From 4c6fb40680cd9c3a25653197476bf0edea47902a Mon Sep 17 00:00:00 2001 From: Vladimir Jigulin Date: Thu, 19 Sep 2024 09:54:30 +0200 Subject: [PATCH] [CENNSO-1631] feat: Remove obsolete NAT patches (#52) --- .github/workflows/main.yaml | 6 +- .../0007-Controlled-CG-NAT-function.patch | 595 ------------------ ...g-if-NAT-can-t-perform-a-translation.patch | 49 -- ...-tx-vrf-as-rx-vrf-in-controlled-mode.patch | 28 - ...ndex-instead-pointer-for-nat-binding.patch | 83 --- 5 files changed, 3 insertions(+), 758 deletions(-) delete mode 100644 vpp-patches/0007-Controlled-CG-NAT-function.patch delete mode 100644 vpp-patches/0016-Add-logging-if-NAT-can-t-perform-a-translation.patch delete mode 100644 vpp-patches/0022-nat-use-tx-vrf-as-rx-vrf-in-controlled-mode.patch delete mode 100644 vpp-patches/0024-fix-use-index-instead-pointer-for-nat-binding.patch diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml index 085fbae..49edd8b 100644 --- a/.github/workflows/main.yaml +++ b/.github/workflows/main.yaml @@ -40,17 +40,17 @@ jobs: BUILD_TYPE="${{ matrix.build_type }}" hack/ci-build.sh mv /tmp/_out _out - name: Upload debs - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@v4 with: name: debs-${{ matrix.build_type }} path: _out/* - name: Upload image.txt - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@v4 with: name: image-${{ matrix.build_type }} path: image-${{ matrix.build_type }}.txt - name: Upload image.txt for the dev image - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@v4 with: name: image-dev-${{ matrix.build_type }} path: image-dev-${{ matrix.build_type }}.txt diff --git a/vpp-patches/0007-Controlled-CG-NAT-function.patch b/vpp-patches/0007-Controlled-CG-NAT-function.patch deleted file mode 100644 index c2d3548..0000000 --- a/vpp-patches/0007-Controlled-CG-NAT-function.patch +++ /dev/null @@ -1,595 +0,0 @@ -From 1bce505911734f61042a68e8879361e340b0b53f Mon Sep 17 00:00:00 2001 -From: Sergey Matov -Date: Mon, 14 Feb 2022 11:08:33 +0400 -Subject: [PATCH] Controlled CG-NAT function - ---- - src/plugins/nat/nat44-ed/nat44_ed.c | 180 ++++++++++++++++++++ - src/plugins/nat/nat44-ed/nat44_ed.h | 45 +++++ - src/plugins/nat/nat44-ed/nat44_ed_cli.c | 69 ++++++++ - src/plugins/nat/nat44-ed/nat44_ed_format.c | 28 +++ - src/plugins/nat/nat44-ed/nat44_ed_in2out.c | 75 +++++++- - src/plugins/nat/nat44-ed/nat44_ed_inlines.h | 39 +++++ - 6 files changed, 434 insertions(+), 2 deletions(-) - -diff --git a/src/plugins/nat/nat44-ed/nat44_ed.c b/src/plugins/nat/nat44-ed/nat44_ed.c -index 08e577747..18e7be6d4 100644 ---- a/src/plugins/nat/nat44-ed/nat44_ed.c -+++ b/src/plugins/nat/nat44-ed/nat44_ed.c -@@ -2428,6 +2428,7 @@ VLIB_INIT_FUNCTION (nat_init); - int - nat44_plugin_enable (nat44_config_t c) - { -+ void (*controlled_nat_report_port) (vlib_buffer_t *, u16); - snat_main_t *sm = &snat_main; - - fail_if_enabled (); -@@ -2492,12 +2493,188 @@ nat44_plugin_enable (nat44_config_t c) - } - } - -+ /* Controlled NAT settings */ -+ sm->controlled = 0; -+ controlled_nat_report_port = vlib_get_plugin_symbol -+ ("upf_plugin.so", "upf_nat_get_src_port"); -+ sm->nat44_ed_controlled_report_src_port = controlled_nat_report_port; -+ -+ clib_bihash_init_8_8 (&sm->binding_mapping_by_external, -+ "binding_mapping_by_external", -+ sm->translation_buckets, 0); -+ clib_bihash_set_kvp_format_fn_8_8 (&sm->binding_mapping_by_external, -+ format_binding_mapping_kvp); -+ - sm->enabled = 1; - sm->rconfig = c; - - return 0; - } - -+snat_binding_t * -+nat_ed_get_binding (snat_main_per_thread_data_t * tsm, ip4_address_t addr) -+{ -+ uword *p = NULL; -+ p = mhash_get (&tsm->binding_index_by_ip, &addr); -+ if (!p) -+ return NULL; -+ -+ return pool_elt_at_index (tsm->bindings, p[0]); -+} -+ -+void -+nat_ed_del_sessions_per_binding (snat_main_per_thread_data_t * tsm, -+ snat_binding_t * bn) -+{ -+ snat_main_t *sm = &snat_main; -+ snat_session_t *ses; -+ u32 *ses_idx = 0; -+ snat_binding_t *this_bn; -+ -+ vec_foreach (ses_idx, bn->bound_sessions) -+ { -+ if (pool_is_free_index (tsm->sessions, ses_idx[0])) -+ continue; -+ ses = pool_elt_at_index (tsm->sessions, ses_idx[0]); -+ this_bn = ses->binding; -+ if (!this_bn) -+ return; -+ if ((this_bn->external_addr.as_u32 == bn->external_addr.as_u32) -+ && (this_bn->framed_addr.as_u32 == bn->framed_addr.as_u32) -+ && (this_bn->start_port == bn->start_port) -+ && (this_bn->end_port == bn->end_port)) -+ { -+ nat44_ed_free_session_data (sm, ses, tsm - sm->per_thread_data, 0); -+ nat_ed_session_delete (sm, ses, tsm - sm->per_thread_data, 1); -+ } -+ } -+ -+} -+ -+int -+verify_nat_binding (snat_binding_t * bn) -+{ -+ snat_main_t *sm = &snat_main; -+ -+ clib_bihash_kv_8_8_t kv, value; -+ -+ init_binding_k (&kv, bn->external_addr, bn->start_port, bn->end_port); -+ if (!clib_bihash_search_8_8 (&sm->binding_mapping_by_external, &kv, &value)) -+ { -+ return 1; -+ } -+ return 0; -+} -+ -+u16 -+nat_ed_calc_block (ip4_address_t ext_addr, u16 start_port, u16 block_size) -+{ -+ snat_main_t *sm = &snat_main; -+ clib_bihash_kv_8_8_t kv, value; -+ u16 start, end = 0; -+ -+ start = start_port; -+ end = start + block_size - 1; -+ -+ while (end < NAT_CONTROLLED_MAX_PORT) -+ { -+ init_binding_k (&kv, ext_addr, start, end); -+ if (clib_bihash_search_8_8 -+ (&sm->binding_mapping_by_external, &kv, &value)) -+ return start; -+ -+ start += block_size; -+ end += block_size; -+ } -+ -+ return 0; -+ -+} -+ -+u16 -+nat_ed_add_binding (snat_main_per_thread_data_t * tsm, ip4_address_t user_addr, -+ ip4_address_t ext_addr, u16 min_port, u16 block_size) -+{ -+ snat_main_t *sm = &snat_main; -+ snat_binding_t *bn = NULL; -+ clib_bihash_kv_8_8_t kv; -+ u16 start_port; -+ u16 end_port; -+ uword *p = NULL; -+ -+ p = mhash_get (&tsm->binding_index_by_ip, &user_addr); -+ if (p) -+ return 0; -+ -+ start_port = nat_ed_calc_block (ext_addr, min_port, block_size); -+ -+ if (!start_port) -+ { -+ nat_log_debug ("NAT Controlled: Can't find start port for given addr %U", -+ format_ip4_address, &ext_addr); -+ return 0; -+ } -+ -+ end_port = start_port + block_size - 1; -+ -+ pool_get (tsm->bindings, bn); -+ memset (bn, 0, sizeof (*bn)); -+ bn->framed_addr = user_addr; -+ bn->external_addr = ext_addr; -+ bn->start_port = start_port; -+ bn->end_port = end_port; -+ -+ mhash_set (&tsm->binding_index_by_ip, &bn->framed_addr, bn - tsm->bindings, -+ NULL); -+ init_binding_kv (&kv, bn->external_addr, bn->start_port, bn->end_port, -+ bn - tsm->bindings); -+ clib_bihash_add_del_8_8 (&sm->binding_mapping_by_external, &kv, 1); -+ -+ return start_port; -+} -+ -+u16 -+nat_ed_create_binding (ip4_address_t user_addr, ip4_address_t ext_addr, -+ u16 min_port, u16 block_size) -+{ -+ snat_main_t *sm = &snat_main; -+ snat_main_per_thread_data_t *tsm = &sm->per_thread_data[0]; -+ u16 start_block; -+ -+ start_block = -+ nat_ed_add_binding (tsm, user_addr, ext_addr, min_port, block_size); -+ -+ return start_block; -+} -+ -+int -+nat_ed_del_binding (ip4_address_t user_addr) -+{ -+ snat_main_t *sm = &snat_main; -+ snat_main_per_thread_data_t *tsm; -+ clib_bihash_kv_8_8_t kv; -+ snat_binding_t *bn = NULL; -+ uword *p = NULL; -+ -+ vec_foreach (tsm, sm->per_thread_data) -+ { -+ p = mhash_get (&tsm->binding_index_by_ip, &user_addr); -+ if (p) -+ { -+ bn = pool_elt_at_index (tsm->bindings, p[0]); -+ nat_ed_del_sessions_per_binding (tsm, bn); -+ mhash_unset (&tsm->binding_index_by_ip, &bn->framed_addr, NULL); -+ init_binding_k (&kv, bn->external_addr, bn->start_port, bn->end_port); -+ if (clib_bihash_add_del_8_8 -+ (&sm->binding_mapping_by_external, &kv, 0)) -+ nat_log_debug ("Binding by external key del failed"); -+ vec_free (bn->bound_sessions); -+ pool_put (tsm->bindings, bn); -+ } -+ } -+ return 0; -+} -+ - int - nat44_ed_del_addresses () - { -@@ -3297,6 +3474,9 @@ nat44_ed_worker_db_init (snat_main_per_thread_data_t *tsm, u32 translations) - pool_get (tsm->lru_pool, head); - tsm->unk_proto_lru_head_index = head - tsm->lru_pool; - clib_dlist_init (tsm->lru_pool, tsm->unk_proto_lru_head_index); -+ -+ mhash_init (&tsm->binding_index_by_ip, sizeof (uword), -+ sizeof (ip4_address_t)); - } - - static void -diff --git a/src/plugins/nat/nat44-ed/nat44_ed.h b/src/plugins/nat/nat44-ed/nat44_ed.h -index 706511475..ab054c941 100644 ---- a/src/plugins/nat/nat44-ed/nat44_ed.h -+++ b/src/plugins/nat/nat44-ed/nat44_ed.h -@@ -151,6 +151,8 @@ typedef enum - NAT44_ED_TCP_N_STATE, - } nat44_ed_tcp_state_e; - -+format_function_t format_binding_key; -+format_function_t format_binding_mapping_kvp; - format_function_t format_ed_session_kvp; - format_function_t format_snat_session; - format_function_t format_snat_static_mapping; -@@ -184,6 +186,16 @@ format_function_t format_nat44_ed_tcp_state; - #define NAT_SM_FLAG_LB (1 << 7) - #define NAT_SM_FLAG_SWITCH_ADDRESS (1 << 8) - -+typedef struct -+{ -+ ip4_address_t framed_addr; -+ ip4_address_t external_addr; -+ u16 start_port; -+ u16 end_port; -+ u16 block_size; -+ u32 *bound_sessions; -+} snat_binding_t; -+ - typedef CLIB_PACKED(struct - { - // number of sessions in this vrf -@@ -337,6 +349,8 @@ typedef CLIB_PACKED(struct - u32 per_vrf_sessions_index; - - u32 thread_index; -+ snat_binding_t *binding; -+ - }) snat_session_t; - - typedef struct -@@ -471,6 +485,9 @@ typedef struct - - per_vrf_sessions_t *per_vrf_sessions_pool; - -+ mhash_t binding_index_by_ip; -+ snat_binding_t *bindings; -+ - } snat_main_per_thread_data_t; - - struct snat_main_s; -@@ -648,6 +665,14 @@ typedef struct snat_main_s - nat44_ed_tcp_state_e tcp_state_change_table[NAT44_ED_TCP_N_STATE] - [NAT44_ED_N_DIR] - [NAT44_ED_TCP_N_FLAG]; -+ /* Find a nat binding by external */ -+ clib_bihash_8_8_t binding_mapping_by_external; -+ /* UPG: Controlled NAT function */ -+ u8 controlled; -+ -+ /* Controlled NAT hook for IPFIX */ -+ void (*nat44_ed_controlled_report_src_port) (vlib_buffer_t *, u16 port); -+ - } snat_main_t; - - typedef struct -@@ -933,6 +958,26 @@ int nat44_ed_set_frame_queue_nelts (u32 frame_queue_nelts); - - void nat_6t_l3_l4_csum_calc (nat_6t_flow_t *f); - -+snat_binding_t* nat_ed_get_binding (snat_main_per_thread_data_t * tsm, -+ ip4_address_t addr); -+ -+void -+nat_ed_del_sessions_per_binding (snat_main_per_thread_data_t * tsm, -+ snat_binding_t * bn); -+ -+u16 -+nat_ed_add_binding (snat_main_per_thread_data_t * tsm, ip4_address_t user_addr, -+ ip4_address_t ext_addr, u16 start_port, u16 end_port); -+ -+#define NAT_CONTROLLED_MAX_PORT 64000 -+__clib_export int nat_ed_del_binding (ip4_address_t user_addr); -+ -+__clib_export u16 -+nat_ed_create_binding (ip4_address_t user_addr, ip4_address_t ext_addr, -+ u16 min_port, u16 block_size); -+__clib_export u16 nat_ed_calc_block (ip4_address_t ext_addr, u16 start_port, -+ u16 block_size); -+ - snat_static_mapping_t *nat44_ed_sm_i2o_lookup (snat_main_t *sm, - ip4_address_t addr, u16 port, - u32 fib_index, u8 proto); -diff --git a/src/plugins/nat/nat44-ed/nat44_ed_cli.c b/src/plugins/nat/nat44-ed/nat44_ed_cli.c -index 14313d05a..b5852fd3e 100644 ---- a/src/plugins/nat/nat44-ed/nat44_ed_cli.c -+++ b/src/plugins/nat/nat44-ed/nat44_ed_cli.c -@@ -1842,6 +1842,61 @@ done: - return error; - } - -+static clib_error_t * -+nat_controlled_set_command_fn (vlib_main_t * vm, -+ unformat_input_t * input, -+ vlib_cli_command_t * cmd) -+{ -+ snat_main_t *sm = &snat_main; -+ unformat_input_t _line_input, *line_input = &_line_input; -+ clib_error_t *error = 0; -+ -+ if (!unformat_user (input, unformat_line_input, line_input)) -+ return clib_error_return (0, "'enable' or 'disable' expected"); -+ -+ while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT) -+ { -+ if (unformat (line_input, "enable")) -+ { -+ sm->controlled = 1; -+ } -+ else if (unformat (line_input, "disable")) -+ { -+ sm->controlled = 0; -+ } -+ else -+ { -+ error = clib_error_return (0, "unknown input '%U'", -+ format_unformat_error, line_input); -+ } -+ } -+ -+ return error; -+ -+} -+ -+static clib_error_t * -+nat_show_nat_bindings_command_fn (vlib_main_t * vm, unformat_input_t * input, -+ vlib_cli_command_t * cmd) -+{ -+ snat_main_t *sm = &snat_main; -+ snat_main_per_thread_data_t *tsm = &sm->per_thread_data[0]; -+ snat_binding_t *bn; -+ -+ { -+ pool_foreach (bn, tsm->bindings) -+ { -+ vlib_cli_output (vm, " FRAMED: %U", format_ip4_address, -+ &bn->framed_addr); -+ vlib_cli_output (vm, " EXTERNAL: %U", format_ip4_address, -+ &bn->external_addr); -+ vlib_cli_output (vm, " port start %u port end %u\n", bn->start_port, -+ bn->end_port); -+ } -+ } -+ return NULL; -+} -+ - /*? - * @cliexpar - * @cliexstart{nat44} -@@ -2336,6 +2391,20 @@ VLIB_CLI_COMMAND (snat_forwarding_set_command, static) = { - .function = snat_forwarding_set_command_fn, - }; - -+/* *INDENT-OFF* */ -+VLIB_CLI_COMMAND (nat_controlled_set_command, static) = { -+ .path = "nat44 controlled", -+ .short_help = "nat44 controlled enable|disable", -+ .function = nat_controlled_set_command_fn, -+}; -+ -+VLIB_CLI_COMMAND (nat_show_nat_bindings_command, static) = { -+ .path = "show nat44 bindings", -+ .short_help = "show nat44 bindings", -+ .function = nat_show_nat_bindings_command_fn, -+}; -+/* *INDENT-ON* */ -+ - /* - * fd.io coding-style-patch-verification: ON - * -diff --git a/src/plugins/nat/nat44-ed/nat44_ed_format.c b/src/plugins/nat/nat44-ed/nat44_ed_format.c -index ee3e925e5..4a9418f52 100644 ---- a/src/plugins/nat/nat44-ed/nat44_ed_format.c -+++ b/src/plugins/nat/nat44-ed/nat44_ed_format.c -@@ -16,6 +16,34 @@ - #include - #include - -+u8 * -+format_binding_key (u8 * s, va_list * args) -+{ -+ u64 key = va_arg (*args, u64); -+ -+ ip4_address_t addr; -+ u16 s_port; -+ u16 e_port; -+ -+ split_binding_key (key, &addr, &s_port, &e_port); -+ -+ s = format (s, "%U start_port %d end_port %d", -+ format_ip4_address, &addr, -+ clib_net_to_host_u16 (s_port), clib_net_to_host_u16 (e_port)); -+ return s; -+} -+ -+u8 * -+format_binding_mapping_kvp (u8 * s, va_list * args) -+{ -+ clib_bihash_kv_8_8_t *v = va_arg (*args, clib_bihash_kv_8_8_t *); -+ -+ s = format (s, "%U binding-mapping-index %llu", -+ format_binding_key, v->key, v->value); -+ -+ return s; -+} -+ - u8 * - format_ed_session_kvp (u8 *s, va_list *args) - { -diff --git a/src/plugins/nat/nat44-ed/nat44_ed_in2out.c b/src/plugins/nat/nat44-ed/nat44_ed_in2out.c -index 4ba51bcae..76eba1616 100644 ---- a/src/plugins/nat/nat44-ed/nat44_ed_in2out.c -+++ b/src/plugins/nat/nat44-ed/nat44_ed_in2out.c -@@ -96,6 +96,62 @@ format_nat_in2out_ed_trace (u8 * s, va_list * args) - return s; - } - -+static int -+nat_controlled_alloc_addr_and_port (snat_main_t * sm, -+ u32 thread_index, u8 proto, -+ u32 snat_thread_index, snat_session_t * s, -+ ip4_address_t * outside_addr, -+ u16 * outside_port, -+ u32 buf_out_fib_index) -+{ -+ snat_main_per_thread_data_t *tsm = &sm->per_thread_data[thread_index]; -+ snat_binding_t *bn; -+ ip4_address_t ext_addr; -+ u16 start_port; -+ u16 end_port; -+ u16 attempts; -+ -+ bn = nat_ed_get_binding (tsm, s->in2out.addr); -+ -+ if (!bn) -+ { -+ return 1; -+ } -+ -+ s->out2in.fib_index = buf_out_fib_index; -+ start_port = bn->start_port; -+ end_port = bn->end_port; -+ ext_addr.as_u32 = bn->external_addr.as_u32; -+ outside_addr->as_u32 = ext_addr.as_u32; -+ -+ u16 port = clib_net_to_host_u16 (*outside_port); -+ if (port < start_port || port > end_port) -+ port = start_port; -+ attempts = end_port - start_port; -+ s->o2i.match.daddr.as_u32 = ext_addr.as_u32; -+ do -+ { -+ if (IP_PROTOCOL_ICMP == proto) -+ { -+ s->o2i.match.sport = clib_host_to_net_u16 (port); -+ } -+ s->o2i.match.dport = clib_host_to_net_u16 (port); -+ if (0 == nat_ed_ses_o2i_flow_hash_add_del (sm, thread_index, s, 2)) -+ { -+ *outside_port = clib_host_to_net_u16 (port); -+ vec_add1 (bn->bound_sessions, s - tsm->sessions); -+ s->binding = bn; -+ return 0; -+ } -+ ++port; -+ --attempts; -+ } -+ while (attempts > 0); -+ -+ /* Totally out of translations to use... */ -+ return 1; -+} -+ - static int - nat_ed_alloc_addr_and_port_with_snat_address ( - snat_main_t *sm, u8 proto, u32 thread_index, snat_address_t *a, -@@ -477,7 +533,7 @@ slow_path_ed (vlib_main_t *vm, snat_main_t *sm, vlib_buffer_t *b, - is_sm = 1; - } - -- if (PREDICT_TRUE (proto == IP_PROTOCOL_TCP)) -+ if (PREDICT_TRUE (proto == IP_PROTOCOL_TCP) && !(sm->controlled)) - { - if (PREDICT_FALSE (!tcp_flags_is_init ( - vnet_buffer (b)->ip.reass.icmp_type_or_tcp_flags))) -@@ -524,7 +580,22 @@ slow_path_ed (vlib_main_t *vm, snat_main_t *sm, vlib_buffer_t *b, - } - nat_6t_flow_txfib_rewrite_set (&s->o2i, rx_fib_index); - -- if (nat_ed_alloc_addr_and_port ( -+ if (sm->controlled) -+ { -+ if (nat_controlled_alloc_addr_and_port (sm, thread_index, proto, -+ tsm->snat_thread_index, s, -+ &outside_addr, -+ &outside_port, -+ rx_fib_index)) -+ { -+ nat_elog_notice (sm, "addresses exhausted"); -+ b->error = node->errors[NAT_IN2OUT_ED_ERROR_OUT_OF_PORTS]; -+ nat_ed_session_delete (sm, s, thread_index, 1); -+ return NAT_NEXT_DROP; -+ } -+ sm->nat44_ed_controlled_report_src_port (b, outside_port); -+ } -+ else if (nat_ed_alloc_addr_and_port ( - sm, rx_fib_index, tx_sw_if_index, proto, thread_index, l_addr, - r_addr, tsm->snat_thread_index, s, &outside_addr, &outside_port)) - { -diff --git a/src/plugins/nat/nat44-ed/nat44_ed_inlines.h b/src/plugins/nat/nat44-ed/nat44_ed_inlines.h -index 04e5236b7..da9c47f97 100644 ---- a/src/plugins/nat/nat44-ed/nat44_ed_inlines.h -+++ b/src/plugins/nat/nat44-ed/nat44_ed_inlines.h -@@ -28,6 +28,45 @@ - #include - #include - -+always_inline void -+split_binding_key (u64 key, ip4_address_t * addr, u16 * sport, u16 * eport) -+{ -+ if (addr) -+ { -+ addr->as_u32 = key >> 32; -+ } -+ if (sport) -+ { -+ *sport = (key >> 16) & (u16) ~ 0; -+ } -+ if (eport) -+ { -+ *eport = (key & ((1 << 16) - 1)); -+ } -+} -+ -+always_inline u64 -+calc_binding_key (ip4_address_t addr, u16 sport, u16 eport) -+{ -+ return (u64) addr.as_u32 << 32 | (u64) sport << 16 | (u64) eport; -+} -+ -+always_inline void -+init_binding_k (clib_bihash_kv_8_8_t * kv, ip4_address_t addr, u16 sport, -+ u16 eport) -+{ -+ kv->key = calc_binding_key (addr, sport, eport); -+ kv->value = ~0ULL; -+} -+ -+always_inline void -+init_binding_kv (clib_bihash_kv_8_8_t * kv, ip4_address_t addr, u16 sport, -+ u16 eport, u64 value) -+{ -+ init_binding_k (kv, addr, sport, eport); -+ kv->value = value; -+} -+ - always_inline void - init_ed_k (clib_bihash_kv_16_8_t *kv, u32 l_addr, u16 l_port, u32 r_addr, - u16 r_port, u32 fib_index, ip_protocol_t proto) --- -2.45.2 - diff --git a/vpp-patches/0016-Add-logging-if-NAT-can-t-perform-a-translation.patch b/vpp-patches/0016-Add-logging-if-NAT-can-t-perform-a-translation.patch deleted file mode 100644 index d91dfaa..0000000 --- a/vpp-patches/0016-Add-logging-if-NAT-can-t-perform-a-translation.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 7a8f9d2dc4e15113ebf0a35e1bcd34ecf1a2ec6f Mon Sep 17 00:00:00 2001 -From: Sergey Matov -Date: Mon, 19 Dec 2022 16:52:14 +0400 -Subject: [PATCH] Add logging if NAT can't perform a translation - ---- - src/plugins/nat/nat44-ed/nat44_ed.c | 2 +- - src/plugins/nat/nat44-ed/nat44_ed_in2out.c | 5 ++++- - 2 files changed, 5 insertions(+), 2 deletions(-) - -diff --git a/src/plugins/nat/nat44-ed/nat44_ed.c b/src/plugins/nat/nat44-ed/nat44_ed.c -index 210c85ce6..4a89cc770 100644 ---- a/src/plugins/nat/nat44-ed/nat44_ed.c -+++ b/src/plugins/nat/nat44-ed/nat44_ed.c -@@ -2351,7 +2351,7 @@ nat_init (vlib_main_t * vm) - - sm->log_level = NAT_LOG_ERROR; - -- sm->log_class = vlib_log_register_class ("nat", 0); -+ sm->log_class = vlib_log_register_class_rate_limit ("nat", 0, 1); - nat_ipfix_logging_init (vm); - - nat_init_simple_counter (sm->total_sessions, "total-sessions", -diff --git a/src/plugins/nat/nat44-ed/nat44_ed_in2out.c b/src/plugins/nat/nat44-ed/nat44_ed_in2out.c -index 76eba1616..15a276e3f 100644 ---- a/src/plugins/nat/nat44-ed/nat44_ed_in2out.c -+++ b/src/plugins/nat/nat44-ed/nat44_ed_in2out.c -@@ -149,6 +149,9 @@ nat_controlled_alloc_addr_and_port (snat_main_t * sm, - while (attempts > 0); - - /* Totally out of translations to use... */ -+ nat_log_warn ("Out of ports for binding %U:%u-%u", -+ format_ip4_address, &bn->external_addr, -+ bn->start_port, bn->end_port); - return 1; - } - -@@ -511,7 +514,7 @@ slow_path_ed (vlib_main_t *vm, snat_main_t *sm, vlib_buffer_t *b, - b->error = node->errors[NAT_IN2OUT_ED_ERROR_MAX_SESSIONS_EXCEEDED]; - nat_ipfix_logging_max_sessions (thread_index, - sm->max_translations_per_thread); -- nat_elog_notice (sm, "maximum sessions exceeded"); -+ nat_log_warn ("maximum sessions exceeded"); - return NAT_NEXT_DROP; - } - } --- -2.45.2 - diff --git a/vpp-patches/0022-nat-use-tx-vrf-as-rx-vrf-in-controlled-mode.patch b/vpp-patches/0022-nat-use-tx-vrf-as-rx-vrf-in-controlled-mode.patch deleted file mode 100644 index 3aaca5f..0000000 --- a/vpp-patches/0022-nat-use-tx-vrf-as-rx-vrf-in-controlled-mode.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 38bccc0ff93bba3e9f6516aee5ecd60664fc7d57 Mon Sep 17 00:00:00 2001 -From: Vladimir Zhigulin -Date: Tue, 28 Nov 2023 17:15:17 +0100 -Subject: [PATCH] nat: use tx vrf as rx vrf in controlled mode - ---- - src/plugins/nat/nat44-ed/nat44_ed_in2out.c | 5 ++++- - 1 file changed, 4 insertions(+), 1 deletion(-) - -diff --git a/src/plugins/nat/nat44-ed/nat44_ed_in2out.c b/src/plugins/nat/nat44-ed/nat44_ed_in2out.c -index 15a276e3f..6229aed1e 100644 ---- a/src/plugins/nat/nat44-ed/nat44_ed_in2out.c -+++ b/src/plugins/nat/nat44-ed/nat44_ed_in2out.c -@@ -549,7 +549,10 @@ slow_path_ed (vlib_main_t *vm, snat_main_t *sm, vlib_buffer_t *b, - s = nat_ed_session_alloc (sm, thread_index, now, proto); - ASSERT (s); - -- tx_fib_index = get_tx_fib_index (rx_fib_index, r_addr); -+ if (sm->controlled) -+ tx_fib_index = rx_fib_index; -+ else -+ tx_fib_index = get_tx_fib_index (rx_fib_index, r_addr); - - if (!is_sm) - { --- -2.45.2 - diff --git a/vpp-patches/0024-fix-use-index-instead-pointer-for-nat-binding.patch b/vpp-patches/0024-fix-use-index-instead-pointer-for-nat-binding.patch deleted file mode 100644 index 170c2de..0000000 --- a/vpp-patches/0024-fix-use-index-instead-pointer-for-nat-binding.patch +++ /dev/null @@ -1,83 +0,0 @@ -From 89cb24b5038cd9047ddf26e077559ca248bb33d1 Mon Sep 17 00:00:00 2001 -From: Vladimir Zhigulin -Date: Mon, 25 Mar 2024 12:43:17 +0100 -Subject: [PATCH] fix: use index instead pointer for nat binding - ---- - src/plugins/nat/nat44-ed/nat44_ed.c | 9 ++++++++- - src/plugins/nat/nat44-ed/nat44_ed.h | 2 +- - src/plugins/nat/nat44-ed/nat44_ed_in2out.c | 2 +- - src/plugins/nat/nat44-ed/nat44_ed_inlines.h | 2 ++ - 4 files changed, 12 insertions(+), 3 deletions(-) - -diff --git a/src/plugins/nat/nat44-ed/nat44_ed.c b/src/plugins/nat/nat44-ed/nat44_ed.c -index 4a89cc770..7cc39ebef 100644 ---- a/src/plugins/nat/nat44-ed/nat44_ed.c -+++ b/src/plugins/nat/nat44-ed/nat44_ed.c -@@ -2529,6 +2529,7 @@ nat_ed_del_sessions_per_binding (snat_main_per_thread_data_t * tsm, - snat_main_t *sm = &snat_main; - snat_session_t *ses; - u32 *ses_idx = 0; -+ u32 this_bn_idx; - snat_binding_t *this_bn; - - vec_foreach (ses_idx, bn->bound_sessions) -@@ -2536,9 +2537,15 @@ nat_ed_del_sessions_per_binding (snat_main_per_thread_data_t * tsm, - if (pool_is_free_index (tsm->sessions, ses_idx[0])) - continue; - ses = pool_elt_at_index (tsm->sessions, ses_idx[0]); -- this_bn = ses->binding; -+ this_bn_idx = ses->snat_binding_idx; -+ -+ if (this_bn_idx == ~0) -+ return; -+ -+ this_bn = pool_elt_at_index(tsm->bindings, this_bn_idx); - if (!this_bn) - return; -+ - if ((this_bn->external_addr.as_u32 == bn->external_addr.as_u32) - && (this_bn->framed_addr.as_u32 == bn->framed_addr.as_u32) - && (this_bn->start_port == bn->start_port) -diff --git a/src/plugins/nat/nat44-ed/nat44_ed.h b/src/plugins/nat/nat44-ed/nat44_ed.h -index ab054c941..4c252e049 100644 ---- a/src/plugins/nat/nat44-ed/nat44_ed.h -+++ b/src/plugins/nat/nat44-ed/nat44_ed.h -@@ -349,7 +349,7 @@ typedef CLIB_PACKED(struct - u32 per_vrf_sessions_index; - - u32 thread_index; -- snat_binding_t *binding; -+ u32 snat_binding_idx; - - }) snat_session_t; - -diff --git a/src/plugins/nat/nat44-ed/nat44_ed_in2out.c b/src/plugins/nat/nat44-ed/nat44_ed_in2out.c -index 6229aed1e..494a1ee9c 100644 ---- a/src/plugins/nat/nat44-ed/nat44_ed_in2out.c -+++ b/src/plugins/nat/nat44-ed/nat44_ed_in2out.c -@@ -140,7 +140,7 @@ nat_controlled_alloc_addr_and_port (snat_main_t * sm, - { - *outside_port = clib_host_to_net_u16 (port); - vec_add1 (bn->bound_sessions, s - tsm->sessions); -- s->binding = bn; -+ s->snat_binding_idx = bn - tsm->bindings; - return 0; - } - ++port; -diff --git a/src/plugins/nat/nat44-ed/nat44_ed_inlines.h b/src/plugins/nat/nat44-ed/nat44_ed_inlines.h -index da9c47f97..5a8975e9d 100644 ---- a/src/plugins/nat/nat44-ed/nat44_ed_inlines.h -+++ b/src/plugins/nat/nat44-ed/nat44_ed_inlines.h -@@ -440,6 +440,8 @@ nat_ed_session_alloc (snat_main_t *sm, u32 thread_index, f64 now, u8 proto) - #if CLIB_ASSERT_ENABLE - s->thread_index = thread_index; - #endif -+ s->snat_binding_idx = ~0; -+ - return s; - } - --- -2.45.2 -