pointer to current data to process.
void snat_ipfix_logging_nat44_ses_delete(u32 src_ip, u32 nat_src_ip, snat_protocol_t snat_proto, u16 src_port, u16 nat_src_port, u32 vrf_id)
Generate NAT44 session delete event.
void nat_syslog_nat44_apmadd(u32 ssubix, u32 sfibix, ip4_address_t *isaddr, u16 isport, ip4_address_t *xsaddr, u16 xsport, snat_protocol_t proto)
void snat_ipfix_logging_nat44_ses_create(u32 src_ip, u32 nat_src_ip, snat_protocol_t snat_proto, u16 src_port, u16 nat_src_port, u32 vrf_id)
Generate NAT44 session create event.
vl_api_address_union_t src_address
#define vlib_validate_buffer_enqueue_x2(vm, node, next_index, to_next, n_left_to_next, bi0, bi1, next0, next1)
Finish enqueueing two buffers forward in the graph.
#define vlib_validate_buffer_enqueue_x1(vm, node, next_index, to_next, n_left_to_next, bi0, next0)
Finish enqueueing one buffer forward in the graph.
#define vlib_get_next_frame(vm, node, next_index, vectors, n_vectors_left)
Get pointer to next frame vector data by (vlib_node_runtime_t, next_index).
#define nat_log_notice(...)
vlib_error_t error
Error code for buffers to be enqueued to error handler.
u32 snat_icmp_hairpinning(snat_main_t *sm, vlib_buffer_t *b0, ip4_header_t *ip0, icmp46_header_t *icmp0, int is_ed)
static void vlib_node_increment_counter(vlib_main_t *vm, u32 node_index, u32 counter_index, u64 increment)
int nat44_o2i_is_idle_session_cb(clib_bihash_kv_8_8_t *kv, void *arg)
u32 fib_entry_get_resolving_interface(fib_node_index_t entry_index)
snat_interface_t * output_feature_interfaces
The fine-grained event logger allows lightweight, thread-safe event logging at minimum cost...
static int nat_in2out_sm_unknown_proto(snat_main_t *sm, vlib_buffer_t *b, ip4_header_t *ip, u32 rx_fib_index)
vlib_node_registration_t nat44_in2out_reass_node
(constructor) VLIB_REGISTER_NODE (nat44_in2out_reass_node)
static void nat44_delete_user_with_no_session(snat_main_t *sm, snat_user_t *u, u32 thread_index)
#define VLIB_REGISTER_NODE(x,...)
u8 nat_reass_is_drop_frag(u8 is_ip6)
Get status of virtual fragmentation reassembly.
#define CLIB_PREFETCH(addr, size, type)
static uword snat_in2out_output_fast_path_fn(vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame)
vlib_node_registration_t snat_in2out_node
(constructor) VLIB_REGISTER_NODE (snat_in2out_node)
#define vec_free(V)
Free vector's memory (no header).
void icmp4_error_set_vnet_buffer(vlib_buffer_t *b, u8 type, u8 code, u32 data)
static void nat44_session_update_counters(snat_session_t *s, f64 now, uword bytes)
static uword snat_in2out_fast_static_map_fn(vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame)
u32 fib_node_index_t
A typedef of a node index.
8 octet key, 8 octet key value pair
static_always_inline snat_in2out_error_t icmp_get_key(ip4_header_t *ip0, snat_session_key_t *p_key0)
void vlib_put_next_frame(vlib_main_t *vm, vlib_node_runtime_t *r, u32 next_index, u32 n_vectors_left)
Release pointer to next frame vector data.
u32 icmp_match_in2out_slow(snat_main_t *sm, vlib_node_runtime_t *node, u32 thread_index, vlib_buffer_t *b0, ip4_header_t *ip0, u8 *p_proto, snat_session_key_t *p_value, u8 *p_dont_translate, void *d, void *e)
Get address and port values to be used for ICMP packet translation and create session if needed...
u16 cached_next_index
Next frame index that vector arguments were last enqueued to last time this node ran.
static void nat44_session_update_lru(snat_main_t *sm, snat_session_t *s, u32 thread_index)
Per-user LRU list maintenance.
void nat_syslog_nat44_apmdel(u32 ssubix, u32 sfibix, ip4_address_t *isaddr, u16 isport, ip4_address_t *xsaddr, u16 xsport, snat_protocol_t proto)
snat_session_t * nat_session_alloc_or_recycle(snat_main_t *sm, snat_user_t *u, u32 thread_index)
Allocate new NAT session or recycle last used.
static void * vlib_add_trace(vlib_main_t *vm, vlib_node_runtime_t *r, vlib_buffer_t *b, u32 n_data_bytes)
#define vec_elt(v, i)
Get vector value at index i.
struct _vlib_node_registration vlib_node_registration_t
format_function_t format_nat44_reass_trace
static int ip4_is_first_fragment(const ip4_header_t *i)
void nat_hairpinning_sm_unknown_proto(snat_main_t *sm, vlib_buffer_t *b, ip4_header_t *ip)
static u32 ip_proto_to_snat_proto(u8 ip_proto)
The NAT inline functions.
#define FIB_NODE_INDEX_INVALID
static void user_session_increment(snat_main_t *sm, snat_user_t *u, u8 is_static)
#define vec_len(v)
Number of elements in vector (rvalue-only, NULL tolerant)
snat_main_per_thread_data_t * per_thread_data
static void * vlib_frame_vector_args(vlib_frame_t *f)
Get pointer to frame vector data.
#define ip_csum_update(sum, old, new, type, field)
nat_reass_ip4_t * nat_ip4_reass_find_or_create(ip4_address_t src, ip4_address_t dst, u16 frag_id, u8 proto, u8 reset_timeout, u32 **bi_to_drop)
Find or create reassembly.
snat_address_t * addresses
static uword snat_in2out_fast_path_fn(vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame)
#define SNAT_SESSION_FLAG_STATIC_MAPPING
int nat_ip4_reass_add_fragment(nat_reass_ip4_t *reass, u32 bi, u32 **bi_to_drop)
Cache fragment.
#define vec_foreach(var, vec)
Vector iterator.
vlib_node_registration_t snat_in2out_output_node
(constructor) VLIB_REGISTER_NODE (snat_in2out_output_node)
u16 flags
Copy of main node flags.
static void nat_send_all_to_node(vlib_main_t *vm, u32 *bi_vector, vlib_node_runtime_t *node, vlib_error_t *error, u32 next)
static int ip4_header_bytes(const ip4_header_t *i)
void nat_ip4_reass_get_frags(nat_reass_ip4_t *reass, u32 **bi)
Get cached fragments.
NAT plugin virtual fragmentation reassembly.
#define VLIB_NODE_FLAG_TRACE
#define CLIB_CACHE_LINE_BYTES
u32 flags
buffer flags: VLIB_BUFFER_FREE_LIST_INDEX_MASK: bits used to store free list index, VLIB_BUFFER_IS_TRACED: trace this buffer.
int nat44_i2o_is_idle_session_cb(clib_bihash_kv_8_8_t *kv, void *arg)
snat_session_t * sessions
static vlib_buffer_t * vlib_get_buffer(vlib_main_t *vm, u32 buffer_index)
Translate buffer index into buffer pointer.
snat_icmp_match_function_t * icmp_match_in2out_cb
clib_bihash_8_8_t static_mapping_by_local
static u16 ip_csum_fold(ip_csum_t c)
void nat44_reass_hairpinning(snat_main_t *sm, vlib_buffer_t *b0, ip4_header_t *ip0, u16 sport, u16 dport, u32 proto0, int is_ed)
1.8.13