## VPP lb plugin NAT4 patch
1. Fixed NAT4 SNAT invalid src_port ;
2. Add NAT4 TCP SNAT support;
3. Fixed NAT4 add SNAT map with protocol 0;
this patch have test with vpp v20.05.1 and above . but not fixed NAT6
## VPP info:
```
vpp# show version
vpp v20.05.1-1~g692e862-dirty built by root on centos7-170 at
2020-08-12T00:54:00
vpp# show hardware-interfaces
Name Idx Link Hardware
TenGigabitEthernet5/0/0 1 down TenGigabitEthernet5/0/0
Link speed: unknown
Ethernet address 90:e2:ba:0a:73:0c
Intel 82599
carrier down
flags: pmd tx-offload intel-phdr-cksum rx-ip4-cksum
Devargs:
rx: queues 4 (max 128), desc 2048 (min 32 max 4096 align 8)
tx: queues 2 (max 64), desc 2048 (min 32 max 4096 align 8)
pci: device 8086:10fb subsystem 8086:7a11 address 0000:05:00.00 numa 0
max rx packet len: 15872
promiscuous: unicast off all-multicast off
vlan offload: strip off filter off qinq off
rx offload avail: vlan-strip ipv4-cksum udp-cksum tcp-cksum tcp-lro
macsec-strip vlan-filter vlan-extend jumbo-frame scatter
security keep-crc rss-hash
rx offload active: ipv4-cksum
tx offload avail: vlan-insert ipv4-cksum udp-cksum tcp-cksum sctp-cksum
tcp-tso macsec-insert multi-segs security
tx offload active: udp-cksum tcp-cksum
rss avail: ipv4-tcp ipv4-udp ipv4 ipv6-tcp-ex ipv6-udp-ex ipv6-tcp
ipv6-udp ipv6-ex ipv6
rss active: none
tx burst function: ixgbe_xmit_pkts
rx burst function: ixgbe_recv_pkts
TenGigabitEthernet5/0/1 2 down TenGigabitEthernet5/0/1
Link speed: unknown
Ethernet address 90:e2:ba:0a:73:0d
Intel 82599
carrier down
flags: pmd tx-offload intel-phdr-cksum rx-ip4-cksum
Devargs:
rx: queues 4 (max 128), desc 2048 (min 32 max 4096 align 8)
tx: queues 2 (max 64), desc 2048 (min 32 max 4096 align 8)
pci: device 8086:10fb subsystem 8086:7a11 address 0000:05:00.01 numa 0
max rx packet len: 15872
promiscuous: unicast off all-multicast off
vlan offload: strip off filter off qinq off
rx offload avail: vlan-strip ipv4-cksum udp-cksum tcp-cksum tcp-lro
macsec-strip vlan-filter vlan-extend jumbo-frame scatter
security keep-crc rss-hash
rx offload active: ipv4-cksum
tx offload avail: vlan-insert ipv4-cksum udp-cksum tcp-cksum sctp-cksum
tcp-tso macsec-insert multi-segs security
tx offload active: udp-cksum tcp-cksum
rss avail: ipv4-tcp ipv4-udp ipv4 ipv6-tcp-ex ipv6-udp-ex ipv6-tcp
ipv6-udp ipv6-ex ipv6
rss active: none
tx burst function: ixgbe_xmit_pkts
rx burst function: ixgbe_recv_pkts
local0 0 down local0
Link speed: unknown
local
```
## patch
```
diff --git a/src/plugins/lb/lb.c b/src/plugins/lb/lb.c
index ab5e808..5bec0d2 100644
--- a/src/plugins/lb/lb.c
+++ b/src/plugins/lb/lb.c
@@ -228,7 +228,7 @@ u8 *format_lb_vip_detailed (u8 * s, va_list * args)
format_white_space, indent,
(vip->encap_args.srv_type == LB_SRV_TYPE_CLUSTERIP)?"clusterip":
"nodeport",
- ntohs(vip->port), ntohs(vip->encap_args.target_port));
+ (vip->port), ntohs(vip->encap_args.target_port));
}
//Print counters
@@ -688,7 +688,7 @@ next:
clib_bihash_kv_8_8_t kv4;
m_key4.addr = as->address.ip4;
m_key4.port = vip->encap_args.target_port;
- m_key4.protocol = 0;
+ m_key4.protocol = vip->protocol;
m_key4.fib_index = 0;
if (vip->encap_args.srv_type == LB_SRV_TYPE_CLUSTERIP)
diff --git a/src/plugins/lb/node.c b/src/plugins/lb/node.c
index a2c35bd..85a0552 100644
--- a/src/plugins/lb/node.c
+++ b/src/plugins/lb/node.c
@@ -495,7 +495,15 @@ lb_node_fn (vlib_main_t * vm,
csum, lbm->ass[asindex0].address.ip4.as_u32);
uh->checksum = ip_csum_fold (csum);
}
- else
+ else if (ip40->protocol == IP_PROTOCOL_TCP)
+ {
+ tcp_header_t *th0;
+ th0 = (tcp_header_t *)(ip40 + 1);
+ th0->dst_port = vip0->encap_args.target_port;
+ th0->checksum = 0;
+ th0->checksum = ip4_tcp_udp_compute_checksum (vm, p0,
ip40);
+ }
+ else
{
asindex0 = 0;
}
@@ -792,7 +800,8 @@ lb_nat_in2out_node_fn (vlib_main_t * vm,
vlib_node_runtime_t * node,
ip40 = vlib_buffer_get_current (b0);
udp0 = ip4_next_header (ip40);
tcp0 = (tcp_header_t *) udp0;
- proto0 = lb_ip_proto_to_nat_proto (ip40->protocol);
+ //proto0 = lb_ip_proto_to_nat_proto (ip40->protocol);
+ proto0 = ip40->protocol;
key40.addr = ip40->src_address;
key40.protocol = proto0;
@@ -807,7 +816,7 @@ lb_nat_in2out_node_fn (vlib_main_t * vm,
vlib_node_runtime_t * node,
sm40 = pool_elt_at_index(lbm->snat_mappings, index40);
new_addr0 = sm40->src_ip.ip4.as_u32;
- new_port0 = sm40->src_port;
+ new_port0 = clib_host_to_net_u16(sm40->src_port);
vnet_buffer(b0)->sw_if_index[VLIB_TX] = sm40->fib_index;
old_addr0 = ip40->src_address.as_u32;
ip40->src_address.as_u32 = new_addr0;
```
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#18589): https://lists.fd.io/g/vpp-dev/message/18589
Mute This Topic: https://lists.fd.io/mt/80073171/21656
Mute #lb:https://lists.fd.io/g/vpp-dev/mutehashtag/lb
Mute #vpp:https://lists.fd.io/g/vpp-dev/mutehashtag/vpp
Mute #nat:https://lists.fd.io/g/vpp-dev/mutehashtag/nat
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
