From 644cf51c8eaeedb4f45642ad85b60f1ee44d9a8a Mon Sep 17 00:00:00 2001 From: Vladimir Zhigulin Date: Fri, 9 Feb 2024 01:51:51 +0100 Subject: [PATCH] do not send ipfix record without port --- upf/upf.h | 1 + upf/upf_classify.c | 8 ++++---- upf/upf_forward.c | 6 +----- upf/upf_ipfix.c | 3 +++ upf/upf_pfcp_api.c | 10 +++------- 5 files changed, 12 insertions(+), 16 deletions(-) diff --git a/upf/upf.h b/upf/upf.h index 5ceaf56..1196d40 100644 --- a/upf/upf.h +++ b/upf/upf.h @@ -481,6 +481,7 @@ typedef struct #define FAR_BUFFER 0x0004 #define FAR_NOTIFY_CP 0x0008 #define FAR_DUPLICATE 0x0010 +#define FAR_NAT 0x8000 union { diff --git a/upf/upf_classify.c b/upf/upf_classify.c index 3f92a92..dd2227a 100644 --- a/upf/upf_classify.c +++ b/upf/upf_classify.c @@ -428,15 +428,16 @@ upf_acl_classify_return (vlib_main_t *vm, u32 teid, flow_entry_t *flow, return next; } -// returns direction which has upload direction +// returns uplink traffic direction, or FLOW_ENTRY_UPLINK_DIRECTION_UNDEFINED +// if impossible to detect always_inline flow_direction_t upf_classify_detect_flow_direction (vlib_buffer_t *b, struct rules *r, flow_direction_t direction, bool *found) { // Here we rely on the fact that interface of type ACCESS is one which // directed to UE - // TODO: it should be possible save this value per PDR since it has this - // values available + // TODO: it should be possible to calculate and save this value per PDR + // during session creation/modification *found = false; @@ -584,7 +585,6 @@ upf_classify_fn (vlib_main_t *vm, vlib_node_runtime_t *node, next = upf_acl_classify_forward ( vm, upf_buffer_opaque (b)->gtpu.teid, flow, active, is_ip4, &upf_buffer_opaque (b)->gtpu.pdr_idx); - if (reclassify_proxy_flow) /* for app detection */ { if (upf_buffer_opaque (b)->gtpu.is_proxied) diff --git a/upf/upf_forward.c b/upf/upf_forward.c index 2499532..3a70f2b 100644 --- a/upf/upf_forward.c +++ b/upf/upf_forward.c @@ -230,11 +230,7 @@ upf_forward (vlib_main_t *vm, vlib_node_runtime_t *node, const char *node_name, &vnet_buffer (b)->sw_if_index[VLIB_RX], &vnet_buffer (b)->sw_if_index[VLIB_TX]); } - vnet_buffer (b)->sw_if_index[VLIB_TX] = - (upf_main.nwis + far->forward.nwi_index) - ->fib_index[is_ip4 ? FIB_PROTOCOL_IP4 : - FIB_PROTOCOL_IP6]; - next = UPF_FORWARD_NEXT_IP_LOOKUP; + next = UPF_FORWARD_NEXT_IP_INPUT; /* * Forwarding Policy can override the normal FAR processing diff --git a/upf/upf_ipfix.c b/upf/upf_ipfix.c index 536feba..1527083 100644 --- a/upf/upf_ipfix.c +++ b/upf/upf_ipfix.c @@ -435,6 +435,9 @@ upf_ipfix_flow_init (flow_entry_t *f) if (!up_far) return false; + if (up_far->apply_action & FAR_NAT && f->nat_sport == 0) + return false; + if (pool_is_free_index (gtm->nwis, up_far->forward.nwi_index)) return false; diff --git a/upf/upf_pfcp_api.c b/upf/upf_pfcp_api.c index 161c11a..95c78a3 100644 --- a/upf/upf_pfcp_api.c +++ b/upf/upf_pfcp_api.c @@ -1494,6 +1494,7 @@ handle_create_far (upf_session_t *sx, pfcp_ie_create_far_t *create_far, vec_dup (far->forwarding_parameters.nat_port_block); rc = handle_nat_binding_creation (sx, pool_name, response); vec_free (pool_name); + create->apply_action |= FAR_NAT; if (rc) { far_error (response, far, @@ -1571,14 +1572,9 @@ handle_create_far (upf_session_t *sx, pfcp_ie_create_far_t *create_far, } if (ISSET_BIT (far->grp.fields, CREATE_FAR_TP_IPFIX_POLICY)) - { - create->ipfix_policy = - upf_ipfix_lookup_policy (far->ipfix_policy, 0); - } + create->ipfix_policy = upf_ipfix_lookup_policy (far->ipfix_policy, 0); else - { - create->ipfix_policy = UPF_IPFIX_POLICY_UNSPECIFIED; - } + create->ipfix_policy = UPF_IPFIX_POLICY_UNSPECIFIED; } pfcp_sort_fars (rules);