Hi,
You should go from nat44-out2in to ip4-policer-classify only if it is
configured on given interface (check if sw_if_index0 in nat44-out2in has
configured/enabled policer), I think this may be reason of ASSERT.
Matus
-----Original Message-----
From: vpp-dev@lists.fd.io <vpp-dev@lists.fd.io> On Behalf Of Raj
Sent: Wednesday, January 23, 2019 3:05 PM
To: vpp-dev@lists.fd.io
Subject: Re: [vpp-dev] Configuring NAT and Policing together
Hi Matus,
Thanks for the code fragment it helped me get a better understanding of what I
have to do, and have modified the code. But occasionally VPP hits an ASSERT at:
DBGvpp# 0: /vpp/src/vlib/node_funcs.h:296
(vlib_node_runtime_get_next_frame) assertion `next_index <
n->n_next_nodes' fails
Aborted
The approach I had followed was to get the index of policer classify node and
setting that as the next node of 'nat44-out2in'
,'nat44-out2in-reass' and 'nat44-out2in-fast'.
This is the partial diff of how we got the index of ip4-policer-classify and
setting the next node. (full diff is attached).
--- a/src/plugins/nat/out2in.c
+++ b/src/plugins/nat/out2in.c
@@ -1110,6 +1113,15 @@ snat_out2in_node_fn (vlib_main_t * vm,
proto0 = ip_proto_to_snat_proto (ip0->protocol);
+ ip4_policer_classify_node =
+ vlib_get_node_by_name (vm, (u8 *) "ip4-policer-classify");
+ if (ip4_policer_classify_node)
+ {
+ next0 = SNAT_OUT2IN_NEXT_POLICER_CLASSIFY;
+ vlib_node_add_next (vm, ip4_policer_classify_node->index,
+ next0);
+ }
+
if (PREDICT_FALSE (proto0 == ~0))
{
if (nat_out2in_sm_unknown_proto (sm, b0, ip0, rx_fib_index0))
I hope the approach followed is the correct one, but I could not figure out why
the ASSERT is happening.
Thanks and Regards,
Raj
On Tue, Jan 22, 2019 at 8:10 PM Matus Fabian -X (matfabia - PANTHEON
TECHNOLOGIES at Cisco) <matfa...@cisco.com> wrote:
>
> nat44-out2in node:
> u32 next0 = SNAT_OUT2IN_NEXT_LOOKUP;
> <...>
> vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next,
> n_left_to_next, bi0, next0);
>
> whatever you specify in VNET_FEATURE_INIT runs_before is ignored for
> nat44-out2in, normally when you want continue to nex node in feature arc you
> use vnet_feature_next(), but this is not possible in NAT (nat44-out2in is not
> always configured as interface feature, e.g. worker handoff in case of
> multithreading or combined in-out NAT interface).
>
> Matus
>
> -----Original Message-----
> From: Raj <rajlistu...@gmail.com>
> Sent: Tuesday, January 22, 2019 3:22 PM
> To: Matus Fabian -X (matfabia - PANTHEON TECHNOLOGIES at Cisco)
> <matfa...@cisco.com>
> Cc: vpp-dev@lists.fd.io
> Subject: Re: [vpp-dev] Configuring NAT and Policing together
>
> On Tue, Jan 22, 2019 at 7:44 PM Matus Fabian -X (matfabia - PANTHEON
> TECHNOLOGIES at Cisco) <matfa...@cisco.com> wrote:
> > I don't think it is working way you wanted since nat44-out2in goes directly
> > to ip4-lookup instead of continue in feature arc to ip4-policer-classify.
>
> Yes, you were right. My conclusion was premature. I still do not quite
> understand VNET_FEATURE_INIT to route the traffic the way I want. A sample
> code fragment would be very helpful.
>
> Thanks and Regards,
>
> Raj
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#11981): https://lists.fd.io/g/vpp-dev/message/11981
Mute This Topic: https://lists.fd.io/mt/29379239/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
