From b227aa699faabd79d6f3e8c43c0a912086b0c95e Mon Sep 17 00:00:00 2001 From: Filip Varga Date: Mon, 2 Nov 2020 12:11:12 +0100 Subject: nat: api,cli and test update & cleanup Cleanup of print functions in api file, splitting functionality of cleanup callbacks for ED and EI NAT. Updating and fixing API & CLI calls. Type: refactor Change-Id: I7a9dc4c8b1d2ca29db4754be7dfa4f698942127a Signed-off-by: Filip Varga --- src/plugins/nat/CMakeLists.txt | 11 +- src/plugins/nat/nat.api | 1136 ------------------ src/plugins/nat/nat.c | 543 ++++----- src/plugins/nat/nat.h | 71 +- src/plugins/nat/nat44.api | 1188 +++++++++++++++++++ src/plugins/nat/nat44/inlines.h | 73 -- src/plugins/nat/nat44_api.c | 1708 +++++++++++++++++++++++++++ src/plugins/nat/nat44_cli.c | 4 +- src/plugins/nat/nat_all_api_h.h | 24 - src/plugins/nat/nat_api.c | 2422 --------------------------------------- src/plugins/nat/nat_msg_enum.h | 31 - src/plugins/nat/nat_test.c | 1017 ---------------- 12 files changed, 3208 insertions(+), 5020 deletions(-) delete mode 100644 src/plugins/nat/nat.api create mode 100644 src/plugins/nat/nat44.api create mode 100644 src/plugins/nat/nat44_api.c delete mode 100644 src/plugins/nat/nat_all_api_h.h delete mode 100644 src/plugins/nat/nat_api.c delete mode 100644 src/plugins/nat/nat_msg_enum.h delete mode 100644 src/plugins/nat/nat_test.c diff --git a/src/plugins/nat/CMakeLists.txt b/src/plugins/nat/CMakeLists.txt index 47a84cb830b..054ad687f75 100644 --- a/src/plugins/nat/CMakeLists.txt +++ b/src/plugins/nat/CMakeLists.txt @@ -26,7 +26,7 @@ add_vpp_library(nat add_vpp_plugin(nat SOURCES nat.c - nat_api.c + nat44_api.c in2out.c in2out_ed.c out2in.c @@ -51,16 +51,9 @@ add_vpp_plugin(nat out2in_ed.c API_FILES - nat.api + nat44.api nat_types.api - API_TEST_SOURCES - nat_test.c - - INSTALL_HEADERS - nat_all_api_h.h - nat_msg_enum.h - LINK_LIBRARIES nat ) diff --git a/src/plugins/nat/nat.api b/src/plugins/nat/nat.api deleted file mode 100644 index 753cfdfc9be..00000000000 --- a/src/plugins/nat/nat.api +++ /dev/null @@ -1,1136 +0,0 @@ -/* - * Copyright (c) 2016 Cisco and/or its affiliates. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at: - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -option version = "5.2.0"; -import "vnet/ip/ip_types.api"; -import "vnet/interface_types.api"; -import "plugins/nat/nat_types.api"; - -/** - * @file nat.api - * @brief VPP control-plane API messages. - * - * This file defines VPP control-plane API messages which are generally - * called through a shared memory interface. - */ - -/* - * Common NAT plugin APIs - */ - -enum nat44_config_flags : u8 -{ - NAT44_IS_ENDPOINT_INDEPENDENT = 0x00, - NAT44_IS_ENDPOINT_DEPENDENT = 0x01, - NAT44_IS_STATIC_MAPPING_ONLY = 0x02, - NAT44_IS_CONNECTION_TRACKING = 0x04, - NAT44_IS_OUT2IN_DPO = 0x08, -}; - -/** \brief Enable/disable NAT44 plugin - @param client_index - opaque cookie to identify the sender - @param context - sender context, to match reply w/ request - @param inside_vrf - inside vrf id - @param outside_vrf - outside vrf id - @param users - maximum number of users per thread - (NAT44_IS_ENDPOINT_INDEPENDENT) - @param user_memory - overwrite hash allocation parameter - (NAT44_IS_ENDPOINT_INDEPENDENT) - @param sessions - maximum number of sessions per thread - @param session_memory - overwrite hash allocation parameter - @param user_sessions - maximum number of sessions per user - (NAT44_IS_ENDPOINT_INDEPENDENT) - @param enable - true if enable, false if disable - @param flags - flag NAT44_IS_ENDPOINT_INDEPENDENT, - NAT44_IS_ENDPOINT_DEPENDENT, - NAT44_IS_STATIC_MAPPING_ONLY, - NAT44_IS_CONNECTION_TRACKING, - NAT44_IS_OUT2IN_DPO -*/ -autoreply define nat44_plugin_enable_disable { - u32 client_index; - u32 context; - u32 inside_vrf; - u32 outside_vrf; - u32 users; - u32 user_memory; - u32 sessions; - u32 session_memory; - u32 user_sessions; - bool enable; - vl_api_nat44_config_flags_t flags; -}; - -/** \brief Control ping from client to api server request - @param client_index - opaque cookie to identify the sender - @param context - sender context, to match reply w/ request -*/ -define nat_control_ping -{ - u32 client_index; - u32 context; -}; - -/** \brief Control ping from the client to the server response - @param client_index - opaque cookie to identify the sender - @param context - sender context, to match reply w/ request - @param retval - return code for the request - @param vpe_pid - the pid of the vpe, returned by the server -*/ -define nat_control_ping_reply -{ - u32 context; - i32 retval; - u32 client_index; - u32 vpe_pid; -}; - -/** \brief Show NAT plugin startup config - @param client_index - opaque cookie to identify the sender - @param context - sender context, to match reply w/ request -*/ -define nat_show_config -{ - option deprecated; - u32 client_index; - u32 context; -}; - -/** \brief DEPRECATED: Show NAT plugin startup config reply - @param context - sender context, to match reply w/ request - @param retval - return code for the request - @param static_mapping_only - if true dynamic translations disabled - @param static_mapping_connection_tracking - if true create session data - @param deterministic - if true deterministic mapping - @param endpoint_dependent - if true endpoint-dependent mode - @param out2in_dpo - if true out2in dpo mode - @param dslite_ce - if true DS-Lite is CE/B4 element, if false AFTR elemet - @param translation_buckets - number of translation hash buckets - @param translation_memory_size - translation hash memory size - @param user_buckets - number of user hash buckets - @param user_memory_size - user hash memory size - @param max_translations_per_user - maximum number of translations per user - @param outside_vrf_id - outside VRF id - @param inside_vrf_id - default inside VRF id - @param nat64_bib_buckets - number of NAT64 BIB hash buckets - @param nat64_bib_memory_size - memory size of NAT64 BIB hash - @param nat64_st_buckets - number of NAT64 session table hash buckets - @param nat64_st_memory_size - memory size of NAT64 session table hash -*/ -define nat_show_config_reply -{ - option deprecated; - u32 context; - i32 retval; - bool static_mapping_only; - bool static_mapping_connection_tracking; - bool deterministic; - bool endpoint_dependent; - bool out2in_dpo; - bool dslite_ce; - u32 translation_buckets; - u32 translation_memory_size; - u32 user_buckets; - u64 user_memory_size; - u32 max_translations_per_user; - u32 outside_vrf_id; - u32 inside_vrf_id; - u32 nat64_bib_buckets; - u64 nat64_bib_memory_size; - u32 nat64_st_buckets; - u64 nat64_st_memory_size; -}; - -/** \brief Show NAT plugin startup config - @param client_index - opaque cookie to identify the sender - @param context - sender context, to match reply w/ request -*/ -define nat_show_config_2 -{ - option deprecated; - u32 client_index; - u32 context; -}; - -/** \brief Show NAT plugin startup config reply - @param context - sender context, to match reply w/ request - @param retval - return code for the request - @param static_mapping_only - if true dynamic translations disabled - @param static_mapping_connection_tracking - if true create session data - @param deterministic - if true deterministic mapping - @param endpoint_dependent - if true endpoint-dependent mode - @param out2in_dpo - if true out2in dpo mode - @param dslite_ce - if true DS-Lite is CE/B4 element, if false AFTR elemet - @param translation_buckets - number of translation hash buckets - @param translation_memory_size - translation hash memory size - @param user_buckets - number of user hash buckets - @param user_memory_size - user hash memory size - @param max_translations_per_user - maximum number of translations per user - @param outside_vrf_id - outside VRF id - @param inside_vrf_id - default inside VRF id - @param nat64_bib_buckets - number of NAT64 BIB hash buckets - @param nat64_bib_memory_size - memory size of NAT64 BIB hash - @param nat64_st_buckets - number of NAT64 session table hash buckets - @param nat64_st_memory_size - memory size of NAT64 session table hash - @param max_translations_per_thread - max translations per worker thread - @param max_users_per_thread - max users per worker thread -*/ -define nat_show_config_2_reply -{ - option deprecated; - u32 context; - i32 retval; - bool static_mapping_only; - bool static_mapping_connection_tracking; - bool deterministic; - bool endpoint_dependent; - bool out2in_dpo; - bool dslite_ce; - u32 translation_buckets; - u64 translation_memory_size; - u32 user_buckets; - u64 user_memory_size; - u32 max_translations_per_user; - u32 outside_vrf_id; - u32 inside_vrf_id; - u32 nat64_bib_buckets; - u64 nat64_bib_memory_size; - u32 nat64_st_buckets; - u64 nat64_st_memory_size; - u32 max_translations_per_thread; - u32 max_users_per_thread; -}; - -enum nat_log_level : u8 -{ - NAT_LOG_NONE = 0x00, - NAT_LOG_ERROR = 0x01, - NAT_LOG_WARNING = 0x02, - NAT_LOG_NOTICE = 0x03, - NAT_LOG_INFO = 0x04, - NAT_LOG_DEBUG = 0x05, -}; - -/** \brief Run nat44 garbage collection - @param client_index - opaque cookie to identify the sender - @param context - sender context, to match reply w/ request -*/ -autoreply define nat44_session_cleanup { - u32 client_index; - u32 context; -}; - -/** \brief NAT44 set session limit - @param client_index - opaque cookie to identify the sender - @param context - sender context, to match reply w/ request - @param session_limit - session limit - @param vrf_id - vrf id -*/ -autoreply define nat44_set_session_limit { - u32 client_index; - u32 context; - u32 session_limit; - u32 vrf_id; -}; - -/** \brief Set NAT logging level - @param client_index - opaque cookie to identify the sender - @param context - sender context, to match reply w/ request - @param log_level - logging level -*/ -autoreply define nat_set_log_level { - u32 client_index; - u32 context; - vl_api_nat_log_level_t log_level; -}; - -/** \brief Set NAT workers - @param client_index - opaque cookie to identify the sender - @param context - sender context, to match reply w/ request - @param worker_mask - NAT workers mask -*/ -autoreply define nat_set_workers { - u32 client_index; - u32 context; - u64 worker_mask; -}; - -/** \brief Dump NAT workers - @param client_index - opaque cookie to identify the sender - @param context - sender context, to match reply w/ request -*/ -define nat_worker_dump { - u32 client_index; - u32 context; -}; - -/** \brief NAT workers details response - @param context - sender context, to match reply w/ request - @param worker_index - worker index - @param lcore_id - lcore ID - @param name - worker name -*/ -define nat_worker_details { - u32 context; - u32 worker_index; - u32 lcore_id; - string name[64]; -}; - -/** \brief Enable/disable NAT IPFIX logging - @param client_index - opaque cookie to identify the sender - @param context - sender context, to match reply w/ request - @param domain_id - observation domain ID - @param src_port - source port number - @param enable - true if enable, false if disable -*/ -autoreply define nat_ipfix_enable_disable { - u32 client_index; - u32 context; - u32 domain_id; - u16 src_port; - bool enable; -}; - -/** \brief Set values of timeouts for NAT sessions (seconds) - @param client_index - opaque cookie to identify the sender - @param context - sender context, to match reply w/ request - @param udp - UDP timeout (default 300sec) - @param tcp_established - TCP established timeout (default 7440sec) - @param tcp_transitory - TCP transitory timeout (default 240sec) - @param icmp - ICMP timeout (default 60sec) -*/ -autoreply define nat_set_timeouts { - u32 client_index; - u32 context; - u32 udp; - u32 tcp_established; - u32 tcp_transitory; - u32 icmp; -}; - -/** \brief Get values of timeouts for NAT sessions (seconds) - @param client_index - opaque cookie to identify the sender - @param context - sender context, to match reply w/ request -*/ -define nat_get_timeouts { - u32 client_index; - u32 context; -}; - -/** \brief Get values of timeouts for NAT sessions reply - @param context - sender context, to match reply w/ request - @param retval - return code - @param udp - UDP timeout - @param tcp_established - TCP established timeout - @param tcp_transitory - TCP transitory timeout - @param icmp - ICMP timeout -*/ -define nat_get_timeouts_reply { - u32 context; - i32 retval; - u32 udp; - u32 tcp_established; - u32 tcp_transitory; - u32 icmp; -}; - -/** \brief Set address and port assignment algorithm - @param client_index - opaque cookie to identify the sender - @param context - sender context, to match reply w/ request - @param alg - address and port assignment algorithm: - 0 - default, 1 - MAP-E, 2 - port range - (see nat_addr_and_port_alloc_alg_t in nat.h) - @param psid_offset - number of offset bits (valid only for MAP-E alg) - @param psid_length - length of PSID (valid only for MAP-E alg) - @param psid - Port Set Identifier (PSID) value (valid only for MAP-E alg) - @param start_port - beginning of the port range - @param end_port - end of the port range -*/ -autoreply define nat_set_addr_and_port_alloc_alg { - u32 client_index; - u32 context; - u8 alg; - u8 psid_offset; - u8 psid_length; - u16 psid; - u16 start_port; - u16 end_port; -}; - -/** \brief Get address and port assignment algorithm - @param client_index - opaque cookie to identify the sender - @param context - sender context, to match reply w/ request -*/ -define nat_get_addr_and_port_alloc_alg { - u32 client_index; - u32 context; -}; - -/** \brief Get address and port assignment algorithm reply - @param context - sender context, to match reply w/ request - @param retval - return code - @param alg - address and port assignment algorithm: - 0 - default, 1 - MAP-E, 2 - port range - (see nat_addr_and_port_alloc_alg_t in nat.h) - @param psid_offset - number of offset bits (valid only for MAP-E alg) - @param psid_length - length of PSID (valid only for MAP-E alg) - @param psid - Port Set Identifier (PSID) value (valid only for MAP-E alg) - @param start_port - beginning of the port range - @param end_port - end of the port range -*/ -define nat_get_addr_and_port_alloc_alg_reply { - u32 context; - i32 retval; - u8 alg; - u8 psid_offset; - u8 psid_length; - u16 psid; - u16 start_port; - u16 end_port; -}; - -/** \brief Set TCP MSS rewriting configuration - @param client_index - opaque cookie to identify the sender - @param context - sender context, to match reply w/ request - @param mss_value - MSS value to be used for MSS rewriting - @param enable - if true enable MSS rewriting feature else disable -*/ -autoreply define nat_set_mss_clamping { - u32 client_index; - u32 context; - u16 mss_value; - bool enable; -}; - -/** \brief Get TCP MSS rewriting configuration - @param client_index - opaque cookie to identify the sender - @param context - sender context, to match reply w/ request -*/ -define nat_get_mss_clamping { - u32 client_index; - u32 context; -}; - -/** \brief Get TCP MSS rewriting configuration reply - @param context - sender context, to match reply w/ request - @param retval - return code - @param mss_value - MSS value to be used for MSS rewriting - @param enable - if true enable MSS rewriting feature else disable -*/ -define nat_get_mss_clamping_reply { - u32 context; - i32 retval; - u16 mss_value; - bool enable; -}; - -/** \brief Set HA listener (local settings) - @param client_index - opaque cookie to identify the sender - @param context - sender context, to match reply w/ request - @param ip_address - local IP4 address - @param port - local UDP port number - @param path_mtu - path MTU between local and failover -*/ -autoreply define nat_ha_set_listener { - u32 client_index; - u32 context; - vl_api_ip4_address_t ip_address; - u16 port; - u32 path_mtu; -}; - -/** \brief Set HA failover (remote settings) - @param client_index - opaque cookie to identify the sender - @param context - sender context, to match reply w/ request - @param ip_address - failover IP4 address - @param port - failvoer UDP port number - @param session_refresh_interval - number of seconds after which to send - session counters refresh -*/ -autoreply define nat_ha_set_failover { - u32 client_index; - u32 context; - vl_api_ip4_address_t ip_address; - u16 port; - u32 session_refresh_interval; -}; - -/** \brief Get HA listener/local configuration - @param client_index - opaque cookie to identify the sender - @param context - sender context, to match reply w/ request -*/ -define nat_ha_get_listener { - u32 client_index; - u32 context; -}; - -/** \brief Get HA listener/local configuration reply - @param context - sender context, to match reply w/ request - @param retval - return code - @param ip_address - local IP4 address - @param port - local UDP port number - @param path_mtu - Path MTU between local and failover -*/ -define nat_ha_get_listener_reply { - u32 context; - i32 retval; - vl_api_ip4_address_t ip_address; - u16 port; - u32 path_mtu; -}; - -/** \brief Get HA failover/remote settings - @param client_index - opaque cookie to identify the sender - @param context - sender context, to match reply w/ request -*/ -define nat_ha_get_failover { - u32 client_index; - u32 context; -}; - -/** \brief Get HA failover/remote settings reply - @param context - sender context, to match reply w/ request - @param retval - return code - @param ip_address - failover IP4 address - @param port - failvoer UDP port number - @param session_refresh_interval - number of seconds after which to send - session counters refresh -*/ -define nat_ha_get_failover_reply { - u32 context; - i32 retval; - vl_api_ip4_address_t ip_address; - u16 port; - u32 session_refresh_interval; -}; - -/** \brief Flush the current HA data (for testing) - @param client_index - opaque cookie to identify the sender - @param context - sender context, to match reply w/ request -*/ -autoreply define nat_ha_flush { - u32 client_index; - u32 context; -}; - -/** \brief Resync HA (resend existing sessions to new failover) - @param client_index - opaque cookie to identify the sender - @param context - sender context, to match reply w/ request - @param want_resync_event - resync completed event sent to the sender via - nat_ha_resync_completed_event API message if - non-zero - @param pid - sender's pid -*/ -autoreply define nat_ha_resync -{ - u32 client_index; - u32 context; - u8 want_resync_event; - u32 pid; -}; - -/** \brief Tell client about a HA resync completion event - @param client_index - opaque cookie to identify the sender - @param pid - client pid registered to receive notification - @param missed_count - number of missed (not ACKed) messages -*/ -define nat_ha_resync_completed_event -{ - u32 client_index; - u32 pid; - u32 missed_count; -}; - -service { - rpc nat_ha_resync returns nat_ha_resync_reply events nat_ha_resync_completed_event; -}; - -/* - * NAT44 APIs - */ - -/** \brief Del NAT44 user - @param client_index - opaque cookie to identify the sender - @param context - sender context, to match reply w/ request - @param ip_address - IPv4 address - @param fib_index - FIB index -*/ -autoreply define nat44_del_user { - u32 client_index; - u32 context; - vl_api_ip4_address_t ip_address; - u32 fib_index; -}; - -/** \brief Add/del NAT44 address range - @param client_index - opaque cookie to identify the sender - @param context - sender context, to match reply w/ request - @param first_ip_address - first IPv4 address - @param last_ip_address - last IPv4 address - @param vrf_id - VRF id of tenant, ~0 means independent of VRF - @param is_add - true if add, false if delete - @param flags - flag NAT_IS_TWICE_NAT if NAT address range for external hosts - -*/ -autoreply define nat44_add_del_address_range { - u32 client_index; - u32 context; - vl_api_ip4_address_t first_ip_address; - vl_api_ip4_address_t last_ip_address; - u32 vrf_id; - bool is_add; - vl_api_nat_config_flags_t flags; -}; - -/** \brief Dump NAT44 addresses - @param client_index - opaque cookie to identify the sender - @param context - sender context, to match reply w/ request -*/ -define nat44_address_dump { - u32 client_index; - u32 context; -}; - -/** \brief NAT44 address details response - @param context - sender context, to match reply w/ request - @param ip_address - IPv4 address - @param flags - flag NAT_IS_TWICE_NAT if NAT address range for external hosts - @param vrf_id - VRF id of tenant, ~0 means independent of VRF -*/ -define nat44_address_details { - u32 context; - vl_api_ip4_address_t ip_address; - vl_api_nat_config_flags_t flags; - u32 vrf_id; -}; - -/** \brief Enable/disable NAT44 feature on the interface - @param client_index - opaque cookie to identify the sender - @param context - sender context, to match reply w/ request - @param is_add - true if add, false if delete - @param flags - flag NAT_IS_INSIDE if interface is inside else - interface is outside - @param sw_if_index - software index of the interface -*/ -autoreply define nat44_interface_add_del_feature { - u32 client_index; - u32 context; - bool is_add; - vl_api_nat_config_flags_t flags; - vl_api_interface_index_t sw_if_index; -}; - -/** \brief Dump interfaces with NAT44 feature - @param client_index - opaque cookie to identify the sender - @param context - sender context, to match reply w/ request -*/ -define nat44_interface_dump { - u32 client_index; - u32 context; -}; - -/** \brief NAT44 interface details response - @param context - sender context, to match reply w/ request - @param sw_if_index - software index of the interface - @param flags - flag NAT_IS_INSIDE if interface is inside, - flag NAT_IS_OUTSIDE if interface is outside - and if both flags are set the interface is - both inside and outside -*/ -define nat44_interface_details { - u32 context; - vl_api_nat_config_flags_t flags; - vl_api_interface_index_t sw_if_index; -}; - -/** \brief Enable/disbale NAT44 as an interface output feature (postrouting - in2out translation) - @param client_index - opaque cookie to identify the sender - @param context - sender context, to match reply w/ request - @param is_add - true if add, false if delete - @param flags - flag NAT_IS_INSIDE if interface is inside else - interface is outside - @param sw_if_index - software index of the interface -*/ -autoreply define nat44_interface_add_del_output_feature { - u32 client_index; - u32 context; - bool is_add; - vl_api_nat_config_flags_t flags; - vl_api_interface_index_t sw_if_index; -}; - -/** \brief Dump interfaces with NAT44 output feature - @param client_index - opaque cookie to identify the sender - @param context - sender context, to match reply w/ request -*/ -define nat44_interface_output_feature_dump { - u32 client_index; - u32 context; -}; - -/** \brief NAT44 interface with output feature details response - @param context - sender context, to match reply w/ request - @param flags - flag NAT_IS_INSIDE if interface is inside else - interface is outside - @param sw_if_index - software index of the interface -*/ -define nat44_interface_output_feature_details { - u32 context; - vl_api_nat_config_flags_t flags; - vl_api_interface_index_t sw_if_index; -}; - -/** \brief Add/delete NAT44 static mapping - @param client_index - opaque cookie to identify the sender - @param context - sender context, to match reply w/ request - @param is_add - true if add, false if delete - @param flags - flag NAT_IS_ADDR_ONLY if address only mapping, - flag nat_is_twice_nat if nat address range for external hosts, - flag NAT_IS_SELF_TWICE_NAT if translate external host address - and port whenever external host address equals local - address of internal host, - flag NAT_IS_OUT2IN_ONLY if rule match only out2in direction - @param local_ip_address - local IPv4 address - @param external_ip_address - external IPv4 address - @param protocol - IP protocol, used only if addr_only=0 - @param local_port - local port number, used only if addr_only=0 - @param external_port - external port number, used only if addr_only=0 - @param external_sw_if_index - external interface (if set - external_ip_address is ignored, ~0 means not - used) - @param vfr_id - VRF ID - @param tag - opaque string tag -*/ -autoreply define nat44_add_del_static_mapping { - u32 client_index; - u32 context; - bool is_add; - vl_api_nat_config_flags_t flags; - vl_api_ip4_address_t local_ip_address; - vl_api_ip4_address_t external_ip_address; - u8 protocol; - u16 local_port; - u16 external_port; - vl_api_interface_index_t external_sw_if_index; - u32 vrf_id; - string tag[64]; -}; - -/** \brief Add/delete NAT44 static mapping - @param client_index - opaque cookie to identify the sender - @param context - sender context, to match reply w/ request - @param is_add - true if add, false if delete - @param match_pool - true if use specific pool_ip_address - @param flags - flag NAT_IS_ADDR_ONLY if address only mapping, - flag nat_is_twice_nat if nat address range for external hosts, - flag NAT_IS_SELF_TWICE_NAT if translate external host address - and port whenever external host address equals local - address of internal host, - flag NAT_IS_OUT2IN_ONLY if rule match only out2in direction - @param pool_ip_address - pool IPv4 address to match with pool - @param local_ip_address - local IPv4 address - @param external_ip_address - external IPv4 address - @param protocol - IP protocol, used only if addr_only=0 - @param local_port - local port number, used only if addr_only=0 - @param external_port - external port number, used only if addr_only=0 - @param external_sw_if_index - external interface (if set - external_ip_address is ignored, ~0 means not - used) - @param vfr_id - VRF ID - @param tag - opaque string tag -*/ -autoreply define nat44_add_del_static_mapping_v2 { - option status="in_progress"; - u32 client_index; - u32 context; - bool is_add; - bool match_pool; - vl_api_nat_config_flags_t flags; - vl_api_ip4_address_t pool_ip_address; - vl_api_ip4_address_t local_ip_address; - vl_api_ip4_address_t external_ip_address; - u8 protocol; - u16 local_port; - u16 external_port; - vl_api_interface_index_t external_sw_if_index; - u32 vrf_id; - string tag[64]; -}; - -/** \brief Dump NAT44 static mappings - @param client_index - opaque cookie to identify the sender - @param context - sender context, to match reply w/ request -*/ -define nat44_static_mapping_dump { - u32 client_index; - u32 context; -}; - -/** \brief NAT44 static mapping details response - @param context - sender context, to match reply w/ request - @param flags - flag NAT_ADDR_ONLY if address only mapping, - flag NAT_TWICE_NAT if NAT address range for external hosts, - flag NAT_SELF_TWICE_NAT if translate external host address - and port whenever external host address equals local - address of internal host, - flag NAT_OUT2IN_ONLY if rule match only out2in direction - @param local_ip_address - local IPv4 address - @param external_ip_address - external IPv4 address - @param protocol - IP protocol, valid only if no NAT_ADDR_ONLY flag - @param local_port - local port number, valid only if no NAT_ADDR_ONLY flag - @param external_port - external port number, valid only if no NAT_ADDR_ONLY flag - @param external_sw_if_index - external interface - @param vfr_id - VRF ID - @param tag - opaque string tag -*/ -define nat44_static_mapping_details { - u32 context; - vl_api_nat_config_flags_t flags; - vl_api_ip4_address_t local_ip_address; - vl_api_ip4_address_t external_ip_address; - u8 protocol; - u16 local_port; - u16 external_port; - vl_api_interface_index_t external_sw_if_index; - u32 vrf_id; - string tag[64]; -}; - -/** \brief Add/delete NAT44 identity mapping - @param client_index - opaque cookie to identify the sender - @param context - sender context, to match reply w/ request - @param is_add - true if add, false if delete - @param flags - flag NAT_ADDR_ONLY if address only mapping - @param ip_address - IPv4 address - @param protocol - IP protocol - @param port - port number - @param sw_if_index - interface (if set ip_address is ignored, ~0 means not - used) - @param vfr_id - VRF ID (if ~0 use default VRF) - @param tag - opaque string tag -*/ -autoreply define nat44_add_del_identity_mapping { - u32 client_index; - u32 context; - bool is_add; - vl_api_nat_config_flags_t flags; - vl_api_ip4_address_t ip_address; - u8 protocol; - u16 port; - vl_api_interface_index_t sw_if_index; - u32 vrf_id; - string tag[64]; -}; - -/** \brief Dump NAT44 identity mappings - @param client_index - opaque cookie to identify the sender - @param context - sender context, to match reply w/ request -*/ -define nat44_identity_mapping_dump { - u32 client_index; - u32 context; -}; - -/** \brief NAT44 identity mapping details response - @param context - sender context, to match reply w/ request - @param flags - flag NAT_ADDR_ONLY if address only mapping - @param ip_address - IPv4 address - @param protocol - IP protocol - @param port - port number - @param sw_if_index - interface - @param vfr_id - VRF ID - @param tag - opaque string tag -*/ -define nat44_identity_mapping_details { - u32 context; - vl_api_nat_config_flags_t flags; - vl_api_ip4_address_t ip_address; - u8 protocol; - u16 port; - vl_api_interface_index_t sw_if_index; - u32 vrf_id; - string tag[64]; -}; - -/** \brief Add/delete NAT44 pool address from specific interfce - @param client_index - opaque cookie to identify the sender - @param context - sender context, to match reply w/ request - @param is_add - true if add, false if delete - @param sw_if_index - software index of the interface - @param flags - flag NAT_TWICE_NAT if NAT address range for external hosts -*/ -autoreply define nat44_add_del_interface_addr { - u32 client_index; - u32 context; - bool is_add; - vl_api_interface_index_t sw_if_index; - vl_api_nat_config_flags_t flags; -}; - -/** \brief Dump NAT44 pool addresses interfaces - @param client_index - opaque cookie to identify the sender - @param context - sender context, to match reply w/ request -*/ -define nat44_interface_addr_dump { - u32 client_index; - u32 context; -}; - -/** \brief NAT44 pool addresses interfaces details response - @param context - sender context, to match reply w/ request - @param sw_if_index - software index of the interface - @param flags - flag NAT_TWICE_NAT if NAT address range for external hosts - -*/ -define nat44_interface_addr_details { - u32 context; - vl_api_interface_index_t sw_if_index; - vl_api_nat_config_flags_t flags; -}; - -/** \brief Dump NAT44 users - @param client_index - opaque cookie to identify the sender - @param context - sender context, to match reply w/ request -*/ -define nat44_user_dump { - u32 client_index; - u32 context; -}; - -/** \brief NAT44 users response - @param context - sender context, to match reply w/ request - @vrf_id - VRF ID - @param ip_address - IPv4 address - @param nsessions - number of dynamic sessions - @param nstaticsessions - number of static sessions -*/ -define nat44_user_details { - u32 context; - u32 vrf_id; - vl_api_ip4_address_t ip_address; - u32 nsessions; - u32 nstaticsessions; -}; - -/** \brief NAT44 user's sessions - @param client_index - opaque cookie to identify the sender - @param context - sender context, to match reply w/ request - @param ip_address - IPv4 address of the user to dump - @param vrf_id - VRF_ID -*/ -define nat44_user_session_dump { - u32 client_index; - u32 context; - vl_api_ip4_address_t ip_address; - u32 vrf_id; -}; - -/** \brief NAT44 user's sessions response - @param context - sender context, to match reply w/ request - @param outside_ip_address - outside IPv4 address - @param outside_port - outside port - @param inside_ip_address - inside IPv4 address - @param inside_port - inside port - @param protocol - protocol - @param flags - flag NAT_IS_STATIC if session is static, - flag NAT_IS_TWICE_NAT if session is twice-nat, - flag NAT_IS_EXT_HOST_VALID if external host address - and port are valid - @param last_heard - last heard timer - @param total_bytes - count of bytes sent through session - @param total_pkts - count of pakets sent through session - @param ext_host_address - external host IPv4 address - @param ext_host_port - external host port - @param ext_host_nat_address - post-NAT external host IPv4 address (valid - only if twice-nat session) - @param ext_host_nat_port - post-NAT external host port (valid only if - twice-nat session) -*/ -define nat44_user_session_details { - u32 context; - vl_api_ip4_address_t outside_ip_address; - u16 outside_port; - vl_api_ip4_address_t inside_ip_address; - u16 inside_port; - u16 protocol; - vl_api_nat_config_flags_t flags; - u64 last_heard; - u64 total_bytes; - u32 total_pkts; - vl_api_ip4_address_t ext_host_address; - u16 ext_host_port; - vl_api_ip4_address_t ext_host_nat_address; - u16 ext_host_nat_port; -}; - -/** \brief NAT44 load-balancing address and port pair - @param addr - IPv4 address of the internal node - @param port - L4 port number of the internal node - @param probability - probability of the internal node to be randomly matched - @param vrf_id - VRF id -*/ -typedef nat44_lb_addr_port { - vl_api_ip4_address_t addr; - u16 port; - u8 probability; - u32 vrf_id; -}; - -/** \brief Add/delete NAT44 load-balancing static mapping rule - @param client_index - opaque cookie to identify the sender - @param context - sender context, to match reply w/ request - @param is_add - true if add, false if delete - @param flags - flag NAT_TWICE_NAT if NAT address range for external hosts, - flag NAT_SELF_TWICE_NAT if translate external host address - and port whenever external host address equals local - address of internal host, - flag NAT_OUT2IN_ONLY if rule match only out2in direction - @param external_addr - external IPv4 address of the service - @param external_port - external L4 port number of the service - @param protocol - IP protocol number of the service - @param affinity - if 0 disabled, otherwise client IP affinity sticky time - in seconds - @param local_num - number of local network nodes - @param locals - local network nodes - @param tag - opaque string tag -*/ -autoreply manual_endian define nat44_add_del_lb_static_mapping { - u32 client_index; - u32 context; - bool is_add; - vl_api_nat_config_flags_t flags; - vl_api_ip4_address_t external_addr; - u16 external_port; - u8 protocol; - u32 affinity; - string tag[64]; - u32 local_num; - vl_api_nat44_lb_addr_port_t locals[local_num]; -}; - -/** \brief Add/delete NAT44 load-balancing static mapping rule backend - @param client_index - opaque cookie to identify the sender - @param context - sender context, to match reply w/ request - @param is_add - true if add, false if delete - @param external_addr - external IPv4 address of the service - @param external_port - external L4 port number of the service - @param protocol - IP protocol number of the service - @param local - local network node -*/ -autoreply define nat44_lb_static_mapping_add_del_local { - u32 client_index; - u32 context; - bool is_add; - vl_api_ip4_address_t external_addr; - u16 external_port; - u8 protocol; - vl_api_nat44_lb_addr_port_t local; -}; - -/** \brief Dump NAT44 load-balancing static mapping rules - @param client_index - opaque cookie to identify the sender - @param context - sender context, to match reply w/ request -*/ -define nat44_lb_static_mapping_dump { - u32 client_index; - u32 context; -}; - -/** \brief NAT44 load-balancing static mapping rule details response - @param context - sender context, to match reply w/ request - @param external_addr - external IPv4 address of the service - @param external_port - external L4 port number of the service - @param protocol - IP protocol number of the service - @param flags - flag NAT_TWICE_NAT if NAT address range for external hosts, - flag NAT_SELF_TWICE_NAT if translate external host address - and port whenever external host address equals local - address of internal host, - flag NAT_OUT2IN_ONLY if rule match only out2in direction - @param affinity - if 0 disabled, otherwise client IP affinity sticky time - in seconds - @param local_num - number of local network nodes - @param locals - local network nodes - @param tag - opaque string tag -*/ -manual_endian define nat44_lb_static_mapping_details { - u32 context; - vl_api_ip4_address_t external_addr; - u16 external_port; - u8 protocol; - vl_api_nat_config_flags_t flags; - u32 affinity; - string tag[64]; - u32 local_num; - vl_api_nat44_lb_addr_port_t locals[local_num]; -}; - -/** \brief Delete NAT44 session - @param client_index - opaque cookie to identify the sender - @param context - sender context, to match reply w/ request - @param ip_address - IPv4 address - @param protocol - IP protocol - @param port - port number - @param vfr_id - VRF ID - @param flags - flag NAT_IS_INSIDE if interface is inside or - interface is outside, - flag NAT_IS_EXT_HOST_VALID if external host address and - port are valid - @param ext_host_address - external host IPv4 address - @param ext_host_port - external host port -*/ -autoreply define nat44_del_session { - u32 client_index; - u32 context; - vl_api_ip4_address_t address; - u8 protocol; - u16 port; - u32 vrf_id; - vl_api_nat_config_flags_t flags; - vl_api_ip4_address_t ext_host_address; - u16 ext_host_port; -}; - -/** \brief Enable/disable forwarding for NAT44 - Forward packets which don't match existing translation - or static mapping instead of dropping them. - @param client_index - opaque cookie to identify the sender - @param context - sender context, to match reply w/ request - @param enable - true for enable, false for disable -*/ -autoreply define nat44_forwarding_enable_disable { - u32 client_index; - u32 context; - bool enable; -}; - -/** \brief Check if forwarding is enabled or disabled - @param client_index - opaque cookie to identify the sender - @param context - sender context, to match reply w/ request -*/ -define nat44_forwarding_is_enabled { - u32 client_index; - u32 context; -}; - -/** \brief Response to check if forwarding is enabled or disabled - @param context - sender context, to match reply w/ request - @param enabled - true if enabled, false if disabled -*/ -define nat44_forwarding_is_enabled_reply { - u32 context; - bool enabled; -}; diff --git a/src/plugins/nat/nat.c b/src/plugins/nat/nat.c index b60014d085e..39dd1db650a 100644 --- a/src/plugins/nat/nat.c +++ b/src/plugins/nat/nat.c @@ -38,9 +38,6 @@ snat_main_t snat_main; -fib_source_t nat_fib_src_hi; -fib_source_t nat_fib_src_low; - /* *INDENT-OFF* */ /* Hook up input features */ VNET_FEATURE_INIT (nat_pre_in2out, static) = { @@ -200,49 +197,180 @@ snat_get_worker_in2out_cb (ip4_header_t * ip0, u32 rx_fib_index0, static u32 nat_calc_bihash_buckets (u32 n_elts); -u8 *format_static_mapping_kvp (u8 * s, va_list * args); +u8 * +format_session_kvp (u8 * s, va_list * args) +{ + clib_bihash_kv_8_8_t *v = va_arg (*args, clib_bihash_kv_8_8_t *); -u8 *format_ed_session_kvp (u8 * s, va_list * args); + s = format (s, "%U session-index %llu", format_snat_key, v->key, v->value); -void -nat_ha_sadd_cb (ip4_address_t * in_addr, u16 in_port, - ip4_address_t * out_addr, u16 out_port, - ip4_address_t * eh_addr, u16 eh_port, - ip4_address_t * ehn_addr, u16 ehn_port, u8 proto, - u32 fib_index, u16 flags, u32 thread_index); + return s; +} -void -nat_ha_sdel_cb (ip4_address_t * out_addr, u16 out_port, - ip4_address_t * eh_addr, u16 eh_port, u8 proto, u32 fib_index, - u32 ti); +u8 * +format_static_mapping_kvp (u8 * s, va_list * args) +{ + clib_bihash_kv_8_8_t *v = va_arg (*args, clib_bihash_kv_8_8_t *); -void -nat_ha_sref_cb (ip4_address_t * out_addr, u16 out_port, - ip4_address_t * eh_addr, u16 eh_port, u8 proto, u32 fib_index, - u32 total_pkts, u64 total_bytes, u32 thread_index); + s = format (s, "%U static-mapping-index %llu", + format_snat_key, v->key, v->value); -void -nat_ha_sadd_ed_cb (ip4_address_t * in_addr, u16 in_port, - ip4_address_t * out_addr, u16 out_port, - ip4_address_t * eh_addr, u16 eh_port, - ip4_address_t * ehn_addr, u16 ehn_port, u8 proto, - u32 fib_index, u16 flags, u32 thread_index); + return s; +} -void -nat_ha_sdel_ed_cb (ip4_address_t * out_addr, u16 out_port, - ip4_address_t * eh_addr, u16 eh_port, u8 proto, - u32 fib_index, u32 ti); +u8 * +format_user_kvp (u8 * s, va_list * args) +{ + clib_bihash_kv_8_8_t *v = va_arg (*args, clib_bihash_kv_8_8_t *); + snat_user_key_t k; -void -nat_ha_sdel_ed_cb (ip4_address_t * out_addr, u16 out_port, - ip4_address_t * eh_addr, u16 eh_port, u8 proto, - u32 fib_index, u32 ti); + k.as_u64 = v->key; + + s = format (s, "%U fib %d user-index %llu", format_ip4_address, &k.addr, + k.fib_index, v->value); + + return s; +} + +u8 * +format_ed_session_kvp (u8 * s, va_list * args) +{ + clib_bihash_kv_16_8_t *v = va_arg (*args, clib_bihash_kv_16_8_t *); + + u8 proto; + u16 r_port, l_port; + ip4_address_t l_addr, r_addr; + u32 fib_index; + + split_ed_kv (v, &l_addr, &r_addr, &proto, &fib_index, &l_port, &r_port); + s = + format (s, + "local %U:%d remote %U:%d proto %U fib %d thread-index %u session-index %u", + format_ip4_address, &l_addr, clib_net_to_host_u16 (l_port), + format_ip4_address, &r_addr, clib_net_to_host_u16 (r_port), + format_ip_protocol, proto, fib_index, + ed_value_get_session_index (v), ed_value_get_thread_index (v)); + + return s; +} void -nat_ha_sref_ed_cb (ip4_address_t * out_addr, u16 out_port, - ip4_address_t * eh_addr, u16 eh_port, u8 proto, - u32 fib_index, u32 total_pkts, u64 total_bytes, - u32 thread_index); +nat44_ei_free_session_data (snat_main_t * sm, snat_session_t * s, + u32 thread_index, u8 is_ha) +{ + clib_bihash_kv_8_8_t kv; + + snat_main_per_thread_data_t *tsm = + vec_elt_at_index (sm->per_thread_data, thread_index); + + init_nat_i2o_k (&kv, s); + if (clib_bihash_add_del_8_8 (&tsm->in2out, &kv, 0)) + nat_elog_warn ("in2out key del failed"); + + init_nat_o2i_k (&kv, s); + if (clib_bihash_add_del_8_8 (&tsm->out2in, &kv, 0)) + nat_elog_warn ("out2in key del failed"); + + if (!is_ha) + { + nat_syslog_nat44_apmdel (s->user_index, s->in2out.fib_index, + &s->in2out.addr, s->in2out.port, + &s->out2in.addr, s->out2in.port, s->nat_proto); + + nat_ipfix_logging_nat44_ses_delete (thread_index, + s->in2out.addr.as_u32, + s->out2in.addr.as_u32, + s->nat_proto, + s->in2out.port, + s->out2in.port, + s->in2out.fib_index); + + nat_ha_sdel (&s->out2in.addr, s->out2in.port, &s->ext_host_addr, + s->ext_host_port, s->nat_proto, s->out2in.fib_index, + thread_index); + + } + + if (snat_is_session_static (s)) + return; + + snat_free_outside_address_and_port (sm->addresses, thread_index, + &s->out2in.addr, s->out2in.port, + s->nat_proto); +} + +static_always_inline void +nat44_ei_user_del_sessions (snat_user_t * u, u32 thread_index) +{ + dlist_elt_t *elt; + snat_session_t *s; + + snat_main_t *sm = &snat_main; + snat_main_per_thread_data_t *tsm = &sm->per_thread_data[thread_index]; + + // get head + elt = pool_elt_at_index (tsm->list_pool, + u->sessions_per_user_list_head_index); + // get first element + elt = pool_elt_at_index (tsm->list_pool, elt->next); + + while (elt->value != ~0) + { + s = pool_elt_at_index (tsm->sessions, elt->value); + elt = pool_elt_at_index (tsm->list_pool, elt->next); + + nat44_ei_free_session_data (sm, s, thread_index, 0); + nat44_delete_session (sm, s, thread_index); + } +} + +int +nat44_ei_user_del (ip4_address_t * addr, u32 fib_index) +{ + int rv = 1; + + snat_main_t *sm = &snat_main; + snat_main_per_thread_data_t *tsm; + + snat_user_key_t user_key; + clib_bihash_kv_8_8_t kv, value; + + if (sm->endpoint_dependent) + return rv; + + user_key.addr.as_u32 = addr->as_u32; + user_key.fib_index = fib_index; + kv.key = user_key.as_u64; + + if (sm->num_workers > 1) + { + /* *INDENT-OFF* */ + vec_foreach (tsm, sm->per_thread_data) + { + if (!clib_bihash_search_8_8 (&tsm->user_hash, &kv, &value)) + { + nat44_ei_user_del_sessions ( + pool_elt_at_index (tsm->users, value.value), + tsm->thread_index); + rv = 0; + break; + } + } + /* *INDENT-ON* */ + } + else + { + tsm = vec_elt_at_index (sm->per_thread_data, sm->num_workers); + if (!clib_bihash_search_8_8 (&tsm->user_hash, &kv, &value)) + { + nat44_ei_user_del_sessions (pool_elt_at_index + (tsm->users, value.value), + tsm->thread_index); + rv = 0; + } + } + return rv; +} void nat_free_session_data (snat_main_t * sm, snat_session_t * s, u32 thread_index, @@ -382,129 +510,6 @@ nat_free_session_data (snat_main_t * sm, snat_session_t * s, u32 thread_index, s->nat_proto); } -void -nat44_free_session_data (snat_main_t * sm, snat_session_t * s, - u32 thread_index, u8 is_ha) -{ - u8 proto; - u16 r_port, l_port; - ip4_address_t *l_addr, *r_addr; - u32 fib_index; - clib_bihash_kv_16_8_t ed_kv; - snat_main_per_thread_data_t *tsm = - vec_elt_at_index (sm->per_thread_data, thread_index); - - if (is_fwd_bypass_session (s)) - { - if (snat_is_unk_proto_session (s)) - { - proto = s->in2out.port; - r_port = 0; - l_port = 0; - } - else - { - proto = nat_proto_to_ip_proto (s->nat_proto); - l_port = s->in2out.port; - r_port = s->ext_host_port; - } - - l_addr = &s->in2out.addr; - r_addr = &s->ext_host_addr; - fib_index = 0; - init_ed_k (&ed_kv, *l_addr, l_port, *r_addr, r_port, fib_index, proto); - - if (PREDICT_FALSE - (clib_bihash_add_del_16_8 (&tsm->in2out_ed, &ed_kv, 0))) - nat_elog_warn ("in2out_ed key del failed"); - return; - } - - /* session lookup tables */ - if (is_affinity_sessions (s)) - nat_affinity_unlock (s->ext_host_addr, s->out2in.addr, - s->nat_proto, s->out2in.port); - l_addr = &s->out2in.addr; - r_addr = &s->ext_host_addr; - fib_index = s->out2in.fib_index; - if (snat_is_unk_proto_session (s)) - { - proto = s->in2out.port; - r_port = 0; - l_port = 0; - } - else - { - proto = nat_proto_to_ip_proto (s->nat_proto); - l_port = s->out2in.port; - r_port = s->ext_host_port; - } - init_ed_k (&ed_kv, *l_addr, l_port, *r_addr, r_port, fib_index, proto); - - if (PREDICT_FALSE (clib_bihash_add_del_16_8 (&sm->out2in_ed, &ed_kv, 0))) - nat_elog_warn ("out2in_ed key del failed"); - - l_addr = &s->in2out.addr; - fib_index = s->in2out.fib_index; - - if (!snat_is_unk_proto_session (s)) - l_port = s->in2out.port; - - if (is_twice_nat_session (s)) - { - r_addr = &s->ext_host_nat_addr; - r_port = s->ext_host_nat_port; - } - init_ed_k (&ed_kv, *l_addr, l_port, *r_addr, r_port, fib_index, proto); - - if (PREDICT_FALSE (clib_bihash_add_del_16_8 (&tsm->in2out_ed, &ed_kv, 0))) - nat_elog_warn ("in2out_ed key del failed"); - - if (!is_ha) - { - nat_syslog_nat44_sdel (s->user_index, s->in2out.fib_index, - &s->in2out.addr, s->in2out.port, - &s->ext_host_nat_addr, s->ext_host_nat_port, - &s->out2in.addr, s->out2in.port, - &s->ext_host_addr, s->ext_host_port, - s->nat_proto, is_twice_nat_session (s)); - } - - if (snat_is_unk_proto_session (s)) - return; - - if (!is_ha) - { - nat_ipfix_logging_nat44_ses_delete (thread_index, - s->in2out.addr.as_u32, - s->out2in.addr.as_u32, - s->nat_proto, - s->in2out.port, - s->out2in.port, - s->in2out.fib_index); - nat_ha_sdel (&s->out2in.addr, s->out2in.port, &s->ext_host_addr, - s->ext_host_port, s->nat_proto, s->out2in.fib_index, - thread_index); - } - - /* Twice NAT address and port for external host */ - if (is_twice_nat_session (s)) - { - snat_free_outside_address_and_port (sm->twice_nat_addresses, - thread_index, - &s->ext_host_nat_addr, - s->ext_host_nat_port, s->nat_proto); - } - - if (snat_is_session_static (s)) - return; - - snat_free_outside_address_and_port (sm->addresses, thread_index, - &s->out2in.addr, s->out2in.port, - s->nat_proto); -} - - snat_user_t * nat_user_get_or_create (snat_main_t * sm, ip4_address_t * addr, u32 fib_index, u32 thread_index) @@ -564,6 +569,7 @@ nat_user_get_or_create (snat_main_t * sm, ip4_address_t * addr, u32 fib_index, return u; } +// only NAT EI snat_session_t * nat_session_alloc_or_recycle (snat_main_t * sm, snat_user_t * u, u32 thread_index, f64 now) @@ -597,6 +603,8 @@ nat_session_alloc_or_recycle (snat_main_t * sm, snat_user_t * u, /* Get the session */ s = pool_elt_at_index (tsm->sessions, session_index); + + // TODO: ONLY EI version should be called nat_free_session_data (sm, s, thread_index, 0); if (snat_is_session_static (s)) u->nstaticsessions--; @@ -643,6 +651,7 @@ void snat_add_del_addr_to_fib (ip4_address_t * addr, u8 p_len, u32 sw_if_index, int is_add) { + snat_main_t *sm = &snat_main; fib_prefix_t prefix = { .fp_len = p_len, .fp_proto = FIB_PROTOCOL_IP4, @@ -655,7 +664,7 @@ snat_add_del_addr_to_fib (ip4_address_t * addr, u8 p_len, u32 sw_if_index, if (is_add) fib_table_entry_update_one_path (fib_index, &prefix, - nat_fib_src_low, + sm->fib_src_low, (FIB_ENTRY_FLAG_CONNECTED | FIB_ENTRY_FLAG_LOCAL | FIB_ENTRY_FLAG_EXCLUSIVE), @@ -664,7 +673,7 @@ snat_add_del_addr_to_fib (ip4_address_t * addr, u8 p_len, u32 sw_if_index, sw_if_index, ~0, 1, NULL, FIB_ROUTE_PATH_FLAG_NONE); else - fib_table_entry_delete (fib_index, &prefix, nat_fib_src_low); + fib_table_entry_delete (fib_index, &prefix, sm->fib_src_low); } int @@ -702,7 +711,7 @@ snat_add_address (snat_main_t * sm, ip4_address_t * addr, u32 vrf_id, if (vrf_id != ~0) ap->fib_index = fib_table_find_or_create_and_lock (FIB_PROTOCOL_IP4, vrf_id, - nat_fib_src_low); + sm->fib_src_low); else ap->fib_index = ~0; @@ -808,10 +817,10 @@ get_thread_idx_by_port (u16 e_port) } void -snat_static_mapping_del_sessions (snat_main_t * sm, - snat_main_per_thread_data_t * tsm, - snat_user_key_t u_key, int addr_only, - ip4_address_t e_addr, u16 e_port) +nat_ei_static_mapping_del_sessions (snat_main_t * sm, + snat_main_per_thread_data_t * tsm, + snat_user_key_t u_key, int addr_only, + ip4_address_t e_addr, u16 e_port) { clib_bihash_kv_8_8_t kv, value; kv.key = u_key.as_u64; @@ -820,6 +829,7 @@ snat_static_mapping_del_sessions (snat_main_t * sm, snat_user_t *u; snat_session_t *s; u32 elt_index, head_index, ses_index; + if (!clib_bihash_search_8_8 (&tsm->user_hash, &kv, &value)) { user_index = value.value; @@ -861,13 +871,13 @@ snat_static_mapping_del_sessions (snat_main_t * sm, } void -snat_ed_static_mapping_del_sessions (snat_main_t * sm, - snat_main_per_thread_data_t * tsm, - ip4_address_t l_addr, - u16 l_port, - u8 protocol, - u32 fib_index, int addr_only, - ip4_address_t e_addr, u16 e_port) +nat_ed_static_mapping_del_sessions (snat_main_t * sm, + snat_main_per_thread_data_t * tsm, + ip4_address_t l_addr, + u16 l_port, + u8 protocol, + u32 fib_index, int addr_only, + ip4_address_t e_addr, u16 e_port) { snat_session_t *s; u32 *indexes_to_free = NULL; @@ -935,7 +945,7 @@ snat_add_static_mapping (ip4_address_t l_addr, ip4_address_t e_addr, if (!sm->endpoint_dependent) { if (twice_nat || out2in_only) - return VNET_API_ERROR_FEATURE_DISABLED; + return VNET_API_ERROR_UNSUPPORTED; } /* If the external address is a specific interface address */ @@ -1031,7 +1041,7 @@ snat_add_static_mapping (ip4_address_t l_addr, ip4_address_t e_addr, local->vrf_id = vrf_id; local->fib_index = fib_table_find_or_create_and_lock (FIB_PROTOCOL_IP4, vrf_id, - nat_fib_src_low); + sm->fib_src_low); init_nat_kv (&kv, m->local_addr, m->local_port, local->fib_index, m->proto, m - sm->static_mappings); @@ -1049,13 +1059,13 @@ snat_add_static_mapping (ip4_address_t l_addr, ip4_address_t e_addr, if (vrf_id != ~0) fib_index = fib_table_find_or_create_and_lock (FIB_PROTOCOL_IP4, vrf_id, - nat_fib_src_low); + sm->fib_src_low); /* If not specified use inside VRF id from SNAT plugin startup config */ else { fib_index = sm->inside_fib_index; vrf_id = sm->inside_vrf_id; - fib_table_lock (fib_index, FIB_PROTOCOL_IP4, nat_fib_src_low); + fib_table_lock (fib_index, FIB_PROTOCOL_IP4, sm->fib_src_low); } if (!(out2in_only || identity_nat)) @@ -1180,6 +1190,7 @@ snat_add_static_mapping (ip4_address_t l_addr, ip4_address_t e_addr, clib_bihash_add_del_8_8 (&sm->static_mapping_by_external, &kv, 1); /* Delete dynamic sessions matching local address (+ local port) */ + // TODO: based on type of NAT EI/ED if (!(sm->static_mapping_only)) { u_key.addr = m->local_addr; @@ -1296,22 +1307,22 @@ snat_add_static_mapping (ip4_address_t l_addr, ip4_address_t e_addr, { if (sm->endpoint_dependent) { - snat_ed_static_mapping_del_sessions (sm, tsm, m->local_addr, - m->local_port, m->proto, - fib_index, addr_only, - e_addr, e_port); + nat_ed_static_mapping_del_sessions (sm, tsm, m->local_addr, + m->local_port, m->proto, + fib_index, addr_only, + e_addr, e_port); } else { u_key.addr = m->local_addr; u_key.fib_index = fib_index; kv.key = u_key.as_u64; - snat_static_mapping_del_sessions (sm, tsm, u_key, addr_only, - e_addr, e_port); + nat_ei_static_mapping_del_sessions (sm, tsm, u_key, addr_only, + e_addr, e_port); } } - fib_table_unlock (fib_index, FIB_PROTOCOL_IP4, nat_fib_src_low); + fib_table_unlock (fib_index, FIB_PROTOCOL_IP4, sm->fib_src_low); if (pool_elts (m->locals)) return 0; @@ -1452,7 +1463,7 @@ nat44_add_del_lb_static_mapping (ip4_address_t e_addr, u16 e_port, locals[i].fib_index = fib_table_find_or_create_and_lock (FIB_PROTOCOL_IP4, locals[i].vrf_id, - nat_fib_src_low); + sm->fib_src_low); if (!out2in_only) { init_nat_kv (&kv, locals[i].addr, locals[i].port, @@ -1536,7 +1547,7 @@ nat44_add_del_lb_static_mapping (ip4_address_t e_addr, u16 e_port, pool_foreach (local, m->locals, ({ fib_table_unlock (local->fib_index, FIB_PROTOCOL_IP4, - nat_fib_src_low); + sm->fib_src_low); if (!out2in_only) { init_nat_k(& kv, local->addr, local->port, local->fib_index, m->proto); @@ -1638,7 +1649,7 @@ nat44_lb_static_mapping_add_del_local (ip4_address_t e_addr, u16 e_port, local->vrf_id = vrf_id; local->fib_index = fib_table_find_or_create_and_lock (FIB_PROTOCOL_IP4, vrf_id, - nat_fib_src_low); + sm->fib_src_low); if (!is_out2in_only_static_mapping (m)) { @@ -1657,7 +1668,7 @@ nat44_lb_static_mapping_add_del_local (ip4_address_t e_addr, u16 e_port, return VNET_API_ERROR_UNSPECIFIED; fib_table_unlock (match_local->fib_index, FIB_PROTOCOL_IP4, - nat_fib_src_low); + sm->fib_src_low); if (!is_out2in_only_static_mapping (m)) { @@ -1795,39 +1806,42 @@ snat_del_address (snat_main_t * sm, ip4_address_t addr, u8 delete_sm, } if (a->fib_index != ~0) - fib_table_unlock (a->fib_index, FIB_PROTOCOL_IP4, nat_fib_src_low); + fib_table_unlock (a->fib_index, FIB_PROTOCOL_IP4, sm->fib_src_low); /* Delete sessions using address */ if (a->busy_tcp_ports || a->busy_udp_ports || a->busy_icmp_ports) { - /* *INDENT-OFF* */ vec_foreach (tsm, sm->per_thread_data) - { - pool_foreach (ses, tsm->sessions, ({ - if (ses->out2in.addr.as_u32 == addr.as_u32) - { - nat_free_session_data (sm, ses, tsm - sm->per_thread_data, 0); - vec_add1 (ses_to_be_removed, ses - tsm->sessions); - } - })); + { + /* *INDENT-OFF* */ + pool_foreach (ses, tsm->sessions, ({ + if (ses->out2in.addr.as_u32 == addr.as_u32) + { + nat_free_session_data (sm, ses, tsm - sm->per_thread_data, 0); + vec_add1 (ses_to_be_removed, ses - tsm->sessions); + } + })); + /* *INDENT-ON* */ - if (sm->endpoint_dependent){ - vec_foreach (ses_index, ses_to_be_removed) - { - ses = pool_elt_at_index (tsm->sessions, ses_index[0]); - nat_ed_session_delete (sm, ses, tsm - sm->per_thread_data, 1); - } - }else{ - vec_foreach (ses_index, ses_to_be_removed) - { - ses = pool_elt_at_index (tsm->sessions, ses_index[0]); - nat44_delete_session (sm, ses, tsm - sm->per_thread_data); - } + if (sm->endpoint_dependent) + { + vec_foreach (ses_index, ses_to_be_removed) + { + ses = pool_elt_at_index (tsm->sessions, ses_index[0]); + nat_ed_session_delete (sm, ses, tsm - sm->per_thread_data, 1); + } + } + else + { + vec_foreach (ses_index, ses_to_be_removed) + { + ses = pool_elt_at_index (tsm->sessions, ses_index[0]); + nat44_delete_session (sm, ses, tsm - sm->per_thread_data); + } } - vec_free (ses_to_be_removed); - } - /* *INDENT-ON* */ + vec_free (ses_to_be_removed); + } } #define _(N, i, n, s) \ @@ -2626,7 +2640,6 @@ nat_ip_table_add_del (vnet_main_t * vnm, u32 table_id, u32 is_add) if (sm->endpoint_dependent) { // TODO: consider removing all NAT interfaces - if (!is_add) { fib_index = ip4_fib_index_from_table_id (table_id); @@ -2707,7 +2720,6 @@ static clib_error_t * nat_init (vlib_main_t * vm) { snat_main_t *sm = &snat_main; - clib_error_t *error = 0; vlib_thread_main_t *tm = vlib_get_thread_main (); vlib_thread_registration_t *tr; ip4_add_del_interface_address_callback_t cbi = { 0 }; @@ -2808,11 +2820,10 @@ nat_init (vlib_main_t * vm) cbt.function = snat_update_outside_fib; vec_add1 (sm->ip4_main->table_bind_callbacks, cbt); - // TODO: is it possible to move it into snat_main ? - nat_fib_src_low = + sm->fib_src_low = fib_source_allocate ("nat-low", FIB_SOURCE_PRIORITY_LOW, FIB_SOURCE_BH_SIMPLE); - nat_fib_src_hi = + sm->fib_src_hi = fib_source_allocate ("nat-hi", FIB_SOURCE_PRIORITY_HI, FIB_SOURCE_BH_SIMPLE); @@ -2823,8 +2834,7 @@ nat_init (vlib_main_t * vm) nat_ha_init (vm, sm->num_workers, num_threads); test_key_calc_split (); - error = snat_api_init (vm, sm); - return error; + return nat44_api_hookup (vm); } VLIB_INIT_FUNCTION (nat_init); @@ -2878,18 +2888,14 @@ nat44_plugin_enable (nat44_config_t c) sm->mss_clamping = 0; if (!c.users) - { - c.users = 1024; - } + c.users = 1024; + sm->max_users_per_thread = c.users; sm->user_buckets = nat_calc_bihash_buckets (c.users); if (!c.sessions) - { - // default value based on legacy setting of load factor 10 * default - // translation buckets 1024 - c.sessions = 10 * 1024; - } + c.sessions = 10 * 1024; + sm->max_translations_per_thread = c.sessions; sm->translation_buckets = nat_calc_bihash_buckets (c.sessions); @@ -2900,12 +2906,12 @@ nat44_plugin_enable (nat44_config_t c) sm->outside_vrf_id = c.outside_vrf; sm->outside_fib_index = fib_table_find_or_create_and_lock - (FIB_PROTOCOL_IP4, c.outside_vrf, nat_fib_src_hi); + (FIB_PROTOCOL_IP4, c.outside_vrf, sm->fib_src_hi); sm->inside_vrf_id = c.inside_vrf; sm->inside_fib_index = fib_table_find_or_create_and_lock - (FIB_PROTOCOL_IP4, c.inside_vrf, nat_fib_src_hi); + (FIB_PROTOCOL_IP4, c.inside_vrf, sm->fib_src_hi); if (c.endpoint_dependent) { @@ -2917,6 +2923,8 @@ nat44_plugin_enable (nat44_config_t c) sm->icmp_match_out2in_cb = icmp_match_out2in_ed; sm->icmp_match_in2out_cb = icmp_match_in2out_ed; + // try to move it into nat44_db_init, + // consider static mapping requirements clib_bihash_init_16_8 (&sm->out2in_ed, "out2in-ed", sm->translation_buckets, 0); clib_bihash_set_kvp_format_fn_16_8 (&sm->out2in_ed, @@ -2977,8 +2985,7 @@ nat44_plugin_enable (nat44_config_t c) vlib_zero_simple_counter (&sm->user_limit_reached, 0); sm->enabled = 1; - - nat_log_info ("nat44 enable"); + sm->rconfig = c; return 0; } @@ -3092,6 +3099,7 @@ nat44_plugin_disable () sm->forwarding_enabled = 0; sm->enabled = 0; + clib_memset (&sm->rconfig, 0, sizeof (sm->rconfig)); return 0; } @@ -3536,6 +3544,7 @@ exhausted: void nat44_add_del_address_dpo (ip4_address_t addr, u8 is_add) { + snat_main_t *sm = &snat_main; dpo_id_t dpo_v4 = DPO_INVALID; fib_prefix_t pfx = { .fp_proto = FIB_PROTOCOL_IP4, @@ -3546,73 +3555,16 @@ nat44_add_del_address_dpo (ip4_address_t addr, u8 is_add) if (is_add) { nat_dpo_create (DPO_PROTO_IP4, 0, &dpo_v4); - fib_table_entry_special_dpo_add (0, &pfx, nat_fib_src_hi, + fib_table_entry_special_dpo_add (0, &pfx, sm->fib_src_hi, FIB_ENTRY_FLAG_EXCLUSIVE, &dpo_v4); dpo_reset (&dpo_v4); } else { - fib_table_entry_special_remove (0, &pfx, nat_fib_src_hi); + fib_table_entry_special_remove (0, &pfx, sm->fib_src_hi); } } -u8 * -format_session_kvp (u8 * s, va_list * args) -{ - clib_bihash_kv_8_8_t *v = va_arg (*args, clib_bihash_kv_8_8_t *); - - s = format (s, "%U session-index %llu", format_snat_key, v->key, v->value); - - return s; -} - -u8 * -format_static_mapping_kvp (u8 * s, va_list * args) -{ - clib_bihash_kv_8_8_t *v = va_arg (*args, clib_bihash_kv_8_8_t *); - - s = format (s, "%U static-mapping-index %llu", - format_snat_key, v->key, v->value); - - return s; -} - -u8 * -format_user_kvp (u8 * s, va_list * args) -{ - clib_bihash_kv_8_8_t *v = va_arg (*args, clib_bihash_kv_8_8_t *); - snat_user_key_t k; - - k.as_u64 = v->key; - - s = format (s, "%U fib %d user-index %llu", format_ip4_address, &k.addr, - k.fib_index, v->value); - - return s; -} - -u8 * -format_ed_session_kvp (u8 * s, va_list * args) -{ - clib_bihash_kv_16_8_t *v = va_arg (*args, clib_bihash_kv_16_8_t *); - - u8 proto; - u16 r_port, l_port; - ip4_address_t l_addr, r_addr; - u32 fib_index; - - split_ed_kv (v, &l_addr, &r_addr, &proto, &fib_index, &l_port, &r_port); - s = - format (s, - "local %U:%d remote %U:%d proto %U fib %d thread-index %u session-index %u", - format_ip4_address, &l_addr, clib_net_to_host_u16 (l_port), - format_ip4_address, &r_addr, clib_net_to_host_u16 (r_port), - format_ip_protocol, proto, fib_index, - ed_value_get_session_index (v), ed_value_get_thread_index (v)); - - return s; -} - static u32 snat_get_worker_in2out_cb (ip4_header_t * ip0, u32 rx_fib_index0, u8 is_output) @@ -4368,7 +4320,11 @@ nat44_db_init (snat_main_per_thread_data_t * tsm) sm->translation_buckets, 0); clib_bihash_set_kvp_format_fn_16_8 (&tsm->in2out_ed, format_ed_session_kvp); - + /* + clib_bihash_init_16_8 (&sm->out2in_ed, "out2in-ed", + sm->translation_buckets, 0); + clib_bihash_set_kvp_format_fn_16_8 (&sm->out2in_ed, + format_ed_session_kvp); */ } else { @@ -4597,7 +4553,6 @@ match: } } - int snat_add_interface_address (snat_main_t * sm, u32 sw_if_index, int is_del, u8 twice_nat) diff --git a/src/plugins/nat/nat.h b/src/plugins/nat/nat.h index 76d819b6ee3..9b11736f5ac 100644 --- a/src/plugins/nat/nat.h +++ b/src/plugins/nat/nat.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2016 Cisco and/or its affiliates. + * Copyright (c) 2020 Cisco and/or its affiliates. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at: @@ -614,6 +614,9 @@ typedef struct snat_main_s u32 ed_hairpin_dst_node_index; u32 ed_hairpin_src_node_index; + nat44_config_t rconfig; + //nat44_config_t cconfig; + /* If forwarding is enabled */ u8 forwarding_enabled; @@ -720,6 +723,9 @@ typedef struct snat_main_s ip4_main_t *ip4_main; ip_lookup_main_t *ip4_lookup_main; + fib_source_t fib_src_hi; + fib_source_t fib_src_low; + /* nat44 plugin enabled */ u8 enabled; @@ -1242,7 +1248,7 @@ int nat44_lb_static_mapping_add_del_local (ip4_address_t e_addr, u16 e_port, nat_protocol_t proto, u32 vrf_id, u8 probability, u8 is_add); -clib_error_t *snat_api_init (vlib_main_t * vm, snat_main_t * sm); +clib_error_t *nat44_api_hookup (vlib_main_t * vm); /** * @brief Set NAT plugin workers @@ -1346,16 +1352,6 @@ int nat44_set_session_limit (u32 session_limit, u32 vrf_id); * @return 0 on success, non-zero value otherwise */ int nat44_update_session_limit (u32 session_limit, u32 vrf_id); -/** - * @brief Free NAT44 ED session data (lookup keys, external address port) - * - * @param s NAT session - * @param thread_index thread index - * @param is_ha is HA event - */ -void -nat44_free_session_data (snat_main_t * sm, snat_session_t * s, - u32 thread_index, u8 is_ha); /** * @brief Initialize NAT44 data @@ -1371,6 +1367,17 @@ void nat44_db_init (snat_main_per_thread_data_t * tsm); */ void nat44_db_free (snat_main_per_thread_data_t * tsm); +/** + * @brief Delete specific NAT44 EI user and his sessions + * + * @param addr IPv4 address + * @param fib_index FIB table index + */ +int nat44_ei_user_del (ip4_address_t * addr, u32 fib_index); + +/** + * @brief Free all NAT44 sessions + */ void nat44_sessions_clear (); /** @@ -1508,6 +1515,46 @@ int snat_static_mapping_match (snat_main_t * sm, void snat_add_del_addr_to_fib (ip4_address_t * addr, u8 p_len, u32 sw_if_index, int is_add); +void +nat_ha_sadd_cb (ip4_address_t * in_addr, u16 in_port, + ip4_address_t * out_addr, u16 out_port, + ip4_address_t * eh_addr, u16 eh_port, + ip4_address_t * ehn_addr, u16 ehn_port, u8 proto, + u32 fib_index, u16 flags, u32 thread_index); + +void +nat_ha_sdel_cb (ip4_address_t * out_addr, u16 out_port, + ip4_address_t * eh_addr, u16 eh_port, u8 proto, u32 fib_index, + u32 ti); + +void +nat_ha_sref_cb (ip4_address_t * out_addr, u16 out_port, + ip4_address_t * eh_addr, u16 eh_port, u8 proto, u32 fib_index, + u32 total_pkts, u64 total_bytes, u32 thread_index); + +void +nat_ha_sadd_ed_cb (ip4_address_t * in_addr, u16 in_port, + ip4_address_t * out_addr, u16 out_port, + ip4_address_t * eh_addr, u16 eh_port, + ip4_address_t * ehn_addr, u16 ehn_port, u8 proto, + u32 fib_index, u16 flags, u32 thread_index); + +void +nat_ha_sdel_ed_cb (ip4_address_t * out_addr, u16 out_port, + ip4_address_t * eh_addr, u16 eh_port, u8 proto, + u32 fib_index, u32 ti); + +void +nat_ha_sdel_ed_cb (ip4_address_t * out_addr, u16 out_port, + ip4_address_t * eh_addr, u16 eh_port, u8 proto, + u32 fib_index, u32 ti); + +void +nat_ha_sref_ed_cb (ip4_address_t * out_addr, u16 out_port, + ip4_address_t * eh_addr, u16 eh_port, u8 proto, + u32 fib_index, u32 total_pkts, u64 total_bytes, + u32 thread_index); + /* * Why is this here? Because we don't need to touch this layer to * simply reply to an icmp. We need to change id to a unique diff --git a/src/plugins/nat/nat44.api b/src/plugins/nat/nat44.api new file mode 100644 index 00000000000..ec8c41640b0 --- /dev/null +++ b/src/plugins/nat/nat44.api @@ -0,0 +1,1188 @@ +/* + * Copyright (c) 2020 Cisco and/or its affiliates. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +option version = "5.2.0"; +import "vnet/ip/ip_types.api"; +import "vnet/interface_types.api"; +import "plugins/nat/nat_types.api"; + +/** + * @file nat.api + * @brief VPP control-plane API messages. + * + * This file defines VPP control-plane API messages which are generally + * called through a shared memory interface. + */ + +/* + * Common NAT plugin APIs + */ + +enum nat44_config_flags : u8 +{ + NAT44_IS_ENDPOINT_INDEPENDENT = 0x00, + NAT44_IS_ENDPOINT_DEPENDENT = 0x01, + NAT44_IS_STATIC_MAPPING_ONLY = 0x02, + NAT44_IS_CONNECTION_TRACKING = 0x04, + NAT44_IS_OUT2IN_DPO = 0x08, +}; + +/** \brief Enable/disable NAT44 plugin + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + @param inside_vrf - inside vrf id + @param outside_vrf - outside vrf id + @param users - maximum number of users per thread + (NAT44_IS_ENDPOINT_INDEPENDENT) + @param user_memory - overwrite hash allocation parameter + (NAT44_IS_ENDPOINT_INDEPENDENT) + @param sessions - maximum number of sessions per thread + @param session_memory - overwrite hash allocation parameter + @param user_sessions - maximum number of sessions per user + (NAT44_IS_ENDPOINT_INDEPENDENT) + @param enable - true if enable, false if disable + @param flags - flag NAT44_IS_ENDPOINT_INDEPENDENT, + NAT44_IS_ENDPOINT_DEPENDENT, + NAT44_IS_STATIC_MAPPING_ONLY, + NAT44_IS_CONNECTION_TRACKING, + NAT44_IS_OUT2IN_DPO +*/ +autoreply define nat44_plugin_enable_disable { + u32 client_index; + u32 context; + u32 inside_vrf; + u32 outside_vrf; + u32 users; + u32 user_memory; + u32 sessions; + u32 session_memory; + u32 user_sessions; + bool enable; + vl_api_nat44_config_flags_t flags; +}; + +/** \brief Control ping from client to api server request + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request +*/ +define nat_control_ping +{ + option deprecated; + u32 client_index; + u32 context; +}; + +/** \brief Control ping from the client to the server response + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + @param retval - return code for the request + @param vpe_pid - the pid of the vpe, returned by the server +*/ +define nat_control_ping_reply +{ + option deprecated; + u32 context; + i32 retval; + u32 client_index; + u32 vpe_pid; +}; + +/** \brief Show NAT plugin startup config + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request +*/ +define nat_show_config +{ + option deprecated; + u32 client_index; + u32 context; +}; + +/** \brief DEPRECATED: Show NAT plugin startup config reply + @param context - sender context, to match reply w/ request + @param retval - return code for the request + @param static_mapping_only - if true dynamic translations disabled + @param static_mapping_connection_tracking - if true create session data + @param deterministic - if true deterministic mapping + @param endpoint_dependent - if true endpoint-dependent mode + @param out2in_dpo - if true out2in dpo mode + @param dslite_ce - if true DS-Lite is CE/B4 element, if false AFTR elemet + @param translation_buckets - number of translation hash buckets + @param translation_memory_size - translation hash memory size + @param user_buckets - number of user hash buckets + @param user_memory_size - user hash memory size + @param max_translations_per_user - maximum number of translations per user + @param outside_vrf_id - outside VRF id + @param inside_vrf_id - default inside VRF id + @param nat64_bib_buckets - number of NAT64 BIB hash buckets + @param nat64_bib_memory_size - memory size of NAT64 BIB hash + @param nat64_st_buckets - number of NAT64 session table hash buckets + @param nat64_st_memory_size - memory size of NAT64 session table hash +*/ +define nat_show_config_reply +{ + option deprecated; + u32 context; + i32 retval; + bool static_mapping_only; + bool static_mapping_connection_tracking; + bool deterministic; + bool endpoint_dependent; + bool out2in_dpo; + bool dslite_ce; + u32 translation_buckets; + u32 translation_memory_size; + u32 user_buckets; + u64 user_memory_size; + u32 max_translations_per_user; + u32 outside_vrf_id; + u32 inside_vrf_id; + u32 nat64_bib_buckets; + u64 nat64_bib_memory_size; + u32 nat64_st_buckets; + u64 nat64_st_memory_size; +}; + +/** \brief Show NAT plugin startup config + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request +*/ +define nat_show_config_2 +{ + option deprecated; + u32 client_index; + u32 context; +}; + +/** \brief Show NAT plugin startup config reply + @param context - sender context, to match reply w/ request + @param retval - return code for the request + @param static_mapping_only - if true dynamic translations disabled + @param static_mapping_connection_tracking - if true create session data + @param deterministic - if true deterministic mapping + @param endpoint_dependent - if true endpoint-dependent mode + @param out2in_dpo - if true out2in dpo mode + @param dslite_ce - if true DS-Lite is CE/B4 element, if false AFTR elemet + @param translation_buckets - number of translation hash buckets + @param translation_memory_size - translation hash memory size + @param user_buckets - number of user hash buckets + @param user_memory_size - user hash memory size + @param max_translations_per_user - maximum number of translations per user + @param outside_vrf_id - outside VRF id + @param inside_vrf_id - default inside VRF id + @param nat64_bib_buckets - number of NAT64 BIB hash buckets + @param nat64_bib_memory_size - memory size of NAT64 BIB hash + @param nat64_st_buckets - number of NAT64 session table hash buckets + @param nat64_st_memory_size - memory size of NAT64 session table hash + @param max_translations_per_thread - max translations per worker thread + @param max_users_per_thread - max users per worker thread +*/ +define nat_show_config_2_reply +{ + option deprecated; + u32 context; + i32 retval; + bool static_mapping_only; + bool static_mapping_connection_tracking; + bool deterministic; + bool endpoint_dependent; + bool out2in_dpo; + bool dslite_ce; + u32 translation_buckets; + u64 translation_memory_size; + u32 user_buckets; + u64 user_memory_size; + u32 max_translations_per_user; + u32 outside_vrf_id; + u32 inside_vrf_id; + u32 nat64_bib_buckets; + u64 nat64_bib_memory_size; + u32 nat64_st_buckets; + u64 nat64_st_memory_size; + u32 max_translations_per_thread; + u32 max_users_per_thread; +}; + +/** \brief Show NAT44 plugin running config + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request +*/ +define nat44_show_running_config +{ + option in_progress; + u32 client_index; + u32 context; +}; + +/** \brief Show NAT44 plugin running config reply + @param context - sender context, to match reply w/ request + @param retval - return code for the request + @param inside_vrf - default inside VRF id + @param outside_vrf - outside VRF id + @param users - maximum number of users per worker thread + (NAT44_IS_ENDPOINT_INDEPENDENT) + @param sessions - maximum number of sessions per worker thread + @param user_sessions - maximum number of sessions per user + (NAT44_IS_ENDPOINT_INDEPENDENT) + @param user_buckets - number of user hash buckets + (NAT44_IS_ENDPOINT_INDEPENDENT) + @param translation_buckets - number of translation hash buckets + @param flags - flag NAT44_IS_ENDPOINT_INDEPENDENT, + NAT44_IS_ENDPOINT_DEPENDENT, + NAT44_IS_STATIC_MAPPING_ONLY, + NAT44_IS_CONNECTION_TRACKING, + NAT44_IS_OUT2IN_DPO +*/ +define nat44_show_running_config_reply +{ + option in_progress; + u32 context; + i32 retval; + + u32 inside_vrf; + u32 outside_vrf; + + u32 users; + u32 sessions; + u32 user_sessions; + + u32 user_buckets; + u32 translation_buckets; + + vl_api_nat44_config_flags_t flags; +}; + +enum nat_log_level : u8 +{ + NAT_LOG_NONE = 0x00, + NAT_LOG_ERROR = 0x01, + NAT_LOG_WARNING = 0x02, + NAT_LOG_NOTICE = 0x03, + NAT_LOG_INFO = 0x04, + NAT_LOG_DEBUG = 0x05, +}; + +/** \brief Run nat44 garbage collection + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request +*/ +autoreply define nat44_session_cleanup { + option deprecated; + u32 client_index; + u32 context; +}; + +/** \brief NAT44 set session limit + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + @param session_limit - session limit + @param vrf_id - vrf id +*/ +autoreply define nat44_set_session_limit { + u32 client_index; + u32 context; + u32 session_limit; + u32 vrf_id; +}; + +/** \brief Set NAT logging level + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + @param log_level - logging level +*/ +autoreply define nat_set_log_level { + u32 client_index; + u32 context; + vl_api_nat_log_level_t log_level; +}; + +/** \brief Set NAT workers + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + @param worker_mask - NAT workers mask +*/ +autoreply define nat_set_workers { + u32 client_index; + u32 context; + u64 worker_mask; +}; + +/** \brief Dump NAT workers + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request +*/ +define nat_worker_dump { + u32 client_index; + u32 context; +}; + +/** \brief NAT workers details response + @param context - sender context, to match reply w/ request + @param worker_index - worker index + @param lcore_id - lcore ID + @param name - worker name +*/ +define nat_worker_details { + u32 context; + u32 worker_index; + u32 lcore_id; + string name[64]; +}; + +/** \brief Enable/disable NAT IPFIX logging + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + @param domain_id - observation domain ID + @param src_port - source port number + @param enable - true if enable, false if disable +*/ +autoreply define nat_ipfix_enable_disable { + u32 client_index; + u32 context; + u32 domain_id; + u16 src_port; + bool enable; +}; + +/** \brief Set values of timeouts for NAT sessions (seconds) + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + @param udp - UDP timeout (default 300sec) + @param tcp_established - TCP established timeout (default 7440sec) + @param tcp_transitory - TCP transitory timeout (default 240sec) + @param icmp - ICMP timeout (default 60sec) +*/ +autoreply define nat_set_timeouts { + u32 client_index; + u32 context; + u32 udp; + u32 tcp_established; + u32 tcp_transitory; + u32 icmp; +}; + +/** \brief Get values of timeouts for NAT sessions (seconds) + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request +*/ +define nat_get_timeouts { + u32 client_index; + u32 context; +}; + +/** \brief Get values of timeouts for NAT sessions reply + @param context - sender context, to match reply w/ request + @param retval - return code + @param udp - UDP timeout + @param tcp_established - TCP established timeout + @param tcp_transitory - TCP transitory timeout + @param icmp - ICMP timeout +*/ +define nat_get_timeouts_reply { + u32 context; + i32 retval; + u32 udp; + u32 tcp_established; + u32 tcp_transitory; + u32 icmp; +}; + +/** \brief Set address and port assignment algorithm + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + @param alg - address and port assignment algorithm: + 0 - default, 1 - MAP-E, 2 - port range + (see nat_addr_and_port_alloc_alg_t in nat.h) + @param psid_offset - number of offset bits (valid only for MAP-E alg) + @param psid_length - length of PSID (valid only for MAP-E alg) + @param psid - Port Set Identifier (PSID) value (valid only for MAP-E alg) + @param start_port - beginning of the port range + @param end_port - end of the port range +*/ +autoreply define nat_set_addr_and_port_alloc_alg { + u32 client_index; + u32 context; + u8 alg; + u8 psid_offset; + u8 psid_length; + u16 psid; + u16 start_port; + u16 end_port; +}; + +/** \brief Get address and port assignment algorithm + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request +*/ +define nat_get_addr_and_port_alloc_alg { + u32 client_index; + u32 context; +}; + +/** \brief Get address and port assignment algorithm reply + @param context - sender context, to match reply w/ request + @param retval - return code + @param alg - address and port assignment algorithm: + 0 - default, 1 - MAP-E, 2 - port range + (see nat_addr_and_port_alloc_alg_t in nat.h) + @param psid_offset - number of offset bits (valid only for MAP-E alg) + @param psid_length - length of PSID (valid only for MAP-E alg) + @param psid - Port Set Identifier (PSID) value (valid only for MAP-E alg) + @param start_port - beginning of the port range + @param end_port - end of the port range +*/ +define nat_get_addr_and_port_alloc_alg_reply { + u32 context; + i32 retval; + u8 alg; + u8 psid_offset; + u8 psid_length; + u16 psid; + u16 start_port; + u16 end_port; +}; + +/** \brief Set TCP MSS rewriting configuration + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + @param mss_value - MSS value to be used for MSS rewriting + @param enable - if true enable MSS rewriting feature else disable +*/ +autoreply define nat_set_mss_clamping { + u32 client_index; + u32 context; + u16 mss_value; + bool enable; +}; + +/** \brief Get TCP MSS rewriting configuration + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request +*/ +define nat_get_mss_clamping { + u32 client_index; + u32 context; +}; + +/** \brief Get TCP MSS rewriting configuration reply + @param context - sender context, to match reply w/ request + @param retval - return code + @param mss_value - MSS value to be used for MSS rewriting + @param enable - if true enable MSS rewriting feature else disable +*/ +define nat_get_mss_clamping_reply { + u32 context; + i32 retval; + u16 mss_value; + bool enable; +}; + +/** \brief Set HA listener (local settings) + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + @param ip_address - local IP4 address + @param port - local UDP port number + @param path_mtu - path MTU between local and failover +*/ +autoreply define nat_ha_set_listener { + u32 client_index; + u32 context; + vl_api_ip4_address_t ip_address; + u16 port; + u32 path_mtu; +}; + +/** \brief Set HA failover (remote settings) + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + @param ip_address - failover IP4 address + @param port - failvoer UDP port number + @param session_refresh_interval - number of seconds after which to send + session counters refresh +*/ +autoreply define nat_ha_set_failover { + u32 client_index; + u32 context; + vl_api_ip4_address_t ip_address; + u16 port; + u32 session_refresh_interval; +}; + +/** \brief Get HA listener/local configuration + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request +*/ +define nat_ha_get_listener { + u32 client_index; + u32 context; +}; + +/** \brief Get HA listener/local configuration reply + @param context - sender context, to match reply w/ request + @param retval - return code + @param ip_address - local IP4 address + @param port - local UDP port number + @param path_mtu - Path MTU between local and failover +*/ +define nat_ha_get_listener_reply { + u32 context; + i32 retval; + vl_api_ip4_address_t ip_address; + u16 port; + u32 path_mtu; +}; + +/** \brief Get HA failover/remote settings + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request +*/ +define nat_ha_get_failover { + u32 client_index; + u32 context; +}; + +/** \brief Get HA failover/remote settings reply + @param context - sender context, to match reply w/ request + @param retval - return code + @param ip_address - failover IP4 address + @param port - failvoer UDP port number + @param session_refresh_interval - number of seconds after which to send + session counters refresh +*/ +define nat_ha_get_failover_reply { + u32 context; + i32 retval; + vl_api_ip4_address_t ip_address; + u16 port; + u32 session_refresh_interval; +}; + +/** \brief Flush the current HA data (for testing) + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request +*/ +autoreply define nat_ha_flush { + u32 client_index; + u32 context; +}; + +/** \brief Resync HA (resend existing sessions to new failover) + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + @param want_resync_event - resync completed event sent to the sender via + nat_ha_resync_completed_event API message if + non-zero + @param pid - sender's pid +*/ +autoreply define nat_ha_resync +{ + u32 client_index; + u32 context; + u8 want_resync_event; + u32 pid; +}; + +/** \brief Tell client about a HA resync completion event + @param client_index - opaque cookie to identify the sender + @param pid - client pid registered to receive notification + @param missed_count - number of missed (not ACKed) messages +*/ +define nat_ha_resync_completed_event +{ + u32 client_index; + u32 pid; + u32 missed_count; +}; + +service { + rpc nat_ha_resync returns nat_ha_resync_reply events nat_ha_resync_completed_event; +}; + +/* + * NAT44 APIs + */ + +/** \brief Del NAT44 user + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + @param ip_address - IPv4 address + @param fib_index - FIB index +*/ +autoreply define nat44_del_user { + u32 client_index; + u32 context; + vl_api_ip4_address_t ip_address; + u32 fib_index; +}; + +/** \brief Add/del NAT44 address range + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + @param first_ip_address - first IPv4 address + @param last_ip_address - last IPv4 address + @param vrf_id - VRF id of tenant, ~0 means independent of VRF + @param is_add - true if add, false if delete + @param flags - flag NAT_IS_TWICE_NAT if NAT address range for external hosts + +*/ +autoreply define nat44_add_del_address_range { + u32 client_index; + u32 context; + vl_api_ip4_address_t first_ip_address; + vl_api_ip4_address_t last_ip_address; + u32 vrf_id; + bool is_add; + vl_api_nat_config_flags_t flags; +}; + +/** \brief Dump NAT44 addresses + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request +*/ +define nat44_address_dump { + u32 client_index; + u32 context; +}; + +/** \brief NAT44 address details response + @param context - sender context, to match reply w/ request + @param ip_address - IPv4 address + @param flags - flag NAT_IS_TWICE_NAT if NAT address range for external hosts + @param vrf_id - VRF id of tenant, ~0 means independent of VRF +*/ +define nat44_address_details { + u32 context; + vl_api_ip4_address_t ip_address; + vl_api_nat_config_flags_t flags; + u32 vrf_id; +}; + +/** \brief Enable/disable NAT44 feature on the interface + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + @param is_add - true if add, false if delete + @param flags - flag NAT_IS_INSIDE if interface is inside else + interface is outside + @param sw_if_index - software index of the interface +*/ +autoreply define nat44_interface_add_del_feature { + u32 client_index; + u32 context; + bool is_add; + vl_api_nat_config_flags_t flags; + vl_api_interface_index_t sw_if_index; +}; + +/** \brief Dump interfaces with NAT44 feature + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request +*/ +define nat44_interface_dump { + u32 client_index; + u32 context; +}; + +/** \brief NAT44 interface details response + @param context - sender context, to match reply w/ request + @param sw_if_index - software index of the interface + @param flags - flag NAT_IS_INSIDE if interface is inside, + flag NAT_IS_OUTSIDE if interface is outside + and if both flags are set the interface is + both inside and outside +*/ +define nat44_interface_details { + u32 context; + vl_api_nat_config_flags_t flags; + vl_api_interface_index_t sw_if_index; +}; + +/** \brief Enable/disbale NAT44 as an interface output feature (postrouting + in2out translation) + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + @param is_add - true if add, false if delete + @param flags - flag NAT_IS_INSIDE if interface is inside else + interface is outside + @param sw_if_index - software index of the interface +*/ +autoreply define nat44_interface_add_del_output_feature { + u32 client_index; + u32 context; + bool is_add; + vl_api_nat_config_flags_t flags; + vl_api_interface_index_t sw_if_index; +}; + +/** \brief Dump interfaces with NAT44 output feature + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request +*/ +define nat44_interface_output_feature_dump { + u32 client_index; + u32 context; +}; + +/** \brief NAT44 interface with output feature details response + @param context - sender context, to match reply w/ request + @param flags - flag NAT_IS_INSIDE if interface is inside else + interface is outside + @param sw_if_index - software index of the interface +*/ +define nat44_interface_output_feature_details { + u32 context; + vl_api_nat_config_flags_t flags; + vl_api_interface_index_t sw_if_index; +}; + +/** \brief Add/delete NAT44 static mapping + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + @param is_add - true if add, false if delete + @param flags - flag NAT_IS_ADDR_ONLY if address only mapping, + flag nat_is_twice_nat if nat address range for external hosts, + flag NAT_IS_SELF_TWICE_NAT if translate external host address + and port whenever external host address equals local + address of internal host, + flag NAT_IS_OUT2IN_ONLY if rule match only out2in direction + @param local_ip_address - local IPv4 address + @param external_ip_address - external IPv4 address + @param protocol - IP protocol, used only if addr_only=0 + @param local_port - local port number, used only if addr_only=0 + @param external_port - external port number, used only if addr_only=0 + @param external_sw_if_index - external interface (if set + external_ip_address is ignored, ~0 means not + used) + @param vfr_id - VRF ID + @param tag - opaque string tag +*/ +autoreply define nat44_add_del_static_mapping { + u32 client_index; + u32 context; + bool is_add; + vl_api_nat_config_flags_t flags; + vl_api_ip4_address_t local_ip_address; + vl_api_ip4_address_t external_ip_address; + u8 protocol; + u16 local_port; + u16 external_port; + vl_api_interface_index_t external_sw_if_index; + u32 vrf_id; + string tag[64]; +}; + +/** \brief Add/delete NAT44 static mapping + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + @param is_add - true if add, false if delete + @param match_pool - true if use specific pool_ip_address + @param flags - flag NAT_IS_ADDR_ONLY if address only mapping, + flag nat_is_twice_nat if nat address range for external hosts, + flag NAT_IS_SELF_TWICE_NAT if translate external host address + and port whenever external host address equals local + address of internal host, + flag NAT_IS_OUT2IN_ONLY if rule match only out2in direction + @param pool_ip_address - pool IPv4 address to match with pool + @param local_ip_address - local IPv4 address + @param external_ip_address - external IPv4 address + @param protocol - IP protocol, used only if addr_only=0 + @param local_port - local port number, used only if addr_only=0 + @param external_port - external port number, used only if addr_only=0 + @param external_sw_if_index - external interface (if set + external_ip_address is ignored, ~0 means not + used) + @param vfr_id - VRF ID + @param tag - opaque string tag +*/ +autoreply define nat44_add_del_static_mapping_v2 { + option in_progress; + u32 client_index; + u32 context; + bool is_add; + bool match_pool; + vl_api_nat_config_flags_t flags; + vl_api_ip4_address_t pool_ip_address; + vl_api_ip4_address_t local_ip_address; + vl_api_ip4_address_t external_ip_address; + u8 protocol; + u16 local_port; + u16 external_port; + vl_api_interface_index_t external_sw_if_index; + u32 vrf_id; + string tag[64]; +}; + +/** \brief Dump NAT44 static mappings + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request +*/ +define nat44_static_mapping_dump { + u32 client_index; + u32 context; +}; + +/** \brief NAT44 static mapping details response + @param context - sender context, to match reply w/ request + @param flags - flag NAT_ADDR_ONLY if address only mapping, + flag NAT_TWICE_NAT if NAT address range for external hosts, + flag NAT_SELF_TWICE_NAT if translate external host address + and port whenever external host address equals local + address of internal host, + flag NAT_OUT2IN_ONLY if rule match only out2in direction + @param local_ip_address - local IPv4 address + @param external_ip_address - external IPv4 address + @param protocol - IP protocol, valid only if no NAT_ADDR_ONLY flag + @param local_port - local port number, valid only if no NAT_ADDR_ONLY flag + @param external_port - external port number, valid only if no NAT_ADDR_ONLY flag + @param external_sw_if_index - external interface + @param vfr_id - VRF ID + @param tag - opaque string tag +*/ +define nat44_static_mapping_details { + u32 context; + vl_api_nat_config_flags_t flags; + vl_api_ip4_address_t local_ip_address; + vl_api_ip4_address_t external_ip_address; + u8 protocol; + u16 local_port; + u16 external_port; + vl_api_interface_index_t external_sw_if_index; + u32 vrf_id; + string tag[64]; +}; + +/** \brief Add/delete NAT44 identity mapping + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + @param is_add - true if add, false if delete + @param flags - flag NAT_ADDR_ONLY if address only mapping + @param ip_address - IPv4 address + @param protocol - IP protocol + @param port - port number + @param sw_if_index - interface (if set ip_address is ignored, ~0 means not + used) + @param vfr_id - VRF ID (if ~0 use default VRF) + @param tag - opaque string tag +*/ +autoreply define nat44_add_del_identity_mapping { + u32 client_index; + u32 context; + bool is_add; + vl_api_nat_config_flags_t flags; + vl_api_ip4_address_t ip_address; + u8 protocol; + u16 port; + vl_api_interface_index_t sw_if_index; + u32 vrf_id; + string tag[64]; +}; + +/** \brief Dump NAT44 identity mappings + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request +*/ +define nat44_identity_mapping_dump { + u32 client_index; + u32 context; +}; + +/** \brief NAT44 identity mapping details response + @param context - sender context, to match reply w/ request + @param flags - flag NAT_ADDR_ONLY if address only mapping + @param ip_address - IPv4 address + @param protocol - IP protocol + @param port - port number + @param sw_if_index - interface + @param vfr_id - VRF ID + @param tag - opaque string tag +*/ +define nat44_identity_mapping_details { + u32 context; + vl_api_nat_config_flags_t flags; + vl_api_ip4_address_t ip_address; + u8 protocol; + u16 port; + vl_api_interface_index_t sw_if_index; + u32 vrf_id; + string tag[64]; +}; + +/** \brief Add/delete NAT44 pool address from specific interfce + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + @param is_add - true if add, false if delete + @param sw_if_index - software index of the interface + @param flags - flag NAT_TWICE_NAT if NAT address range for external hosts +*/ +autoreply define nat44_add_del_interface_addr { + u32 client_index; + u32 context; + bool is_add; + vl_api_interface_index_t sw_if_index; + vl_api_nat_config_flags_t flags; +}; + +/** \brief Dump NAT44 pool addresses interfaces + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request +*/ +define nat44_interface_addr_dump { + u32 client_index; + u32 context; +}; + +/** \brief NAT44 pool addresses interfaces details response + @param context - sender context, to match reply w/ request + @param sw_if_index - software index of the interface + @param flags - flag NAT_TWICE_NAT if NAT address range for external hosts + +*/ +define nat44_interface_addr_details { + u32 context; + vl_api_interface_index_t sw_if_index; + vl_api_nat_config_flags_t flags; +}; + +/** \brief Dump NAT44 users + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request +*/ +define nat44_user_dump { + u32 client_index; + u32 context; +}; + +/** \brief NAT44 users response + @param context - sender context, to match reply w/ request + @vrf_id - VRF ID + @param ip_address - IPv4 address + @param nsessions - number of dynamic sessions + @param nstaticsessions - number of static sessions +*/ +define nat44_user_details { + u32 context; + u32 vrf_id; + vl_api_ip4_address_t ip_address; + u32 nsessions; + u32 nstaticsessions; +}; + +/** \brief NAT44 user's sessions + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + @param ip_address - IPv4 address of the user to dump + @param vrf_id - VRF_ID +*/ +define nat44_user_session_dump { + u32 client_index; + u32 context; + vl_api_ip4_address_t ip_address; + u32 vrf_id; +}; + +/** \brief NAT44 user's sessions response + @param context - sender context, to match reply w/ request + @param outside_ip_address - outside IPv4 address + @param outside_port - outside port + @param inside_ip_address - inside IPv4 address + @param inside_port - inside port + @param protocol - protocol + @param flags - flag NAT_IS_STATIC if session is static, + flag NAT_IS_TWICE_NAT if session is twice-nat, + flag NAT_IS_EXT_HOST_VALID if external host address + and port are valid + @param last_heard - last heard timer + @param total_bytes - count of bytes sent through session + @param total_pkts - count of pakets sent through session + @param ext_host_address - external host IPv4 address + @param ext_host_port - external host port + @param ext_host_nat_address - post-NAT external host IPv4 address (valid + only if twice-nat session) + @param ext_host_nat_port - post-NAT external host port (valid only if + twice-nat session) +*/ +define nat44_user_session_details { + u32 context; + vl_api_ip4_address_t outside_ip_address; + u16 outside_port; + vl_api_ip4_address_t inside_ip_address; + u16 inside_port; + u16 protocol; + vl_api_nat_config_flags_t flags; + u64 last_heard; + u64 total_bytes; + u32 total_pkts; + vl_api_ip4_address_t ext_host_address; + u16 ext_host_port; + vl_api_ip4_address_t ext_host_nat_address; + u16 ext_host_nat_port; +}; + +/** \brief NAT44 load-balancing address and port pair + @param addr - IPv4 address of the internal node + @param port - L4 port number of the internal node + @param probability - probability of the internal node to be randomly matched + @param vrf_id - VRF id +*/ +typedef nat44_lb_addr_port { + vl_api_ip4_address_t addr; + u16 port; + u8 probability; + u32 vrf_id; +}; + +/** \brief Add/delete NAT44 load-balancing static mapping rule + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + @param is_add - true if add, false if delete + @param flags - flag NAT_TWICE_NAT if NAT address range for external hosts, + flag NAT_SELF_TWICE_NAT if translate external host address + and port whenever external host address equals local + address of internal host, + flag NAT_OUT2IN_ONLY if rule match only out2in direction + @param external_addr - external IPv4 address of the service + @param external_port - external L4 port number of the service + @param protocol - IP protocol number of the service + @param affinity - if 0 disabled, otherwise client IP affinity sticky time + in seconds + @param local_num - number of local network nodes + @param locals - local network nodes + @param tag - opaque string tag +*/ +autoreply manual_endian define nat44_add_del_lb_static_mapping { + u32 client_index; + u32 context; + bool is_add; + vl_api_nat_config_flags_t flags; + vl_api_ip4_address_t external_addr; + u16 external_port; + u8 protocol; + u32 affinity; + string tag[64]; + u32 local_num; + vl_api_nat44_lb_addr_port_t locals[local_num]; +}; + +/** \brief Add/delete NAT44 load-balancing static mapping rule backend + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + @param is_add - true if add, false if delete + @param external_addr - external IPv4 address of the service + @param external_port - external L4 port number of the service + @param protocol - IP protocol number of the service + @param local - local network node +*/ +autoreply define nat44_lb_static_mapping_add_del_local { + u32 client_index; + u32 context; + bool is_add; + vl_api_ip4_address_t external_addr; + u16 external_port; + u8 protocol; + vl_api_nat44_lb_addr_port_t local; +}; + +/** \brief Dump NAT44 load-balancing static mapping rules + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request +*/ +define nat44_lb_static_mapping_dump { + u32 client_index; + u32 context; +}; + +/** \brief NAT44 load-balancing static mapping rule details response + @param context - sender context, to match reply w/ request + @param external_addr - external IPv4 address of the service + @param external_port - external L4 port number of the service + @param protocol - IP protocol number of the service + @param flags - flag NAT_TWICE_NAT if NAT address range for external hosts, + flag NAT_SELF_TWICE_NAT if translate external host address + and port whenever external host address equals local + address of internal host, + flag NAT_OUT2IN_ONLY if rule match only out2in direction + @param affinity - if 0 disabled, otherwise client IP affinity sticky time + in seconds + @param local_num - number of local network nodes + @param locals - local network nodes + @param tag - opaque string tag +*/ +manual_endian define nat44_lb_static_mapping_details { + u32 context; + vl_api_ip4_address_t external_addr; + u16 external_port; + u8 protocol; + vl_api_nat_config_flags_t flags; + u32 affinity; + string tag[64]; + u32 local_num; + vl_api_nat44_lb_addr_port_t locals[local_num]; +}; + +/** \brief Delete NAT44 session + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + @param ip_address - IPv4 address + @param protocol - IP protocol + @param port - port number + @param vfr_id - VRF ID + @param flags - flag NAT_IS_INSIDE if interface is inside or + interface is outside, + flag NAT_IS_EXT_HOST_VALID if external host address and + port are valid + @param ext_host_address - external host IPv4 address + @param ext_host_port - external host port +*/ +autoreply define nat44_del_session { + u32 client_index; + u32 context; + vl_api_ip4_address_t address; + u8 protocol; + u16 port; + u32 vrf_id; + vl_api_nat_config_flags_t flags; + vl_api_ip4_address_t ext_host_address; + u16 ext_host_port; +}; + +/** \brief Enable/disable forwarding for NAT44 + Forward packets which don't match existing translation + or static mapping instead of dropping them. + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + @param enable - true for enable, false for disable +*/ +autoreply define nat44_forwarding_enable_disable { + u32 client_index; + u32 context; + bool enable; +}; + +/** \brief Check if forwarding is enabled or disabled + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request +*/ +define nat44_forwarding_is_enabled { + u32 client_index; + u32 context; +}; + +/** \brief Response to check if forwarding is enabled or disabled + @param context - sender context, to match reply w/ request + @param enabled - true if enabled, false if disabled +*/ +define nat44_forwarding_is_enabled_reply { + u32 context; + bool enabled; +}; diff --git a/src/plugins/nat/nat44/inlines.h b/src/plugins/nat/nat44/inlines.h index ab5dc1fd9bc..97dfb6c4542 100644 --- a/src/plugins/nat/nat44/inlines.h +++ b/src/plugins/nat/nat44/inlines.h @@ -42,79 +42,6 @@ nat44_ed_maximum_sessions_exceeded (snat_main_t * sm, return translations >= sm->max_translations_per_fib[fib_index]; } -static_always_inline void -nat44_user_del_sessions (snat_user_t * u, u32 thread_index) -{ - dlist_elt_t *elt; - snat_session_t *s; - - snat_main_t *sm = &snat_main; - snat_main_per_thread_data_t *tsm = &sm->per_thread_data[thread_index]; - - // get head - elt = pool_elt_at_index (tsm->list_pool, - u->sessions_per_user_list_head_index); - // get first element - elt = pool_elt_at_index (tsm->list_pool, elt->next); - - while (elt->value != ~0) - { - s = pool_elt_at_index (tsm->sessions, elt->value); - elt = pool_elt_at_index (tsm->list_pool, elt->next); - - nat44_free_session_data (sm, s, thread_index, 0); - nat44_delete_session (sm, s, thread_index); - } -} - -static_always_inline int -nat44_user_del (ip4_address_t * addr, u32 fib_index) -{ - int rv = 1; - - snat_main_t *sm = &snat_main; - snat_main_per_thread_data_t *tsm; - - snat_user_key_t user_key; - clib_bihash_kv_8_8_t kv, value; - - if (sm->endpoint_dependent) - return rv; - - user_key.addr.as_u32 = addr->as_u32; - user_key.fib_index = fib_index; - kv.key = user_key.as_u64; - - if (sm->num_workers > 1) - { - /* *INDENT-OFF* */ - vec_foreach (tsm, sm->per_thread_data) - { - if (!clib_bihash_search_8_8 (&tsm->user_hash, &kv, &value)) - { - nat44_user_del_sessions ( - pool_elt_at_index (tsm->users, value.value), - tsm->thread_index); - rv = 0; - break; - } - } - /* *INDENT-ON* */ - } - else - { - tsm = vec_elt_at_index (sm->per_thread_data, sm->num_workers); - if (!clib_bihash_search_8_8 (&tsm->user_hash, &kv, &value)) - { - nat44_user_del_sessions (pool_elt_at_index - (tsm->users, value.value), - tsm->thread_index); - rv = 0; - } - } - return rv; -} - #endif /* included_nat44_inlines_h__ */ /* diff --git a/src/plugins/nat/nat44_api.c b/src/plugins/nat/nat44_api.c new file mode 100644 index 00000000000..2028b3510df --- /dev/null +++ b/src/plugins/nat/nat44_api.c @@ -0,0 +1,1708 @@ +/* + * Copyright (c) 2020 Cisco and/or its affiliates. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * @file + * @brief NAT44 plugin API implementation + */ + +#define vl_api_nat44_lb_static_mapping_details_t_endian vl_noop_handler +#define vl_api_nat44_add_del_lb_static_mapping_t_endian vl_noop_handler + +#include +#include + +#include + +#include +#include + +#include + +#include +#include + +#include +#include + +#include +#include + +#define REPLY_MSG_ID_BASE sm->msg_id_base +#include + +static void +vl_api_nat_control_ping_t_handler (vl_api_nat_control_ping_t * mp) +{ + vl_api_nat_control_ping_reply_t *rmp; + snat_main_t *sm = &snat_main; + int rv = 0; + + /* *INDENT-OFF* */ + REPLY_MACRO2 (VL_API_NAT_CONTROL_PING_REPLY, + ({ + rmp->vpe_pid = ntohl (getpid ()); + })); + /* *INDENT-ON* */ +} + +static void +vl_api_nat_show_config_t_handler (vl_api_nat_show_config_t * mp) +{ + vl_api_nat_show_config_reply_t *rmp; + snat_main_t *sm = &snat_main; + int rv = 0; + + /* *INDENT-OFF* */ + REPLY_MACRO2_ZERO (VL_API_NAT_SHOW_CONFIG_REPLY, + ({ + rmp->translation_buckets = htonl (sm->translation_buckets); + rmp->user_buckets = htonl (sm->user_buckets); + rmp->max_translations_per_user = htonl (sm->max_translations_per_user); + rmp->outside_vrf_id = htonl (sm->outside_vrf_id); + rmp->inside_vrf_id = htonl (sm->inside_vrf_id); + rmp->static_mapping_only = sm->static_mapping_only; + rmp->static_mapping_connection_tracking = + sm->static_mapping_connection_tracking; + rmp->endpoint_dependent = sm->endpoint_dependent; + rmp->out2in_dpo = sm->out2in_dpo; + })); + /* *INDENT-ON* */ +} + +static void +vl_api_nat_show_config_2_t_handler (vl_api_nat_show_config_2_t * mp) +{ + vl_api_nat_show_config_2_reply_t *rmp; + snat_main_t *sm = &snat_main; + int rv = 0; + + /* *INDENT-OFF* */ + REPLY_MACRO2_ZERO (VL_API_NAT_SHOW_CONFIG_2_REPLY, + ({ + rmp->translation_buckets = htonl (sm->translation_buckets); + rmp->user_buckets = htonl (sm->user_buckets); + rmp->max_translations_per_user = htonl (sm->max_translations_per_user); + rmp->outside_vrf_id = htonl (sm->outside_vrf_id); + rmp->inside_vrf_id = htonl (sm->inside_vrf_id); + rmp->static_mapping_only = sm->static_mapping_only; + rmp->static_mapping_connection_tracking = + sm->static_mapping_connection_tracking; + rmp->endpoint_dependent = sm->endpoint_dependent; + rmp->out2in_dpo = sm->out2in_dpo; + rmp->max_translations_per_thread = clib_net_to_host_u32(sm->max_translations_per_thread); + rmp->max_users_per_thread = clib_net_to_host_u32(sm->max_users_per_thread); + })); + /* *INDENT-ON* */ +} + +static void +vl_api_nat44_show_running_config_t_handler (vl_api_nat44_show_running_config_t + * mp) +{ + vl_api_nat44_show_running_config_reply_t *rmp; + snat_main_t *sm = &snat_main; + nat44_config_t *rc = &sm->rconfig; + int rv = 0; + + /* *INDENT-OFF* */ + REPLY_MACRO2_ZERO (VL_API_NAT44_SHOW_RUNNING_CONFIG_REPLY, + ({ + rmp->inside_vrf = htonl (rc->inside_vrf); + rmp->outside_vrf = htonl (rc->outside_vrf); + rmp->users = htonl (rc->users); + rmp->sessions = htonl (rc->sessions); + rmp->user_sessions = htonl (rc->user_sessions); + + rmp->user_buckets = htonl (sm->user_buckets); + rmp->translation_buckets = htonl (sm->translation_buckets); + + if (rc->endpoint_dependent) + rmp->flags |= NAT44_IS_ENDPOINT_DEPENDENT; + else + rmp->flags |= NAT44_IS_ENDPOINT_INDEPENDENT; + + if (rc->static_mapping_only) + rmp->flags |= NAT44_IS_STATIC_MAPPING_ONLY; + if (rc->connection_tracking) + rmp->flags |= NAT44_IS_CONNECTION_TRACKING; + if (rc->out2in_dpo) + rmp->flags |= NAT44_IS_OUT2IN_DPO; + })); + /* *INDENT-ON* */ +} + +static void +vl_api_nat_set_workers_t_handler (vl_api_nat_set_workers_t * mp) +{ + snat_main_t *sm = &snat_main; + vl_api_nat_set_workers_reply_t *rmp; + int rv = 0; + uword *bitmap = 0; + u64 mask; + + mask = clib_net_to_host_u64 (mp->worker_mask); + + if (sm->num_workers < 2) + { + rv = VNET_API_ERROR_FEATURE_DISABLED; + goto send_reply; + } + + bitmap = clib_bitmap_set_multiple (bitmap, 0, mask, BITS (mask)); + rv = snat_set_workers (bitmap); + clib_bitmap_free (bitmap); + +send_reply: + REPLY_MACRO (VL_API_NAT_SET_WORKERS_REPLY); +} + +static void +send_nat_worker_details (u32 worker_index, vl_api_registration_t * reg, + u32 context) +{ + vl_api_nat_worker_details_t *rmp; + snat_main_t *sm = &snat_main; + vlib_worker_thread_t *w = + vlib_worker_threads + worker_index + sm->first_worker_index; + + rmp = vl_msg_api_alloc (sizeof (*rmp)); + clib_memset (rmp, 0, sizeof (*rmp)); + rmp->_vl_msg_id = ntohs (VL_API_NAT_WORKER_DETAILS + sm->msg_id_base); + rmp->context = context; + rmp->worker_index = htonl (worker_index); + rmp->lcore_id = htonl (w->cpu_id); + strncpy ((char *) rmp->name, (char *) w->name, ARRAY_LEN (rmp->name) - 1); + + vl_api_send_msg (reg, (u8 *) rmp); +} + +static void +vl_api_nat_worker_dump_t_handler (vl_api_nat_worker_dump_t * mp) +{ + vl_api_registration_t *reg; + snat_main_t *sm = &snat_main; + u32 *worker_index; + + reg = vl_api_client_index_to_registration (mp->client_index); + if (!reg) + return; + + /* *INDENT-OFF* */ + vec_foreach (worker_index, sm->workers) + send_nat_worker_details(*worker_index, reg, mp->context); + /* *INDENT-ON* */ +} + +static void +vl_api_nat44_session_cleanup_t_handler (vl_api_nat44_session_cleanup_t * mp) +{ + snat_main_t *sm = &snat_main; + vl_api_nat44_session_cleanup_reply_t *rmp; + int rv = 0; + REPLY_MACRO (VL_API_NAT44_SESSION_CLEANUP_REPLY); +} + +static void +vl_api_nat44_set_session_limit_t_handler (vl_api_nat44_set_session_limit_t * + mp) +{ + snat_main_t *sm = &snat_main; + vl_api_nat44_set_session_limit_reply_t *rmp; + int rv = 0; + + rv = nat44_set_session_limit + (ntohl (mp->session_limit), ntohl (mp->vrf_id)); + + REPLY_MACRO (VL_API_NAT44_SET_SESSION_LIMIT_REPLY); +} + +static void +vl_api_nat_set_log_level_t_handler (vl_api_nat_set_log_level_t * mp) +{ + snat_main_t *sm = &snat_main; + vl_api_nat_set_log_level_reply_t *rmp; + int rv = 0; + + if (sm->log_level > NAT_LOG_DEBUG) + rv = VNET_API_ERROR_UNSUPPORTED; + else + sm->log_level = mp->log_level; + + REPLY_MACRO (VL_API_NAT_SET_WORKERS_REPLY); +} + +static void + vl_api_nat44_plugin_enable_disable_t_handler + (vl_api_nat44_plugin_enable_disable_t * mp) +{ + snat_main_t *sm = &snat_main; + nat44_config_t c = { 0 }; + vl_api_nat44_plugin_enable_disable_reply_t *rmp; + int rv = 0; + + if (mp->enable) + { + c.endpoint_dependent = mp->flags & NAT44_API_IS_ENDPOINT_DEPENDENT; + c.static_mapping_only = mp->flags & NAT44_API_IS_STATIC_MAPPING_ONLY; + c.connection_tracking = mp->flags & NAT44_API_IS_CONNECTION_TRACKING; + c.out2in_dpo = mp->flags & NAT44_API_IS_OUT2IN_DPO; + + c.inside_vrf = ntohl (mp->inside_vrf); + c.outside_vrf = ntohl (mp->outside_vrf); + + c.users = ntohl (mp->users); + + c.sessions = ntohl (mp->sessions); + + c.user_sessions = ntohl (mp->user_sessions); + + rv = nat44_plugin_enable (c); + } + else + rv = nat44_plugin_disable (); + + REPLY_MACRO (VL_API_NAT44_PLUGIN_ENABLE_DISABLE_REPLY); +} + +static void +vl_api_nat_ipfix_enable_disable_t_handler (vl_api_nat_ipfix_enable_disable_t * + mp) +{ + snat_main_t *sm = &snat_main; + vl_api_nat_ipfix_enable_disable_reply_t *rmp; + int rv = 0; + + rv = nat_ipfix_logging_enable_disable (mp->enable, + clib_host_to_net_u32 + (mp->domain_id), + clib_host_to_net_u16 (mp->src_port)); + + REPLY_MACRO (VL_API_NAT_IPFIX_ENABLE_DISABLE_REPLY); +} + +static void +vl_api_nat_set_timeouts_t_handler (vl_api_nat_set_timeouts_t * mp) +{ + snat_main_t *sm = &snat_main; + vl_api_nat_set_timeouts_reply_t *rmp; + int rv = 0; + + sm->udp_timeout = ntohl (mp->udp); + sm->tcp_established_timeout = ntohl (mp->tcp_established); + sm->tcp_transitory_timeout = ntohl (mp->tcp_transitory); + sm->icmp_timeout = ntohl (mp->icmp); + + REPLY_MACRO (VL_API_NAT_SET_TIMEOUTS_REPLY); +} + +static void +vl_api_nat_get_timeouts_t_handler (vl_api_nat_get_timeouts_t * mp) +{ + snat_main_t *sm = &snat_main; + vl_api_nat_get_timeouts_reply_t *rmp; + int rv = 0; + + /* *INDENT-OFF* */ + REPLY_MACRO2 (VL_API_NAT_GET_TIMEOUTS_REPLY, + ({ + rmp->udp = htonl (sm->udp_timeout); + rmp->tcp_established = htonl (sm->tcp_established_timeout); + rmp->tcp_transitory = htonl (sm->tcp_transitory_timeout); + rmp->icmp = htonl (sm->icmp_timeout); + })) + /* *INDENT-ON* */ +} + +static void + vl_api_nat_set_addr_and_port_alloc_alg_t_handler + (vl_api_nat_set_addr_and_port_alloc_alg_t * mp) +{ + snat_main_t *sm = &snat_main; + vl_api_nat_set_addr_and_port_alloc_alg_reply_t *rmp; + int rv = 0; + u16 port_start, port_end; + + switch (mp->alg) + { + case NAT_ADDR_AND_PORT_ALLOC_ALG_DEFAULT: + nat_set_alloc_addr_and_port_default (); + break; + case NAT_ADDR_AND_PORT_ALLOC_ALG_MAPE: + nat_set_alloc_addr_and_port_mape (ntohs (mp->psid), mp->psid_offset, + mp->psid_length); + break; + case NAT_ADDR_AND_PORT_ALLOC_ALG_RANGE: + port_start = ntohs (mp->start_port); + port_end = ntohs (mp->end_port); + if (port_end <= port_start) + { + rv = VNET_API_ERROR_INVALID_VALUE; + goto send_reply; + } + nat_set_alloc_addr_and_port_range (port_start, port_end); + break; + default: + rv = VNET_API_ERROR_INVALID_VALUE; + break; + } + +send_reply: + REPLY_MACRO (VL_API_NAT_SET_ADDR_AND_PORT_ALLOC_ALG_REPLY); +} + +static void + vl_api_nat_get_addr_and_port_alloc_alg_t_handler + (vl_api_nat_get_addr_and_port_alloc_alg_t * mp) +{ + snat_main_t *sm = &snat_main; + vl_api_nat_get_addr_and_port_alloc_alg_reply_t *rmp; + int rv = 0; + + /* *INDENT-OFF* */ + REPLY_MACRO2 (VL_API_NAT_GET_ADDR_AND_PORT_ALLOC_ALG_REPLY, + ({ + rmp->alg = sm->addr_and_port_alloc_alg; + rmp->psid_offset = sm->psid_offset; + rmp->psid_length = sm->psid_length; + rmp->psid = htons (sm->psid); + rmp->start_port = htons (sm->start_port); + rmp->end_port = htons (sm->end_port); + })) + /* *INDENT-ON* */ +} + +static void +vl_api_nat_set_mss_clamping_t_handler (vl_api_nat_set_mss_clamping_t * mp) +{ + snat_main_t *sm = &snat_main; + vl_api_nat_set_mss_clamping_reply_t *rmp; + int rv = 0; + + if (mp->enable) + sm->mss_clamping = ntohs (mp->mss_value); + else + sm->mss_clamping = 0; + + REPLY_MACRO (VL_API_NAT_SET_MSS_CLAMPING_REPLY); +} + +static void +vl_api_nat_get_mss_clamping_t_handler (vl_api_nat_get_mss_clamping_t * mp) +{ + snat_main_t *sm = &snat_main; + vl_api_nat_get_mss_clamping_reply_t *rmp; + int rv = 0; + + /* *INDENT-OFF* */ + REPLY_MACRO2 (VL_API_NAT_GET_MSS_CLAMPING_REPLY, + ({ + rmp->enable = sm->mss_clamping ? 1 : 0; + rmp->mss_value = htons (sm->mss_clamping); + })) + /* *INDENT-ON* */ +} + +static void +vl_api_nat_ha_set_listener_t_handler (vl_api_nat_ha_set_listener_t * mp) +{ + snat_main_t *sm = &snat_main; + vl_api_nat_ha_set_listener_reply_t *rmp; + ip4_address_t addr; + int rv; + + memcpy (&addr, &mp->ip_address, sizeof (addr)); + rv = + nat_ha_set_listener (&addr, clib_net_to_host_u16 (mp->port), + clib_net_to_host_u32 (mp->path_mtu)); + + REPLY_MACRO (VL_API_NAT_HA_SET_LISTENER_REPLY); +} + +static void +vl_api_nat_ha_get_listener_t_handler (vl_api_nat_ha_get_listener_t * mp) +{ + snat_main_t *sm = &snat_main; + vl_api_nat_ha_get_listener_reply_t *rmp; + int rv = 0; + ip4_address_t addr; + u16 port; + u32 path_mtu; + + nat_ha_get_listener (&addr, &port, &path_mtu); + + /* *INDENT-OFF* */ + REPLY_MACRO2 (VL_API_NAT_HA_GET_LISTENER_REPLY, + ({ + clib_memcpy (rmp->ip_address, &addr, sizeof (ip4_address_t)); + rmp->port = clib_host_to_net_u16 (port); + rmp->path_mtu = clib_host_to_net_u32 (path_mtu); + })) + /* *INDENT-ON* */ +} + +static void +vl_api_nat_ha_set_failover_t_handler (vl_api_nat_ha_set_failover_t * mp) +{ + snat_main_t *sm = &snat_main; + vl_api_nat_ha_set_failover_reply_t *rmp; + ip4_address_t addr; + int rv; + + memcpy (&addr, &mp->ip_address, sizeof (addr)); + rv = + nat_ha_set_failover (&addr, clib_net_to_host_u16 (mp->port), + clib_net_to_host_u32 (mp->session_refresh_interval)); + + REPLY_MACRO (VL_API_NAT_HA_SET_FAILOVER_REPLY); +} + +static void +vl_api_nat_ha_get_failover_t_handler (vl_api_nat_ha_get_failover_t * mp) +{ + snat_main_t *sm = &snat_main; + vl_api_nat_ha_get_failover_reply_t *rmp; + int rv = 0; + ip4_address_t addr; + u16 port; + u32 session_refresh_interval; + + nat_ha_get_failover (&addr, &port, &session_refresh_interval); + + /* *INDENT-OFF* */ + REPLY_MACRO2 (VL_API_NAT_HA_GET_FAILOVER_REPLY, + ({ + clib_memcpy (rmp->ip_address, &addr, sizeof (ip4_address_t)); + rmp->port = clib_host_to_net_u16 (port); + rmp->session_refresh_interval = clib_host_to_net_u32 (session_refresh_interval); + })) + /* *INDENT-ON* */ +} + +static void +vl_api_nat_ha_flush_t_handler (vl_api_nat_ha_flush_t * mp) +{ + snat_main_t *sm = &snat_main; + vl_api_nat_ha_flush_reply_t *rmp; + int rv = 0; + + nat_ha_flush (0); + + REPLY_MACRO (VL_API_NAT_HA_FLUSH_REPLY); +} + +static void +nat_ha_resync_completed_event_cb (u32 client_index, u32 pid, u32 missed_count) +{ + snat_main_t *sm = &snat_main; + vl_api_registration_t *reg; + vl_api_nat_ha_resync_completed_event_t *mp; + + reg = vl_api_client_index_to_registration (client_index); + if (!reg) + return; + + mp = vl_msg_api_alloc (sizeof (*mp)); + clib_memset (mp, 0, sizeof (*mp)); + mp->client_index = client_index; + mp->pid = pid; + mp->missed_count = clib_host_to_net_u32 (missed_count); + mp->_vl_msg_id = + ntohs (VL_API_NAT_HA_RESYNC_COMPLETED_EVENT + sm->msg_id_base); + + vl_api_send_msg (reg, (u8 *) mp); +} + +static void +vl_api_nat_ha_resync_t_handler (vl_api_nat_ha_resync_t * mp) +{ + snat_main_t *sm = &snat_main; + vl_api_nat_ha_resync_reply_t *rmp; + int rv; + + rv = + nat_ha_resync (mp->client_index, mp->pid, + mp->want_resync_event ? nat_ha_resync_completed_event_cb : + NULL); + + REPLY_MACRO (VL_API_NAT_HA_RESYNC_REPLY); +} + +static void +vl_api_nat44_del_user_t_handler (vl_api_nat44_del_user_t * mp) +{ + snat_main_t *sm = &snat_main; + vl_api_nat44_del_user_reply_t *rmp; + ip4_address_t addr; + int rv; + memcpy (&addr.as_u8, mp->ip_address, 4); + rv = nat44_ei_user_del (&addr, ntohl (mp->fib_index)); + REPLY_MACRO (VL_API_NAT44_DEL_USER_REPLY); +} + +static void + vl_api_nat44_add_del_address_range_t_handler + (vl_api_nat44_add_del_address_range_t * mp) +{ + snat_main_t *sm = &snat_main; + vl_api_nat44_add_del_address_range_reply_t *rmp; + ip4_address_t this_addr; + u8 is_add, twice_nat; + u32 start_host_order, end_host_order; + u32 vrf_id; + int i, count; + int rv = 0; + u32 *tmp; + + if (sm->static_mapping_only) + { + rv = VNET_API_ERROR_FEATURE_DISABLED; + goto send_reply; + } + + is_add = mp->is_add; + twice_nat = mp->flags & NAT_API_IS_TWICE_NAT; + + tmp = (u32 *) mp->first_ip_address; + start_host_order = clib_host_to_net_u32 (tmp[0]); + tmp = (u32 *) mp->last_ip_address; + end_host_order = clib_host_to_net_u32 (tmp[0]); + + count = (end_host_order - start_host_order) + 1; + + vrf_id = clib_host_to_net_u32 (mp->vrf_id); + + if (count > 1024) + nat_log_info ("%U - %U, %d addresses...", + format_ip4_address, mp->first_ip_address, + format_ip4_address, mp->last_ip_address, count); + + memcpy (&this_addr.as_u8, mp->first_ip_address, 4); + + for (i = 0; i < count; i++) + { + if (is_add) + rv = snat_add_address (sm, &this_addr, vrf_id, twice_nat); + else + rv = snat_del_address (sm, this_addr, 0, twice_nat); + + if (rv) + goto send_reply; + + if (sm->out2in_dpo) + nat44_add_del_address_dpo (this_addr, is_add); + + increment_v4_address (&this_addr); + } + +send_reply: + REPLY_MACRO (VL_API_NAT44_ADD_DEL_ADDRESS_RANGE_REPLY); +} + +static void +send_nat44_address_details (snat_address_t * a, + vl_api_registration_t * reg, u32 context, + u8 twice_nat) +{ + vl_api_nat44_address_details_t *rmp; + snat_main_t *sm = &snat_main; + + rmp = vl_msg_api_alloc (sizeof (*rmp)); + clib_memset (rmp, 0, sizeof (*rmp)); + rmp->_vl_msg_id = ntohs (VL_API_NAT44_ADDRESS_DETAILS + sm->msg_id_base); + clib_memcpy (rmp->ip_address, &(a->addr), 4); + if (a->fib_index != ~0) + { + fib_table_t *fib = fib_table_get (a->fib_index, FIB_PROTOCOL_IP4); + rmp->vrf_id = ntohl (fib->ft_table_id); + } + else + rmp->vrf_id = ~0; + if (twice_nat) + rmp->flags |= NAT_API_IS_TWICE_NAT; + rmp->context = context; + + vl_api_send_msg (reg, (u8 *) rmp); +} + +static void +vl_api_nat44_address_dump_t_handler (vl_api_nat44_address_dump_t * mp) +{ + vl_api_registration_t *reg; + snat_main_t *sm = &snat_main; + snat_address_t *a; + + reg = vl_api_client_index_to_registration (mp->client_index); + if (!reg) + return; + + /* *INDENT-OFF* */ + vec_foreach (a, sm->addresses) + send_nat44_address_details (a, reg, mp->context, 0); + vec_foreach (a, sm->twice_nat_addresses) + send_nat44_address_details (a, reg, mp->context, 1); + /* *INDENT-ON* */ +} + +static void + vl_api_nat44_interface_add_del_feature_t_handler + (vl_api_nat44_interface_add_del_feature_t * mp) +{ + snat_main_t *sm = &snat_main; + vl_api_nat44_interface_add_del_feature_reply_t *rmp; + u32 sw_if_index = ntohl (mp->sw_if_index); + u8 is_del; + int rv = 0; + + is_del = !mp->is_add; + + VALIDATE_SW_IF_INDEX (mp); + + rv = + snat_interface_add_del (sw_if_index, mp->flags & NAT_API_IS_INSIDE, + is_del); + + BAD_SW_IF_INDEX_LABEL; + + REPLY_MACRO (VL_API_NAT44_INTERFACE_ADD_DEL_FEATURE_REPLY); +} + +static void +send_nat44_interface_details (snat_interface_t * i, + vl_api_registration_t * reg, u32 context) +{ + vl_api_nat44_interface_details_t *rmp; + snat_main_t *sm = &snat_main; + + rmp = vl_msg_api_alloc (sizeof (*rmp)); + clib_memset (rmp, 0, sizeof (*rmp)); + rmp->_vl_msg_id = ntohs (VL_API_NAT44_INTERFACE_DETAILS + sm->msg_id_base); + rmp->sw_if_index = ntohl (i->sw_if_index); + + if (nat_interface_is_inside (i)) + rmp->flags |= NAT_API_IS_INSIDE; + if (nat_interface_is_outside (i)) + rmp->flags |= NAT_API_IS_OUTSIDE; + + rmp->context = context; + + vl_api_send_msg (reg, (u8 *) rmp); +} + +static void +vl_api_nat44_interface_dump_t_handler (vl_api_nat44_interface_dump_t * mp) +{ + vl_api_registration_t *reg; + snat_main_t *sm = &snat_main; + snat_interface_t *i; + + reg = vl_api_client_index_to_registration (mp->client_index); + if (!reg) + return; + + /* *INDENT-OFF* */ + pool_foreach (i, sm->interfaces, + ({ + send_nat44_interface_details(i, reg, mp->context); + })); + /* *INDENT-ON* */ +} + +static void + vl_api_nat44_interface_add_del_output_feature_t_handler + (vl_api_nat44_interface_add_del_output_feature_t * mp) +{ + snat_main_t *sm = &snat_main; + vl_api_nat44_interface_add_del_output_feature_reply_t *rmp; + u32 sw_if_index = ntohl (mp->sw_if_index); + int rv = 0; + + VALIDATE_SW_IF_INDEX (mp); + + rv = snat_interface_add_del_output_feature (sw_if_index, + mp->flags & NAT_API_IS_INSIDE, + !mp->is_add); + + BAD_SW_IF_INDEX_LABEL; + REPLY_MACRO (VL_API_NAT44_INTERFACE_ADD_DEL_OUTPUT_FEATURE_REPLY); +} + +static void +send_nat44_interface_output_feature_details (snat_interface_t * i, + vl_api_registration_t * reg, + u32 context) +{ + vl_api_nat44_interface_output_feature_details_t *rmp; + snat_main_t *sm = &snat_main; + + rmp = vl_msg_api_alloc (sizeof (*rmp)); + clib_memset (rmp, 0, sizeof (*rmp)); + rmp->_vl_msg_id = + ntohs (VL_API_NAT44_INTERFACE_OUTPUT_FEATURE_DETAILS + sm->msg_id_base); + rmp->sw_if_index = ntohl (i->sw_if_index); + rmp->context = context; + + if (nat_interface_is_inside (i)) + rmp->flags |= NAT_API_IS_INSIDE; + + vl_api_send_msg (reg, (u8 *) rmp); +} + +static void + vl_api_nat44_interface_output_feature_dump_t_handler + (vl_api_nat44_interface_output_feature_dump_t * mp) +{ + vl_api_registration_t *reg; + snat_main_t *sm = &snat_main; + snat_interface_t *i; + + reg = vl_api_client_index_to_registration (mp->client_index); + if (!reg) + return; + + /* *INDENT-OFF* */ + pool_foreach (i, sm->output_feature_interfaces, + ({ + send_nat44_interface_output_feature_details(i, reg, mp->context); + })); + /* *INDENT-ON* */ +} + +static void + vl_api_nat44_add_del_static_mapping_t_handler + (vl_api_nat44_add_del_static_mapping_t * mp) +{ + snat_main_t *sm = &snat_main; + vl_api_nat44_add_del_static_mapping_reply_t *rmp; + ip4_address_t local_addr, external_addr, pool_addr = { 0 }; + u16 local_port = 0, external_port = 0; + u32 vrf_id, external_sw_if_index; + twice_nat_type_t twice_nat = TWICE_NAT_DISABLED; + int rv = 0; + nat_protocol_t proto; + u8 *tag = 0; + + memcpy (&local_addr.as_u8, mp->local_ip_address, 4); + memcpy (&external_addr.as_u8, mp->external_ip_address, 4); + + if (!(mp->flags & NAT_API_IS_ADDR_ONLY)) + { + local_port = mp->local_port; + external_port = mp->external_port; + } + + vrf_id = clib_net_to_host_u32 (mp->vrf_id); + external_sw_if_index = clib_net_to_host_u32 (mp->external_sw_if_index); + proto = ip_proto_to_nat_proto (mp->protocol); + + if (mp->flags & NAT_API_IS_TWICE_NAT) + twice_nat = TWICE_NAT; + else if (mp->flags & NAT_API_IS_SELF_TWICE_NAT) + twice_nat = TWICE_NAT_SELF; + mp->tag[sizeof (mp->tag) - 1] = 0; + tag = format (0, "%s", mp->tag); + vec_terminate_c_string (tag); + + rv = snat_add_static_mapping (local_addr, external_addr, local_port, + external_port, vrf_id, + mp->flags & NAT_API_IS_ADDR_ONLY, + external_sw_if_index, proto, + mp->is_add, twice_nat, + mp->flags & NAT_API_IS_OUT2IN_ONLY, tag, 0, + pool_addr, 0); + vec_free (tag); + + REPLY_MACRO (VL_API_NAT44_ADD_DEL_STATIC_MAPPING_REPLY); +} + +static void + vl_api_nat44_add_del_static_mapping_v2_t_handler + (vl_api_nat44_add_del_static_mapping_v2_t * mp) +{ + snat_main_t *sm = &snat_main; + vl_api_nat44_add_del_static_mapping_v2_reply_t *rmp; + ip4_address_t local_addr, external_addr, pool_addr; + u16 local_port = 0, external_port = 0; + u32 vrf_id, external_sw_if_index; + twice_nat_type_t twice_nat = TWICE_NAT_DISABLED; + int rv = 0; + nat_protocol_t proto; + u8 *tag = 0; + + memcpy (&pool_addr.as_u8, mp->pool_ip_address, 4); + memcpy (&local_addr.as_u8, mp->local_ip_address, 4); + memcpy (&external_addr.as_u8, mp->external_ip_address, 4); + + if (!(mp->flags & NAT_API_IS_ADDR_ONLY)) + { + local_port = mp->local_port; + external_port = mp->external_port; + } + + vrf_id = clib_net_to_host_u32 (mp->vrf_id); + external_sw_if_index = clib_net_to_host_u32 (mp->external_sw_if_index); + proto = ip_proto_to_nat_proto (mp->protocol); + + if (mp->flags & NAT_API_IS_TWICE_NAT) + twice_nat = TWICE_NAT; + else if (mp->flags & NAT_API_IS_SELF_TWICE_NAT) + twice_nat = TWICE_NAT_SELF; + mp->tag[sizeof (mp->tag) - 1] = 0; + tag = format (0, "%s", mp->tag); + vec_terminate_c_string (tag); + + rv = snat_add_static_mapping (local_addr, external_addr, local_port, + external_port, vrf_id, + mp->flags & NAT_API_IS_ADDR_ONLY, + external_sw_if_index, proto, + mp->is_add, twice_nat, + mp->flags & NAT_API_IS_OUT2IN_ONLY, tag, 0, + pool_addr, mp->match_pool); + vec_free (tag); + + REPLY_MACRO (VL_API_NAT44_ADD_DEL_STATIC_MAPPING_V2_REPLY); +} + +static void +send_nat44_static_mapping_details (snat_static_mapping_t * m, + vl_api_registration_t * reg, u32 context) +{ + vl_api_nat44_static_mapping_details_t *rmp; + snat_main_t *sm = &snat_main; + u32 len = sizeof (*rmp); + + rmp = vl_msg_api_alloc (len); + clib_memset (rmp, 0, len); + rmp->_vl_msg_id = + ntohs (VL_API_NAT44_STATIC_MAPPING_DETAILS + sm->msg_id_base); + + clib_memcpy (rmp->local_ip_address, &(m->local_addr), 4); + clib_memcpy (rmp->external_ip_address, &(m->external_addr), 4); + rmp->external_sw_if_index = ~0; + rmp->vrf_id = htonl (m->vrf_id); + rmp->context = context; + + if (m->twice_nat == TWICE_NAT) + rmp->flags |= NAT_API_IS_TWICE_NAT; + else if (m->twice_nat == TWICE_NAT_SELF) + rmp->flags |= NAT_API_IS_SELF_TWICE_NAT; + + if (is_out2in_only_static_mapping (m)) + rmp->flags |= NAT_API_IS_OUT2IN_ONLY; + + if (is_addr_only_static_mapping (m)) + { + rmp->flags |= NAT_API_IS_ADDR_ONLY; + } + else + { + rmp->protocol = nat_proto_to_ip_proto (m->proto); + rmp->external_port = m->external_port; + rmp->local_port = m->local_port; + } + + if (m->tag) + strncpy ((char *) rmp->tag, (char *) m->tag, vec_len (m->tag)); + + vl_api_send_msg (reg, (u8 *) rmp); +} + +static void +send_nat44_static_map_resolve_details (snat_static_map_resolve_t * m, + vl_api_registration_t * reg, + u32 context) +{ + vl_api_nat44_static_mapping_details_t *rmp; + snat_main_t *sm = &snat_main; + + rmp = vl_msg_api_alloc (sizeof (*rmp)); + clib_memset (rmp, 0, sizeof (*rmp)); + rmp->_vl_msg_id = + ntohs (VL_API_NAT44_STATIC_MAPPING_DETAILS + sm->msg_id_base); + clib_memcpy (rmp->local_ip_address, &(m->l_addr), 4); + rmp->external_sw_if_index = htonl (m->sw_if_index); + rmp->vrf_id = htonl (m->vrf_id); + rmp->context = context; + + if (m->twice_nat) + rmp->flags |= NAT_API_IS_TWICE_NAT; + + if (m->addr_only) + { + rmp->flags |= NAT_API_IS_ADDR_ONLY; + } + else + { + rmp->protocol = nat_proto_to_ip_proto (m->proto); + rmp->external_port = m->e_port; + rmp->local_port = m->l_port; + } + if (m->tag) + strncpy ((char *) rmp->tag, (char *) m->tag, vec_len (m->tag)); + + vl_api_send_msg (reg, (u8 *) rmp); +} + +static void +vl_api_nat44_static_mapping_dump_t_handler (vl_api_nat44_static_mapping_dump_t + * mp) +{ + vl_api_registration_t *reg; + snat_main_t *sm = &snat_main; + snat_static_mapping_t *m; + snat_static_map_resolve_t *rp; + int j; + + reg = vl_api_client_index_to_registration (mp->client_index); + if (!reg) + return; + + /* *INDENT-OFF* */ + pool_foreach (m, sm->static_mappings, + ({ + if (!is_identity_static_mapping(m) && !is_lb_static_mapping (m)) + send_nat44_static_mapping_details (m, reg, mp->context); + })); + /* *INDENT-ON* */ + + for (j = 0; j < vec_len (sm->to_resolve); j++) + { + rp = sm->to_resolve + j; + if (!rp->identity_nat) + send_nat44_static_map_resolve_details (rp, reg, mp->context); + } +} + +static void + vl_api_nat44_add_del_identity_mapping_t_handler + (vl_api_nat44_add_del_identity_mapping_t * mp) +{ + snat_main_t *sm = &snat_main; + vl_api_nat44_add_del_identity_mapping_reply_t *rmp; + ip4_address_t addr, pool_addr = { 0 }; + u16 port = 0; + u32 vrf_id, sw_if_index; + int rv = 0; + nat_protocol_t proto = NAT_PROTOCOL_OTHER; + u8 *tag = 0; + + if (!(mp->flags & NAT_API_IS_ADDR_ONLY)) + { + port = mp->port; + proto = ip_proto_to_nat_proto (mp->protocol); + } + vrf_id = clib_net_to_host_u32 (mp->vrf_id); + sw_if_index = clib_net_to_host_u32 (mp->sw_if_index); + if (sw_if_index != ~0) + addr.as_u32 = 0; + else + memcpy (&addr.as_u8, mp->ip_address, 4); + mp->tag[sizeof (mp->tag) - 1] = 0; + tag = format (0, "%s", mp->tag); + vec_terminate_c_string (tag); + + rv = + snat_add_static_mapping (addr, addr, port, port, vrf_id, + mp->flags & NAT_API_IS_ADDR_ONLY, sw_if_index, + proto, mp->is_add, 0, 0, tag, 1, pool_addr, 0); + vec_free (tag); + + REPLY_MACRO (VL_API_NAT44_ADD_DEL_IDENTITY_MAPPING_REPLY); +} + +static void +send_nat44_identity_mapping_details (snat_static_mapping_t * m, int index, + vl_api_registration_t * reg, u32 context) +{ + vl_api_nat44_identity_mapping_details_t *rmp; + snat_main_t *sm = &snat_main; + nat44_lb_addr_port_t *local = pool_elt_at_index (m->locals, index); + + rmp = vl_msg_api_alloc (sizeof (*rmp)); + clib_memset (rmp, 0, sizeof (*rmp)); + rmp->_vl_msg_id = + ntohs (VL_API_NAT44_IDENTITY_MAPPING_DETAILS + sm->msg_id_base); + + if (is_addr_only_static_mapping (m)) + rmp->flags |= NAT_API_IS_ADDR_ONLY; + + clib_memcpy (rmp->ip_address, &(m->local_addr), 4); + rmp->port = m->local_port; + rmp->sw_if_index = ~0; + rmp->vrf_id = htonl (local->vrf_id); + rmp->protocol = nat_proto_to_ip_proto (m->proto); + rmp->context = context; + if (m->tag) + strncpy ((char *) rmp->tag, (char *) m->tag, vec_len (m->tag)); + + vl_api_send_msg (reg, (u8 *) rmp); +} + +static void +send_nat44_identity_map_resolve_details (snat_static_map_resolve_t * m, + vl_api_registration_t * reg, + u32 context) +{ + vl_api_nat44_identity_mapping_details_t *rmp; + snat_main_t *sm = &snat_main; + + rmp = vl_msg_api_alloc (sizeof (*rmp)); + clib_memset (rmp, 0, sizeof (*rmp)); + rmp->_vl_msg_id = + ntohs (VL_API_NAT44_IDENTITY_MAPPING_DETAILS + sm->msg_id_base); + + if (m->addr_only) + rmp->flags = (vl_api_nat_config_flags_t) NAT_API_IS_ADDR_ONLY; + + rmp->port = m->l_port; + rmp->sw_if_index = htonl (m->sw_if_index); + rmp->vrf_id = htonl (m->vrf_id); + rmp->protocol = nat_proto_to_ip_proto (m->proto); + rmp->context = context; + if (m->tag) + strncpy ((char *) rmp->tag, (char *) m->tag, vec_len (m->tag)); + + vl_api_send_msg (reg, (u8 *) rmp); +} + +static void + vl_api_nat44_identity_mapping_dump_t_handler + (vl_api_nat44_identity_mapping_dump_t * mp) +{ + vl_api_registration_t *reg; + snat_main_t *sm = &snat_main; + snat_static_mapping_t *m; + snat_static_map_resolve_t *rp; + int j; + + reg = vl_api_client_index_to_registration (mp->client_index); + if (!reg) + return; + + /* *INDENT-OFF* */ + pool_foreach (m, sm->static_mappings, + ({ + if (is_identity_static_mapping(m) && !is_lb_static_mapping (m)) + { + pool_foreach_index (j, m->locals, + ({ + send_nat44_identity_mapping_details (m, j, reg, mp->context); + })); + } + })); + /* *INDENT-ON* */ + + for (j = 0; j < vec_len (sm->to_resolve); j++) + { + rp = sm->to_resolve + j; + if (rp->identity_nat) + send_nat44_identity_map_resolve_details (rp, reg, mp->context); + } +} + +static void + vl_api_nat44_add_del_interface_addr_t_handler + (vl_api_nat44_add_del_interface_addr_t * mp) +{ + snat_main_t *sm = &snat_main; + vl_api_nat44_add_del_interface_addr_reply_t *rmp; + u32 sw_if_index = ntohl (mp->sw_if_index); + int rv = 0; + u8 is_del; + + is_del = !mp->is_add; + + VALIDATE_SW_IF_INDEX (mp); + + rv = snat_add_interface_address (sm, sw_if_index, is_del, + mp->flags & NAT_API_IS_TWICE_NAT); + + BAD_SW_IF_INDEX_LABEL; + REPLY_MACRO (VL_API_NAT44_ADD_DEL_INTERFACE_ADDR_REPLY); +} + +static void +send_nat44_interface_addr_details (u32 sw_if_index, + vl_api_registration_t * reg, u32 context, + u8 twice_nat) +{ + vl_api_nat44_interface_addr_details_t *rmp; + snat_main_t *sm = &snat_main; + + rmp = vl_msg_api_alloc (sizeof (*rmp)); + clib_memset (rmp, 0, sizeof (*rmp)); + rmp->_vl_msg_id = + ntohs (VL_API_NAT44_INTERFACE_ADDR_DETAILS + sm->msg_id_base); + rmp->sw_if_index = ntohl (sw_if_index); + + if (twice_nat) + rmp->flags = (vl_api_nat_config_flags_t) NAT_API_IS_TWICE_NAT; + rmp->context = context; + + vl_api_send_msg (reg, (u8 *) rmp); +} + +static void +vl_api_nat44_interface_addr_dump_t_handler (vl_api_nat44_interface_addr_dump_t + * mp) +{ + vl_api_registration_t *reg; + snat_main_t *sm = &snat_main; + u32 *i; + + reg = vl_api_client_index_to_registration (mp->client_index); + if (!reg) + return; + + /* *INDENT-OFF* */ + vec_foreach (i, sm->auto_add_sw_if_indices) + send_nat44_interface_addr_details(*i, reg, mp->context, 0); + vec_foreach (i, sm->auto_add_sw_if_indices_twice_nat) + send_nat44_interface_addr_details(*i, reg, mp->context, 1); + /* *INDENT-ON* */ +} + +static void +send_nat44_user_details (snat_user_t * u, vl_api_registration_t * reg, + u32 context) +{ + vl_api_nat44_user_details_t *rmp; + snat_main_t *sm = &snat_main; + ip4_main_t *im = &ip4_main; + + rmp = vl_msg_api_alloc (sizeof (*rmp)); + clib_memset (rmp, 0, sizeof (*rmp)); + rmp->_vl_msg_id = ntohs (VL_API_NAT44_USER_DETAILS + sm->msg_id_base); + + if (!pool_is_free_index (im->fibs, u->fib_index)) + { + fib_table_t *fib = fib_table_get (u->fib_index, FIB_PROTOCOL_IP4); + rmp->vrf_id = ntohl (fib->ft_table_id); + } + + clib_memcpy (rmp->ip_address, &(u->addr), 4); + rmp->nsessions = ntohl (u->nsessions); + rmp->nstaticsessions = ntohl (u->nstaticsessions); + rmp->context = context; + + vl_api_send_msg (reg, (u8 *) rmp); +} + +static void +nat_ed_user_create_helper (snat_main_per_thread_data_t * tsm, + snat_session_t * s) +{ + snat_user_key_t k; + k.addr = s->in2out.addr; + k.fib_index = s->in2out.fib_index; + clib_bihash_kv_8_8_t key, value; + key.key = k.as_u64; + snat_user_t *u; + if (clib_bihash_search_8_8 (&tsm->user_hash, &key, &value)) + { + pool_get (tsm->users, u); + u->addr = k.addr; + u->fib_index = k.fib_index; + u->nsessions = 0; + u->nstaticsessions = 0; + key.value = u - tsm->users; + clib_bihash_add_del_8_8 (&tsm->user_hash, &key, 1); + } + else + { + u = pool_elt_at_index (tsm->users, value.value); + } + if (snat_is_session_static (s)) + { + ++u->nstaticsessions; + } + else + { + ++u->nsessions; + } +} + +static void +nat_ed_users_create (snat_main_per_thread_data_t * tsm) +{ + snat_session_t *s; + /* *INDENT-OFF* */ + pool_foreach (s, tsm->sessions, { nat_ed_user_create_helper (tsm, s); }); + /* *INDENT-ON* */ +} + +static void +nat_ed_users_destroy (snat_main_per_thread_data_t * tsm) +{ + snat_user_t *u; + /* *INDENT-OFF* */ + pool_flush (u, tsm->users, { }); + /* *INDENT-ON* */ + clib_bihash_free_8_8 (&tsm->user_hash); + clib_bihash_init_8_8 (&tsm->user_hash, "users", snat_main.user_buckets, 0); + clib_bihash_set_kvp_format_fn_8_8 (&tsm->user_hash, format_user_kvp); +} + +static void +vl_api_nat44_user_dump_t_handler (vl_api_nat44_user_dump_t * mp) +{ + vl_api_registration_t *reg; + snat_main_t *sm = &snat_main; + snat_main_per_thread_data_t *tsm; + snat_user_t *u; + + reg = vl_api_client_index_to_registration (mp->client_index); + if (!reg) + return; + + /* *INDENT-OFF* */ + vec_foreach (tsm, sm->per_thread_data) + { + if (sm->endpoint_dependent) + { + nat_ed_users_create (tsm); + } + pool_foreach (u, tsm->users, + ({ + send_nat44_user_details (u, reg, mp->context); + })); + if (sm->endpoint_dependent) + { + nat_ed_users_destroy (tsm); + } + } + /* *INDENT-ON* */ +} + +static void +send_nat44_user_session_details (snat_session_t * s, + vl_api_registration_t * reg, u32 context) +{ + vl_api_nat44_user_session_details_t *rmp; + snat_main_t *sm = &snat_main; + + rmp = vl_msg_api_alloc (sizeof (*rmp)); + clib_memset (rmp, 0, sizeof (*rmp)); + rmp->_vl_msg_id = + ntohs (VL_API_NAT44_USER_SESSION_DETAILS + sm->msg_id_base); + clib_memcpy (rmp->outside_ip_address, (&s->out2in.addr), 4); + clib_memcpy (rmp->inside_ip_address, (&s->in2out.addr), 4); + + if (snat_is_session_static (s)) + rmp->flags |= NAT_API_IS_STATIC; + + if (is_twice_nat_session (s)) + rmp->flags |= NAT_API_IS_TWICE_NAT; + + if (is_ed_session (s) || is_fwd_bypass_session (s)) + rmp->flags |= NAT_API_IS_EXT_HOST_VALID; + + rmp->last_heard = clib_host_to_net_u64 ((u64) s->last_heard); + rmp->total_bytes = clib_host_to_net_u64 (s->total_bytes); + rmp->total_pkts = ntohl (s->total_pkts); + rmp->context = context; + if (snat_is_unk_proto_session (s)) + { + rmp->outside_port = 0; + rmp->inside_port = 0; + rmp->protocol = ntohs (s->in2out.port); + } + else + { + rmp->outside_port = s->out2in.port; + rmp->inside_port = s->in2out.port; + rmp->protocol = ntohs (nat_proto_to_ip_proto (s->nat_proto)); + } + if (is_ed_session (s) || is_fwd_bypass_session (s)) + { + clib_memcpy (rmp->ext_host_address, &s->ext_host_addr, 4); + rmp->ext_host_port = s->ext_host_port; + if (is_twice_nat_session (s)) + { + clib_memcpy (rmp->ext_host_nat_address, &s->ext_host_nat_addr, 4); + rmp->ext_host_nat_port = s->ext_host_nat_port; + } + } + + vl_api_send_msg (reg, (u8 *) rmp); +} + +static void +vl_api_nat44_user_session_dump_t_handler (vl_api_nat44_user_session_dump_t * + mp) +{ + vl_api_registration_t *reg; + snat_main_t *sm = &snat_main; + snat_main_per_thread_data_t *tsm; + snat_session_t *s; + clib_bihash_kv_8_8_t key, value; + snat_user_key_t ukey; + snat_user_t *u; + u32 session_index, head_index, elt_index; + dlist_elt_t *head, *elt; + ip4_header_t ip; + + reg = vl_api_client_index_to_registration (mp->client_index); + if (!reg) + return; + + clib_memcpy (&ukey.addr, mp->ip_address, 4); + ip.src_address.as_u32 = ukey.addr.as_u32; + ukey.fib_index = fib_table_find (FIB_PROTOCOL_IP4, ntohl (mp->vrf_id)); + key.key = ukey.as_u64; + if (sm->num_workers > 1) + tsm = + vec_elt_at_index (sm->per_thread_data, + sm->worker_in2out_cb (&ip, ukey.fib_index, 0)); + else + tsm = vec_elt_at_index (sm->per_thread_data, sm->num_workers); + if (!sm->endpoint_dependent) + { + if (clib_bihash_search_8_8 (&tsm->user_hash, &key, &value)) + return; + u = pool_elt_at_index (tsm->users, value.value); + if (!u->nsessions && !u->nstaticsessions) + return; + + head_index = u->sessions_per_user_list_head_index; + head = pool_elt_at_index (tsm->list_pool, head_index); + elt_index = head->next; + elt = pool_elt_at_index (tsm->list_pool, elt_index); + session_index = elt->value; + while (session_index != ~0) + { + s = pool_elt_at_index (tsm->sessions, session_index); + + send_nat44_user_session_details (s, reg, mp->context); + + elt_index = elt->next; + elt = pool_elt_at_index (tsm->list_pool, elt_index); + session_index = elt->value; + } + } + else + { + /* *INDENT-OFF* */ + pool_foreach (s, tsm->sessions, { + if (s->in2out.addr.as_u32 == ukey.addr.as_u32) + { + send_nat44_user_session_details (s, reg, mp->context); + } + }); + /* *INDENT-ON* */ + } +} + +static nat44_lb_addr_port_t * +unformat_nat44_lb_addr_port (vl_api_nat44_lb_addr_port_t * addr_port_pairs, + u32 addr_port_pair_num) +{ + u8 i; + nat44_lb_addr_port_t *lb_addr_port_pairs = 0, lb_addr_port; + vl_api_nat44_lb_addr_port_t *ap; + + for (i = 0; i < addr_port_pair_num; i++) + { + ap = &addr_port_pairs[i]; + clib_memset (&lb_addr_port, 0, sizeof (lb_addr_port)); + clib_memcpy (&lb_addr_port.addr, ap->addr, 4); + lb_addr_port.port = ap->port; + lb_addr_port.probability = ap->probability; + lb_addr_port.vrf_id = clib_net_to_host_u32 (ap->vrf_id); + vec_add1 (lb_addr_port_pairs, lb_addr_port); + } + + return lb_addr_port_pairs; +} + +static void + vl_api_nat44_add_del_lb_static_mapping_t_handler + (vl_api_nat44_add_del_lb_static_mapping_t * mp) +{ + snat_main_t *sm = &snat_main; + vl_api_nat44_add_del_lb_static_mapping_reply_t *rmp; + twice_nat_type_t twice_nat = TWICE_NAT_DISABLED; + int rv = 0; + nat44_lb_addr_port_t *locals = 0; + ip4_address_t e_addr; + nat_protocol_t proto; + u8 *tag = 0; + + if (!sm->endpoint_dependent) + { + rv = VNET_API_ERROR_UNSUPPORTED; + goto send_reply; + } + + locals = + unformat_nat44_lb_addr_port (mp->locals, + clib_net_to_host_u32 (mp->local_num)); + clib_memcpy (&e_addr, mp->external_addr, 4); + proto = ip_proto_to_nat_proto (mp->protocol); + + if (mp->flags & NAT_API_IS_TWICE_NAT) + twice_nat = TWICE_NAT; + else if (mp->flags & NAT_API_IS_SELF_TWICE_NAT) + twice_nat = TWICE_NAT_SELF; + mp->tag[sizeof (mp->tag) - 1] = 0; + tag = format (0, "%s", mp->tag); + vec_terminate_c_string (tag); + + rv = + nat44_add_del_lb_static_mapping (e_addr, + mp->external_port, + proto, locals, mp->is_add, + twice_nat, + mp->flags & NAT_API_IS_OUT2IN_ONLY, tag, + clib_net_to_host_u32 (mp->affinity)); + + vec_free (locals); + vec_free (tag); + +send_reply: + REPLY_MACRO (VL_API_NAT44_ADD_DEL_LB_STATIC_MAPPING_REPLY); +} + +static void + vl_api_nat44_lb_static_mapping_add_del_local_t_handler + (vl_api_nat44_lb_static_mapping_add_del_local_t * mp) +{ + snat_main_t *sm = &snat_main; + vl_api_nat44_lb_static_mapping_add_del_local_reply_t *rmp; + int rv = 0; + ip4_address_t e_addr, l_addr; + nat_protocol_t proto; + + if (!sm->endpoint_dependent) + { + rv = VNET_API_ERROR_UNSUPPORTED; + goto send_reply; + } + + clib_memcpy (&e_addr, mp->external_addr, 4); + clib_memcpy (&l_addr, mp->local.addr, 4); + proto = ip_proto_to_nat_proto (mp->protocol); + + rv = + nat44_lb_static_mapping_add_del_local (e_addr, + clib_net_to_host_u16 + (mp->external_port), l_addr, + clib_net_to_host_u16 (mp-> + local.port), + proto, + clib_net_to_host_u32 (mp-> + local.vrf_id), + mp->local.probability, mp->is_add); + +send_reply: + REPLY_MACRO (VL_API_NAT44_LB_STATIC_MAPPING_ADD_DEL_LOCAL_REPLY); +} + +static void +send_nat44_lb_static_mapping_details (snat_static_mapping_t * m, + vl_api_registration_t * reg, + u32 context) +{ + vl_api_nat44_lb_static_mapping_details_t *rmp; + snat_main_t *sm = &snat_main; + nat44_lb_addr_port_t *ap; + vl_api_nat44_lb_addr_port_t *locals; + u32 local_num = 0; + + rmp = + vl_msg_api_alloc (sizeof (*rmp) + + (pool_elts (m->locals) * + sizeof (nat44_lb_addr_port_t))); + clib_memset (rmp, 0, sizeof (*rmp)); + rmp->_vl_msg_id = + ntohs (VL_API_NAT44_LB_STATIC_MAPPING_DETAILS + sm->msg_id_base); + + clib_memcpy (rmp->external_addr, &(m->external_addr), 4); + rmp->external_port = m->external_port; + rmp->protocol = nat_proto_to_ip_proto (m->proto); + rmp->context = context; + + if (m->twice_nat == TWICE_NAT) + rmp->flags |= NAT_API_IS_TWICE_NAT; + else if (m->twice_nat == TWICE_NAT_SELF) + rmp->flags |= NAT_API_IS_SELF_TWICE_NAT; + if (is_out2in_only_static_mapping (m)) + rmp->flags |= NAT_API_IS_OUT2IN_ONLY; + if (m->tag) + strncpy ((char *) rmp->tag, (char *) m->tag, vec_len (m->tag)); + + locals = (vl_api_nat44_lb_addr_port_t *) rmp->locals; + /* *INDENT-OFF* */ + pool_foreach (ap, m->locals, + ({ + clib_memcpy (locals->addr, &(ap->addr), 4); + locals->port = ap->port; + locals->probability = ap->probability; + locals->vrf_id = ntohl (ap->vrf_id); + locals++; + local_num++; + })); + /* *INDENT-ON* */ + rmp->local_num = ntohl (local_num); + + vl_api_send_msg (reg, (u8 *) rmp); +} + +static void + vl_api_nat44_lb_static_mapping_dump_t_handler + (vl_api_nat44_lb_static_mapping_dump_t * mp) +{ + vl_api_registration_t *reg; + snat_main_t *sm = &snat_main; + snat_static_mapping_t *m; + + if (!sm->endpoint_dependent) + return; + + reg = vl_api_client_index_to_registration (mp->client_index); + if (!reg) + return; + + /* *INDENT-OFF* */ + pool_foreach (m, sm->static_mappings, + ({ + if (is_lb_static_mapping(m)) + send_nat44_lb_static_mapping_details (m, reg, mp->context); + })); + /* *INDENT-ON* */ +} + +static void +vl_api_nat44_del_session_t_handler (vl_api_nat44_del_session_t * mp) +{ + snat_main_t *sm = &snat_main; + vl_api_nat44_del_session_reply_t *rmp; + ip4_address_t addr, eh_addr; + u16 port, eh_port; + u32 vrf_id; + int rv = 0; + u8 is_in; + nat_protocol_t proto; + + memcpy (&addr.as_u8, mp->address, 4); + port = mp->port; + vrf_id = clib_net_to_host_u32 (mp->vrf_id); + proto = ip_proto_to_nat_proto (mp->protocol); + memcpy (&eh_addr.as_u8, mp->ext_host_address, 4); + eh_port = mp->ext_host_port; + + is_in = mp->flags & NAT_API_IS_INSIDE; + + if (mp->flags & NAT_API_IS_EXT_HOST_VALID) + rv = + nat44_del_ed_session (sm, &addr, port, &eh_addr, eh_port, mp->protocol, + vrf_id, is_in); + else + rv = nat44_del_session (sm, &addr, port, proto, vrf_id, is_in); + + REPLY_MACRO (VL_API_NAT44_DEL_SESSION_REPLY); +} + +static void + vl_api_nat44_forwarding_enable_disable_t_handler + (vl_api_nat44_forwarding_enable_disable_t * mp) +{ + snat_main_t *sm = &snat_main; + vl_api_nat44_forwarding_enable_disable_reply_t *rmp; + int rv = 0; + u32 *ses_to_be_removed = 0, *ses_index; + snat_main_per_thread_data_t *tsm; + snat_session_t *s; + + sm->forwarding_enabled = mp->enable != 0; + + if (mp->enable == 0) + { + /* *INDENT-OFF* */ + vec_foreach (tsm, sm->per_thread_data) + { + pool_foreach (s, tsm->sessions, + ({ + if (is_fwd_bypass_session(s)) + { + vec_add1 (ses_to_be_removed, s - tsm->sessions); + } + })); + if(sm->endpoint_dependent){ + vec_foreach (ses_index, ses_to_be_removed) + { + s = pool_elt_at_index(tsm->sessions, ses_index[0]); + nat_free_session_data (sm, s, tsm - sm->per_thread_data, 0); + nat_ed_session_delete (sm, s, tsm - sm->per_thread_data, 1); + } + }else{ + vec_foreach (ses_index, ses_to_be_removed) + { + s = pool_elt_at_index(tsm->sessions, ses_index[0]); + nat_free_session_data (sm, s, tsm - sm->per_thread_data, 0); + nat44_delete_session (sm, s, tsm - sm->per_thread_data); + } + } + vec_free (ses_to_be_removed); + } + /* *INDENT-ON* */ + } + + REPLY_MACRO (VL_API_NAT44_FORWARDING_ENABLE_DISABLE_REPLY); +} + +static void + vl_api_nat44_forwarding_is_enabled_t_handler + (vl_api_nat44_forwarding_is_enabled_t * mp) +{ + vl_api_registration_t *reg; + snat_main_t *sm = &snat_main; + vl_api_nat44_forwarding_is_enabled_reply_t *rmp; + + reg = vl_api_client_index_to_registration (mp->client_index); + if (!reg) + return; + + rmp = vl_msg_api_alloc (sizeof (*rmp)); + clib_memset (rmp, 0, sizeof (*rmp)); + rmp->_vl_msg_id = + ntohs (VL_API_NAT44_FORWARDING_IS_ENABLED_REPLY + sm->msg_id_base); + rmp->context = mp->context; + + rmp->enabled = sm->forwarding_enabled; + + vl_api_send_msg (reg, (u8 *) rmp); +} + +/* API definitions */ +#include +#include + +/* Set up the API message handling tables */ +clib_error_t * +nat44_api_hookup (vlib_main_t * vm) +{ + snat_main_t *sm = &snat_main; + sm->msg_id_base = setup_message_id_table (); + return 0; +} + +/* + * fd.io coding-style-patch-verification: ON + * + * Local Variables: + * eval: (c-set-style "gnu") + * End: + */ diff --git a/src/plugins/nat/nat44_cli.c b/src/plugins/nat/nat44_cli.c index 9db7db6ef22..695e8cc142e 100644 --- a/src/plugins/nat/nat44_cli.c +++ b/src/plugins/nat/nat44_cli.c @@ -1696,11 +1696,11 @@ nat44_del_user_command_fn (vlib_main_t * vm, } } - rv = nat44_user_del (&addr, fib_index); + rv = nat44_ei_user_del (&addr, fib_index); if (!rv) { - error = clib_error_return (0, "nat44_user_del returned %d", rv); + error = clib_error_return (0, "nat44_ei_user_del returned %d", rv); } done: diff --git a/src/plugins/nat/nat_all_api_h.h b/src/plugins/nat/nat_all_api_h.h deleted file mode 100644 index f011a089b09..00000000000 --- a/src/plugins/nat/nat_all_api_h.h +++ /dev/null @@ -1,24 +0,0 @@ - -/* - * nat_all_api_h.h - skeleton vpp engine plug-in api #include file - * - * Copyright (c) - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at: - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/* Include the generated file, see BUILT_SOURCES in Makefile.am */ - -#ifdef vl_printfun -#include -#endif - -#include diff --git a/src/plugins/nat/nat_api.c b/src/plugins/nat/nat_api.c deleted file mode 100644 index 933d3a2c2e5..00000000000 --- a/src/plugins/nat/nat_api.c +++ /dev/null @@ -1,2422 +0,0 @@ -/* - * Copyright (c) 2017 Cisco and/or its affiliates. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at: - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/** - * @file - * @brief NAT plugin API implementation - */ - -#include -#include -#include -#include -#include -#include -#include - -#include -#include -#include -#include -#include - -#define vl_api_nat44_add_del_lb_static_mapping_t_endian vl_noop_handler -#define vl_api_nat44_nat44_lb_static_mapping_details_t_endian vl_noop_handler - -/* define message structures */ -#define vl_typedefs -#include -#undef vl_typedefs - -/* define generated endian-swappers */ -#define vl_endianfun -#include -#undef vl_endianfun - -#define vl_print(handle, ...) vlib_cli_output (handle, __VA_ARGS__) - -#define REPLY_MSG_ID_BASE sm->msg_id_base -#include - -/* Get the API version number */ -#define vl_api_version(n,v) static u32 api_version=(v); -#include -#undef vl_api_version - -/* Macro to finish up custom dump fns */ -#define FINISH \ - vec_add1 (s, 0); \ - vl_print (handle, (char *)s); \ - vec_free (s); \ - return handle; - -/******************************/ -/*** Common NAT plugin APIs ***/ -/******************************/ - -static void -vl_api_nat_control_ping_t_handler (vl_api_nat_control_ping_t * mp) -{ - vl_api_nat_control_ping_reply_t *rmp; - snat_main_t *sm = &snat_main; - int rv = 0; - - /* *INDENT-OFF* */ - REPLY_MACRO2 (VL_API_NAT_CONTROL_PING_REPLY, - ({ - rmp->vpe_pid = ntohl (getpid ()); - })); - /* *INDENT-ON* */ -} - -static void * -vl_api_nat_control_ping_t_print (vl_api_nat_control_ping_t * mp, void *handle) -{ - u8 *s; - - s = format (0, "SCRIPT: nat_control_ping "); - - FINISH; -} - -static void -vl_api_nat_show_config_t_handler (vl_api_nat_show_config_t * mp) -{ - vl_api_nat_show_config_reply_t *rmp; - snat_main_t *sm = &snat_main; - int rv = 0; - - /* *INDENT-OFF* */ - REPLY_MACRO2 (VL_API_NAT_SHOW_CONFIG_REPLY, - ({ - rmp->translation_buckets = htonl (sm->translation_buckets); - rmp->translation_memory_size = 0; - rmp->user_buckets = htonl (sm->user_buckets); - rmp->user_memory_size = 0; - rmp->max_translations_per_user = htonl (sm->max_translations_per_user); - rmp->outside_vrf_id = htonl (sm->outside_vrf_id); - rmp->inside_vrf_id = htonl (sm->inside_vrf_id); - rmp->static_mapping_only = sm->static_mapping_only; - rmp->static_mapping_connection_tracking = - sm->static_mapping_connection_tracking; - rmp->endpoint_dependent = sm->endpoint_dependent; - rmp->out2in_dpo = sm->out2in_dpo; - // these are obsolete - rmp->dslite_ce = 0; - rmp->deterministic = 0; - rmp->nat64_bib_buckets = 0; - rmp->nat64_bib_memory_size = 0; - rmp->nat64_st_buckets = 0; - rmp->nat64_st_memory_size = 0; - })); - /* *INDENT-ON* */ -} - -static void * -vl_api_nat_show_config_t_print (vl_api_nat_show_config_t * mp, void *handle) -{ - u8 *s; - - s = format (0, "SCRIPT: nat_show_config "); - - FINISH; -} - -static void -vl_api_nat_show_config_2_t_handler (vl_api_nat_show_config_2_t * mp) -{ - vl_api_nat_show_config_2_reply_t *rmp; - snat_main_t *sm = &snat_main; - int rv = 0; - - /* *INDENT-OFF* */ - REPLY_MACRO2 (VL_API_NAT_SHOW_CONFIG_2_REPLY, - ({ - rmp->translation_buckets = htonl (sm->translation_buckets); - rmp->translation_memory_size = 0; - rmp->user_buckets = htonl (sm->user_buckets); - rmp->user_memory_size = 0; - rmp->max_translations_per_user = htonl (sm->max_translations_per_user); - rmp->outside_vrf_id = htonl (sm->outside_vrf_id); - rmp->inside_vrf_id = htonl (sm->inside_vrf_id); - rmp->static_mapping_only = sm->static_mapping_only; - rmp->static_mapping_connection_tracking = - sm->static_mapping_connection_tracking; - rmp->endpoint_dependent = sm->endpoint_dependent; - rmp->out2in_dpo = sm->out2in_dpo; - rmp->max_translations_per_thread = clib_net_to_host_u32(sm->max_translations_per_thread); - rmp->max_users_per_thread = clib_net_to_host_u32(sm->max_users_per_thread); - // these are obsolete - rmp->dslite_ce = 0; - rmp->deterministic = 0; - rmp->nat64_bib_buckets = 0; - rmp->nat64_bib_memory_size = 0; - rmp->nat64_st_buckets = 0; - rmp->nat64_st_memory_size = 0; - })); - /* *INDENT-ON* */ -} - -static void * -vl_api_nat_show_config_2_t_print (vl_api_nat_show_config_t * mp, void *handle) -{ - u8 *s; - - s = format (0, "SCRIPT: nat_show_config_2 "); - - FINISH; -} - -static void -vl_api_nat_set_workers_t_handler (vl_api_nat_set_workers_t * mp) -{ - snat_main_t *sm = &snat_main; - vl_api_nat_set_workers_reply_t *rmp; - int rv = 0; - uword *bitmap = 0; - u64 mask; - - mask = clib_net_to_host_u64 (mp->worker_mask); - - if (sm->num_workers < 2) - { - rv = VNET_API_ERROR_FEATURE_DISABLED; - goto send_reply; - } - - bitmap = clib_bitmap_set_multiple (bitmap, 0, mask, BITS (mask)); - rv = snat_set_workers (bitmap); - clib_bitmap_free (bitmap); - -send_reply: - REPLY_MACRO (VL_API_NAT_SET_WORKERS_REPLY); -} - -static void * -vl_api_nat_set_workers_t_print (vl_api_nat_set_workers_t * mp, void *handle) -{ - u8 *s; - uword *bitmap = 0; - u8 first = 1; - int i; - u64 mask = clib_net_to_host_u64 (mp->worker_mask); - - s = format (0, "SCRIPT: nat_set_workers "); - bitmap = clib_bitmap_set_multiple (bitmap, 0, mask, BITS (mask)); - /* *INDENT-OFF* */ - clib_bitmap_foreach (i, bitmap, - ({ - if (first) - s = format (s, "%d", i); - else - s = format (s, ",%d", i); - first = 0; - })); - /* *INDENT-ON* */ - clib_bitmap_free (bitmap); - FINISH; -} - -static void -send_nat_worker_details (u32 worker_index, vl_api_registration_t * reg, - u32 context) -{ - vl_api_nat_worker_details_t *rmp; - snat_main_t *sm = &snat_main; - vlib_worker_thread_t *w = - vlib_worker_threads + worker_index + sm->first_worker_index; - - rmp = vl_msg_api_alloc (sizeof (*rmp)); - clib_memset (rmp, 0, sizeof (*rmp)); - rmp->_vl_msg_id = ntohs (VL_API_NAT_WORKER_DETAILS + sm->msg_id_base); - rmp->context = context; - rmp->worker_index = htonl (worker_index); - rmp->lcore_id = htonl (w->cpu_id); - strncpy ((char *) rmp->name, (char *) w->name, ARRAY_LEN (rmp->name) - 1); - - vl_api_send_msg (reg, (u8 *) rmp); -} - -static void -vl_api_nat_worker_dump_t_handler (vl_api_nat_worker_dump_t * mp) -{ - vl_api_registration_t *reg; - snat_main_t *sm = &snat_main; - u32 *worker_index; - - reg = vl_api_client_index_to_registration (mp->client_index); - if (!reg) - return; - - /* *INDENT-OFF* */ - vec_foreach (worker_index, sm->workers) - send_nat_worker_details(*worker_index, reg, mp->context); - /* *INDENT-ON* */ -} - -static void * -vl_api_nat_worker_dump_t_print (vl_api_nat_worker_dump_t * mp, void *handle) -{ - u8 *s; - - s = format (0, "SCRIPT: nat_worker_dump "); - - FINISH; -} - -static void -vl_api_nat44_set_session_limit_t_handler (vl_api_nat44_set_session_limit_t * - mp) -{ - snat_main_t *sm = &snat_main; - vl_api_nat44_set_session_limit_reply_t *rmp; - int rv = 0; - - rv = nat44_set_session_limit - (ntohl (mp->session_limit), ntohl (mp->vrf_id)); - - REPLY_MACRO (VL_API_NAT_SET_WORKERS_REPLY); -} - -static void * -vl_api_nat44_set_session_limit_t_print (vl_api_nat44_set_session_limit_t * - mp, void *handle) -{ - u8 *s; - - s = format (0, "SCRIPT: nat44_set_session_limit "); - s = format (s, "session_limit %d", ntohl (mp->session_limit)); - s = format (s, "vrf_id %d", ntohl (mp->vrf_id)); - - FINISH; -} - -static void -vl_api_nat_set_log_level_t_handler (vl_api_nat_set_log_level_t * mp) -{ - snat_main_t *sm = &snat_main; - vl_api_nat_set_log_level_reply_t *rmp; - int rv = 0; - - if (sm->log_level > NAT_LOG_DEBUG) - rv = VNET_API_ERROR_UNSUPPORTED; - else - sm->log_level = mp->log_level; - - REPLY_MACRO (VL_API_NAT_SET_WORKERS_REPLY); -} - -static void * -vl_api_nat_set_log_level_t_print (vl_api_nat_set_log_level_t * - mp, void *handle) -{ - u8 *s; - - s = format (0, "SCRIPT: nat_set_log_level "); - s = format (s, "log_level %d", mp->log_level); - - FINISH; -} - -static void - vl_api_nat44_plugin_enable_disable_t_handler - (vl_api_nat44_plugin_enable_disable_t * mp) -{ - snat_main_t *sm = &snat_main; - nat44_config_t c = { 0 }; - vl_api_nat44_plugin_enable_disable_reply_t *rmp; - int rv = 0; - - if (mp->enable) - { - c.endpoint_dependent = mp->flags & NAT44_API_IS_ENDPOINT_DEPENDENT; - c.static_mapping_only = mp->flags & NAT44_API_IS_STATIC_MAPPING_ONLY; - c.connection_tracking = mp->flags & NAT44_API_IS_CONNECTION_TRACKING; - c.out2in_dpo = mp->flags & NAT44_API_IS_OUT2IN_DPO; - - c.inside_vrf = ntohl (mp->inside_vrf); - c.outside_vrf = ntohl (mp->outside_vrf); - - c.users = ntohl (mp->users); - - c.sessions = ntohl (mp->sessions); - - c.user_sessions = ntohl (mp->user_sessions); - - rv = nat44_plugin_enable (c); - } - else - rv = nat44_plugin_disable (); - - REPLY_MACRO (VL_API_NAT44_PLUGIN_ENABLE_DISABLE_REPLY); -} - -static void *vl_api_nat44_plugin_enable_disable_t_print - (vl_api_nat44_plugin_enable_disable_t * mp, void *handle) -{ - u8 *s; - u32 val; - - s = format (0, "SCRIPT: nat44_plugin_enable_disable "); - if (mp->enable) - { - s = format (s, "enable "); - if (mp->flags & NAT44_API_IS_ENDPOINT_DEPENDENT) - s = format (s, "endpoint-dependent "); - else - s = format (s, "endpoint-indepenednet "); - if (mp->flags & NAT44_API_IS_STATIC_MAPPING_ONLY) - s = format (s, "static_mapping_only "); - if (mp->flags & NAT44_API_IS_CONNECTION_TRACKING) - s = format (s, "connection_tracking "); - if (mp->flags & NAT44_API_IS_OUT2IN_DPO) - s = format (s, "out2in_dpo "); - val = ntohl (mp->inside_vrf); - if (val) - s = format (s, "inside_vrf %u ", val); - val = ntohl (mp->outside_vrf); - if (val) - s = format (s, "outside_vrf %u ", val); - val = ntohl (mp->users); - if (val) - s = format (s, "users %u ", val); - val = ntohl (mp->user_memory); - if (val) - s = format (s, "user_memory %u ", val); - val = ntohl (mp->sessions); - if (val) - s = format (s, "sessions %u ", val); - val = ntohl (mp->session_memory); - if (val) - s = format (s, "session_memory %u ", val); - val = ntohl (mp->user_sessions); - if (val) - s = format (s, "user_sessions %u ", val); - } - else - s = format (s, "disable "); - - FINISH; -} - -static void -vl_api_nat_ipfix_enable_disable_t_handler (vl_api_nat_ipfix_enable_disable_t * - mp) -{ - snat_main_t *sm = &snat_main; - vl_api_nat_ipfix_enable_disable_reply_t *rmp; - int rv = 0; - - rv = nat_ipfix_logging_enable_disable (mp->enable, - clib_host_to_net_u32 - (mp->domain_id), - clib_host_to_net_u16 (mp->src_port)); - - REPLY_MACRO (VL_API_NAT_IPFIX_ENABLE_DISABLE_REPLY); -} - -static void * -vl_api_nat_ipfix_enable_disable_t_print (vl_api_nat_ipfix_enable_disable_t * - mp, void *handle) -{ - u8 *s; - - s = format (0, "SCRIPT: nat_ipfix_enable_disable "); - if (mp->domain_id) - s = format (s, "domain %d ", clib_net_to_host_u32 (mp->domain_id)); - if (mp->src_port) - s = format (s, "src_port %d ", clib_net_to_host_u16 (mp->src_port)); - if (!mp->enable) - s = format (s, "disable "); - - FINISH; -} - -static void -vl_api_nat_set_timeouts_t_handler (vl_api_nat_set_timeouts_t * mp) -{ - snat_main_t *sm = &snat_main; - vl_api_nat_set_timeouts_reply_t *rmp; - int rv = 0; - - sm->udp_timeout = ntohl (mp->udp); - sm->tcp_established_timeout = ntohl (mp->tcp_established); - sm->tcp_transitory_timeout = ntohl (mp->tcp_transitory); - sm->icmp_timeout = ntohl (mp->icmp); - - REPLY_MACRO (VL_API_NAT_SET_TIMEOUTS_REPLY); -} - -static void * -vl_api_nat_set_timeouts_t_print (vl_api_nat_set_timeouts_t * mp, void *handle) -{ - u8 *s; - - s = format (0, "SCRIPT: nat_set_timeouts "); - s = format (s, "udp %d tcp_established %d tcp_transitory %d icmp %d\n", - ntohl (mp->udp), - ntohl (mp->tcp_established), - ntohl (mp->tcp_transitory), ntohl (mp->icmp)); - - FINISH; -} - -static void -vl_api_nat_get_timeouts_t_handler (vl_api_nat_get_timeouts_t * mp) -{ - snat_main_t *sm = &snat_main; - vl_api_nat_get_timeouts_reply_t *rmp; - int rv = 0; - - /* *INDENT-OFF* */ - REPLY_MACRO2 (VL_API_NAT_GET_TIMEOUTS_REPLY, - ({ - rmp->udp = htonl (sm->udp_timeout); - rmp->tcp_established = htonl (sm->tcp_established_timeout); - rmp->tcp_transitory = htonl (sm->tcp_transitory_timeout); - rmp->icmp = htonl (sm->icmp_timeout); - })) - /* *INDENT-ON* */ -} - -static void * -vl_api_nat_get_timeouts_t_print (vl_api_nat_get_timeouts_t * mp, void *handle) -{ - u8 *s; - - s = format (0, "SCRIPT: nat_get_timeouts"); - - FINISH; -} - -static void - vl_api_nat_set_addr_and_port_alloc_alg_t_handler - (vl_api_nat_set_addr_and_port_alloc_alg_t * mp) -{ - snat_main_t *sm = &snat_main; - vl_api_nat_set_addr_and_port_alloc_alg_reply_t *rmp; - int rv = 0; - u16 port_start, port_end; - - switch (mp->alg) - { - case NAT_ADDR_AND_PORT_ALLOC_ALG_DEFAULT: - nat_set_alloc_addr_and_port_default (); - break; - case NAT_ADDR_AND_PORT_ALLOC_ALG_MAPE: - nat_set_alloc_addr_and_port_mape (ntohs (mp->psid), mp->psid_offset, - mp->psid_length); - break; - case NAT_ADDR_AND_PORT_ALLOC_ALG_RANGE: - port_start = ntohs (mp->start_port); - port_end = ntohs (mp->end_port); - if (port_end <= port_start) - { - rv = VNET_API_ERROR_INVALID_VALUE; - goto send_reply; - } - nat_set_alloc_addr_and_port_range (port_start, port_end); - break; - default: - rv = VNET_API_ERROR_INVALID_VALUE; - break; - } - -send_reply: - REPLY_MACRO (VL_API_NAT_SET_ADDR_AND_PORT_ALLOC_ALG_REPLY); -} - -static void *vl_api_nat_set_addr_and_port_alloc_alg_t_print - (vl_api_nat_set_addr_and_port_alloc_alg_t * mp, void *handle) -{ - u8 *s; - - s = format (0, "SCRIPT: nat_set_addr_and_port_alloc_alg "); - s = format (s, "alg %d psid_offset %d psid_length %d psid %d start_port %d " - "end_port %d\n", - ntohl (mp->alg), ntohl (mp->psid_offset), - ntohl (mp->psid_length), ntohs (mp->psid), - ntohs (mp->start_port), ntohs (mp->end_port)); - - FINISH; -} - -static void - vl_api_nat_get_addr_and_port_alloc_alg_t_handler - (vl_api_nat_get_addr_and_port_alloc_alg_t * mp) -{ - snat_main_t *sm = &snat_main; - vl_api_nat_get_addr_and_port_alloc_alg_reply_t *rmp; - int rv = 0; - - /* *INDENT-OFF* */ - REPLY_MACRO2 (VL_API_NAT_GET_ADDR_AND_PORT_ALLOC_ALG_REPLY, - ({ - rmp->alg = sm->addr_and_port_alloc_alg; - rmp->psid_offset = sm->psid_offset; - rmp->psid_length = sm->psid_length; - rmp->psid = htons (sm->psid); - rmp->start_port = htons (sm->start_port); - rmp->end_port = htons (sm->end_port); - })) - /* *INDENT-ON* */ -} - -static void *vl_api_nat_get_addr_and_port_alloc_alg_t_print - (vl_api_nat_get_addr_and_port_alloc_alg_t * mp, void *handle) -{ - u8 *s; - - s = format (0, "SCRIPT: nat_get_addr_and_port_alloc_alg"); - - FINISH; -} - -static void -vl_api_nat_set_mss_clamping_t_handler (vl_api_nat_set_mss_clamping_t * mp) -{ - snat_main_t *sm = &snat_main; - vl_api_nat_set_mss_clamping_reply_t *rmp; - int rv = 0; - - if (mp->enable) - sm->mss_clamping = ntohs (mp->mss_value); - else - sm->mss_clamping = 0; - - REPLY_MACRO (VL_API_NAT_SET_MSS_CLAMPING_REPLY); -} - -static void * -vl_api_nat_set_mss_clamping_t_print (vl_api_nat_set_mss_clamping_t * mp, - void *handle) -{ - u8 *s; - - s = format (0, "SCRIPT: nat_set_mss_clamping enable %d mss_value %d\n", - mp->enable, ntohs (mp->mss_value)); - - FINISH; -} - -static void -vl_api_nat_get_mss_clamping_t_handler (vl_api_nat_get_mss_clamping_t * mp) -{ - snat_main_t *sm = &snat_main; - vl_api_nat_get_mss_clamping_reply_t *rmp; - int rv = 0; - - /* *INDENT-OFF* */ - REPLY_MACRO2 (VL_API_NAT_GET_MSS_CLAMPING_REPLY, - ({ - rmp->enable = sm->mss_clamping ? 1 : 0; - rmp->mss_value = htons (sm->mss_clamping); - })) - /* *INDENT-ON* */ -} - -static void * -vl_api_nat_get_mss_clamping_t_print (vl_api_nat_get_mss_clamping_t * mp, - void *handle) -{ - u8 *s; - - s = format (0, "SCRIPT: nat_get_mss_clamping"); - - FINISH; -} - -static void -vl_api_nat_ha_set_listener_t_handler (vl_api_nat_ha_set_listener_t * mp) -{ - snat_main_t *sm = &snat_main; - vl_api_nat_ha_set_listener_reply_t *rmp; - ip4_address_t addr; - int rv; - - memcpy (&addr, &mp->ip_address, sizeof (addr)); - rv = - nat_ha_set_listener (&addr, clib_net_to_host_u16 (mp->port), - clib_net_to_host_u32 (mp->path_mtu)); - - REPLY_MACRO (VL_API_NAT_HA_SET_LISTENER_REPLY); -} - -static void * -vl_api_nat_ha_set_listener_t_print (vl_api_nat_ha_set_listener_t * mp, - void *handle) -{ - u8 *s; - - s = format (0, "SCRIPT: nat_ha_set_listener "); - s = format (s, "ip_address %U ", format_ip4_address, mp->ip_address); - s = format (s, "port %d ", clib_net_to_host_u16 (mp->port)); - s = format (s, "path_mtu %d", clib_net_to_host_u32 (mp->path_mtu)); - - FINISH; -} - -static void -vl_api_nat_ha_get_listener_t_handler (vl_api_nat_ha_get_listener_t * mp) -{ - snat_main_t *sm = &snat_main; - vl_api_nat_ha_get_listener_reply_t *rmp; - int rv = 0; - ip4_address_t addr; - u16 port; - u32 path_mtu; - - nat_ha_get_listener (&addr, &port, &path_mtu); - - /* *INDENT-OFF* */ - REPLY_MACRO2 (VL_API_NAT_HA_GET_LISTENER_REPLY, - ({ - clib_memcpy (rmp->ip_address, &addr, sizeof (ip4_address_t)); - rmp->port = clib_host_to_net_u16 (port); - rmp->path_mtu = clib_host_to_net_u32 (path_mtu); - })) - /* *INDENT-ON* */ -} - -static void * -vl_api_nat_ha_get_listener_t_print (vl_api_nat_ha_get_listener_t * mp, - void *handle) -{ - u8 *s; - - s = format (0, "SCRIPT: nat_ha_get_listener"); - - FINISH; -} - -static void -vl_api_nat_ha_set_failover_t_handler (vl_api_nat_ha_set_failover_t * mp) -{ - snat_main_t *sm = &snat_main; - vl_api_nat_ha_set_failover_reply_t *rmp; - ip4_address_t addr; - int rv; - - memcpy (&addr, &mp->ip_address, sizeof (addr)); - rv = - nat_ha_set_failover (&addr, clib_net_to_host_u16 (mp->port), - clib_net_to_host_u32 (mp->session_refresh_interval)); - - REPLY_MACRO (VL_API_NAT_HA_SET_FAILOVER_REPLY); -} - -static void * -vl_api_nat_ha_set_failover_t_print (vl_api_nat_ha_set_failover_t * mp, - void *handle) -{ - u8 *s; - - s = format (0, "SCRIPT: nat_ha_set_failover "); - s = format (s, "ip_address %U ", format_ip4_address, mp->ip_address); - s = format (s, "port %d ", clib_net_to_host_u16 (mp->port)); - - FINISH; -} - -static void -vl_api_nat_ha_get_failover_t_handler (vl_api_nat_ha_get_failover_t * mp) -{ - snat_main_t *sm = &snat_main; - vl_api_nat_ha_get_failover_reply_t *rmp; - int rv = 0; - ip4_address_t addr; - u16 port; - u32 session_refresh_interval; - - nat_ha_get_failover (&addr, &port, &session_refresh_interval); - - /* *INDENT-OFF* */ - REPLY_MACRO2 (VL_API_NAT_HA_GET_FAILOVER_REPLY, - ({ - clib_memcpy (rmp->ip_address, &addr, sizeof (ip4_address_t)); - rmp->port = clib_host_to_net_u16 (port); - rmp->session_refresh_interval = clib_host_to_net_u32 (session_refresh_interval); - })) - /* *INDENT-ON* */ -} - -static void * -vl_api_nat_ha_get_failover_t_print (vl_api_nat_ha_get_failover_t * mp, - void *handle) -{ - u8 *s; - - s = format (0, "SCRIPT: nat_ha_get_failover"); - - FINISH; -} - -static void -vl_api_nat_ha_flush_t_handler (vl_api_nat_ha_flush_t * mp) -{ - snat_main_t *sm = &snat_main; - vl_api_nat_ha_flush_reply_t *rmp; - int rv = 0; - - nat_ha_flush (0); - - REPLY_MACRO (VL_API_NAT_HA_FLUSH_REPLY); -} - -static void * -vl_api_nat_ha_flush_t_print (vl_api_nat_ha_flush_t * mp, void *handle) -{ - u8 *s; - - s = format (0, "SCRIPT: nat_ha_flush "); - - FINISH; -} - -static void -nat_ha_resync_completed_event_cb (u32 client_index, u32 pid, u32 missed_count) -{ - snat_main_t *sm = &snat_main; - vl_api_registration_t *reg; - vl_api_nat_ha_resync_completed_event_t *mp; - - reg = vl_api_client_index_to_registration (client_index); - if (!reg) - return; - - mp = vl_msg_api_alloc (sizeof (*mp)); - clib_memset (mp, 0, sizeof (*mp)); - mp->client_index = client_index; - mp->pid = pid; - mp->missed_count = clib_host_to_net_u32 (missed_count); - mp->_vl_msg_id = - ntohs (VL_API_NAT_HA_RESYNC_COMPLETED_EVENT + sm->msg_id_base); - - vl_api_send_msg (reg, (u8 *) mp); -} - -static void -vl_api_nat_ha_resync_t_handler (vl_api_nat_ha_resync_t * mp) -{ - snat_main_t *sm = &snat_main; - vl_api_nat_ha_resync_reply_t *rmp; - int rv; - - rv = - nat_ha_resync (mp->client_index, mp->pid, - mp->want_resync_event ? nat_ha_resync_completed_event_cb : - NULL); - - REPLY_MACRO (VL_API_NAT_HA_RESYNC_REPLY); -} - -static void * -vl_api_nat_ha_resync_t_print (vl_api_nat_ha_resync_t * mp, void *handle) -{ - u8 *s; - - s = format (0, "SCRIPT: nat_ha_resync "); - s = - format (s, "want_resync_event %d pid %d", mp->want_resync_event, - clib_host_to_net_u32 (mp->pid)); - - FINISH; -} - -/*************/ -/*** NAT44 ***/ -/*************/ -static void -vl_api_nat44_del_user_t_handler (vl_api_nat44_del_user_t * mp) -{ - snat_main_t *sm = &snat_main; - vl_api_nat44_del_user_reply_t *rmp; - ip4_address_t addr; - int rv; - memcpy (&addr.as_u8, mp->ip_address, 4); - rv = nat44_user_del (&addr, ntohl (mp->fib_index)); - REPLY_MACRO (VL_API_NAT44_DEL_USER_REPLY); -} - -static void *vl_api_nat44_del_user_t_print - (vl_api_nat44_del_user_t * mp, void *handle) -{ - u8 *s; - s = format (0, "SCRIPT: nat44_del_user "); - s = format (s, "ip_address %U fib_index %U ", - format_ip4_address, mp->ip_address, ntohl (mp->fib_index)); - FINISH; -} - -static void - vl_api_nat44_add_del_address_range_t_handler - (vl_api_nat44_add_del_address_range_t * mp) -{ - snat_main_t *sm = &snat_main; - vl_api_nat44_add_del_address_range_reply_t *rmp; - ip4_address_t this_addr; - u8 is_add, twice_nat; - u32 start_host_order, end_host_order; - u32 vrf_id; - int i, count; - int rv = 0; - u32 *tmp; - - if (sm->static_mapping_only) - { - rv = VNET_API_ERROR_FEATURE_DISABLED; - goto send_reply; - } - - is_add = mp->is_add; - twice_nat = mp->flags & NAT_API_IS_TWICE_NAT; - - tmp = (u32 *) mp->first_ip_address; - start_host_order = clib_host_to_net_u32 (tmp[0]); - tmp = (u32 *) mp->last_ip_address; - end_host_order = clib_host_to_net_u32 (tmp[0]); - - count = (end_host_order - start_host_order) + 1; - - vrf_id = clib_host_to_net_u32 (mp->vrf_id); - - if (count > 1024) - nat_log_info ("%U - %U, %d addresses...", - format_ip4_address, mp->first_ip_address, - format_ip4_address, mp->last_ip_address, count); - - memcpy (&this_addr.as_u8, mp->first_ip_address, 4); - - for (i = 0; i < count; i++) - { - if (is_add) - rv = snat_add_address (sm, &this_addr, vrf_id, twice_nat); - else - rv = snat_del_address (sm, this_addr, 0, twice_nat); - - if (rv) - goto send_reply; - - if (sm->out2in_dpo) - nat44_add_del_address_dpo (this_addr, is_add); - - increment_v4_address (&this_addr); - } - -send_reply: - REPLY_MACRO (VL_API_NAT44_ADD_DEL_ADDRESS_RANGE_REPLY); -} - -static void *vl_api_nat44_add_del_address_range_t_print - (vl_api_nat44_add_del_address_range_t * mp, void *handle) -{ - u8 *s; - - s = format (0, "SCRIPT: nat44_add_address_range "); - s = format (s, "%U ", format_ip4_address, mp->first_ip_address); - if (memcmp (mp->first_ip_address, mp->last_ip_address, 4)) - { - s = format (s, " - %U ", format_ip4_address, mp->last_ip_address); - } - s = format (s, "twice_nat %d ", mp->flags & NAT_API_IS_TWICE_NAT); - FINISH; -} - -static void -send_nat44_address_details (snat_address_t * a, - vl_api_registration_t * reg, u32 context, - u8 twice_nat) -{ - vl_api_nat44_address_details_t *rmp; - snat_main_t *sm = &snat_main; - - rmp = vl_msg_api_alloc (sizeof (*rmp)); - clib_memset (rmp, 0, sizeof (*rmp)); - rmp->_vl_msg_id = ntohs (VL_API_NAT44_ADDRESS_DETAILS + sm->msg_id_base); - clib_memcpy (rmp->ip_address, &(a->addr), 4); - if (a->fib_index != ~0) - { - fib_table_t *fib = fib_table_get (a->fib_index, FIB_PROTOCOL_IP4); - rmp->vrf_id = ntohl (fib->ft_table_id); - } - else - rmp->vrf_id = ~0; - if (twice_nat) - rmp->flags |= NAT_API_IS_TWICE_NAT; - rmp->context = context; - - vl_api_send_msg (reg, (u8 *) rmp); -} - -static void -vl_api_nat44_address_dump_t_handler (vl_api_nat44_address_dump_t * mp) -{ - vl_api_registration_t *reg; - snat_main_t *sm = &snat_main; - snat_address_t *a; - - reg = vl_api_client_index_to_registration (mp->client_index); - if (!reg) - return; - - /* *INDENT-OFF* */ - vec_foreach (a, sm->addresses) - send_nat44_address_details (a, reg, mp->context, 0); - vec_foreach (a, sm->twice_nat_addresses) - send_nat44_address_details (a, reg, mp->context, 1); - /* *INDENT-ON* */ -} - -static void * -vl_api_nat44_address_dump_t_print (vl_api_nat44_address_dump_t * mp, - void *handle) -{ - u8 *s; - - s = format (0, "SCRIPT: nat44_address_dump "); - - FINISH; -} - -static void - vl_api_nat44_interface_add_del_feature_t_handler - (vl_api_nat44_interface_add_del_feature_t * mp) -{ - snat_main_t *sm = &snat_main; - vl_api_nat44_interface_add_del_feature_reply_t *rmp; - u32 sw_if_index = ntohl (mp->sw_if_index); - u8 is_del; - int rv = 0; - - is_del = !mp->is_add; - - VALIDATE_SW_IF_INDEX (mp); - - rv = - snat_interface_add_del (sw_if_index, mp->flags & NAT_API_IS_INSIDE, - is_del); - - BAD_SW_IF_INDEX_LABEL; - - REPLY_MACRO (VL_API_NAT44_INTERFACE_ADD_DEL_FEATURE_REPLY); -} - -static void *vl_api_nat44_interface_add_del_feature_t_print - (vl_api_nat44_interface_add_del_feature_t * mp, void *handle) -{ - u8 *s; - - s = format (0, "SCRIPT: nat44_interface_add_del_feature "); - s = format (s, "sw_if_index %d %s %s", - clib_host_to_net_u32 (mp->sw_if_index), - mp->flags & NAT_API_IS_INSIDE ? "in" : "out", - mp->is_add ? "" : "del"); - - FINISH; -} - -static void -send_nat44_interface_details (snat_interface_t * i, - vl_api_registration_t * reg, u32 context) -{ - vl_api_nat44_interface_details_t *rmp; - snat_main_t *sm = &snat_main; - - rmp = vl_msg_api_alloc (sizeof (*rmp)); - clib_memset (rmp, 0, sizeof (*rmp)); - rmp->_vl_msg_id = ntohs (VL_API_NAT44_INTERFACE_DETAILS + sm->msg_id_base); - rmp->sw_if_index = ntohl (i->sw_if_index); - - if (nat_interface_is_inside (i)) - rmp->flags |= NAT_API_IS_INSIDE; - if (nat_interface_is_outside (i)) - rmp->flags |= NAT_API_IS_OUTSIDE; - - rmp->context = context; - - vl_api_send_msg (reg, (u8 *) rmp); -} - -static void -vl_api_nat44_interface_dump_t_handler (vl_api_nat44_interface_dump_t * mp) -{ - vl_api_registration_t *reg; - snat_main_t *sm = &snat_main; - snat_interface_t *i; - - reg = vl_api_client_index_to_registration (mp->client_index); - if (!reg) - return; - - /* *INDENT-OFF* */ - pool_foreach (i, sm->interfaces, - ({ - send_nat44_interface_details(i, reg, mp->context); - })); - /* *INDENT-ON* */ -} - -static void * -vl_api_nat44_interface_dump_t_print (vl_api_nat44_interface_dump_t * mp, - void *handle) -{ - u8 *s; - - s = format (0, "SCRIPT: nat44_interface_dump "); - - FINISH; -} - -static void - vl_api_nat44_interface_add_del_output_feature_t_handler - (vl_api_nat44_interface_add_del_output_feature_t * mp) -{ - snat_main_t *sm = &snat_main; - vl_api_nat44_interface_add_del_output_feature_reply_t *rmp; - u32 sw_if_index = ntohl (mp->sw_if_index); - int rv = 0; - - VALIDATE_SW_IF_INDEX (mp); - - rv = snat_interface_add_del_output_feature (sw_if_index, - mp->flags & NAT_API_IS_INSIDE, - !mp->is_add); - - BAD_SW_IF_INDEX_LABEL; - REPLY_MACRO (VL_API_NAT44_INTERFACE_ADD_DEL_OUTPUT_FEATURE_REPLY); -} - -static void *vl_api_nat44_interface_add_del_output_feature_t_print - (vl_api_nat44_interface_add_del_output_feature_t * mp, void *handle) -{ - u8 *s; - - s = format (0, "SCRIPT: nat44_interface_add_del_output_feature "); - s = format (s, "sw_if_index %d %s %s", - clib_host_to_net_u32 (mp->sw_if_index), - mp->flags & NAT_API_IS_INSIDE ? "in" : "out", - mp->is_add ? "" : "del"); - - FINISH; -} - -static void -send_nat44_interface_output_feature_details (snat_interface_t * i, - vl_api_registration_t * reg, - u32 context) -{ - vl_api_nat44_interface_output_feature_details_t *rmp; - snat_main_t *sm = &snat_main; - - rmp = vl_msg_api_alloc (sizeof (*rmp)); - clib_memset (rmp, 0, sizeof (*rmp)); - rmp->_vl_msg_id = - ntohs (VL_API_NAT44_INTERFACE_OUTPUT_FEATURE_DETAILS + sm->msg_id_base); - rmp->sw_if_index = ntohl (i->sw_if_index); - rmp->context = context; - - if (nat_interface_is_inside (i)) - rmp->flags |= NAT_API_IS_INSIDE; - - vl_api_send_msg (reg, (u8 *) rmp); -} - -static void - vl_api_nat44_interface_output_feature_dump_t_handler - (vl_api_nat44_interface_output_feature_dump_t * mp) -{ - vl_api_registration_t *reg; - snat_main_t *sm = &snat_main; - snat_interface_t *i; - - reg = vl_api_client_index_to_registration (mp->client_index); - if (!reg) - return; - - /* *INDENT-OFF* */ - pool_foreach (i, sm->output_feature_interfaces, - ({ - send_nat44_interface_output_feature_details(i, reg, mp->context); - })); - /* *INDENT-ON* */ -} - -static void *vl_api_nat44_interface_output_feature_dump_t_print - (vl_api_nat44_interface_output_feature_dump_t * mp, void *handle) -{ - u8 *s; - - s = format (0, "SCRIPT: nat44_interface_output_feature_dump "); - - FINISH; -} - -static void - vl_api_nat44_add_del_static_mapping_t_handler - (vl_api_nat44_add_del_static_mapping_t * mp) -{ - snat_main_t *sm = &snat_main; - vl_api_nat44_add_del_static_mapping_reply_t *rmp; - ip4_address_t local_addr, external_addr, pool_addr = { 0 }; - u16 local_port = 0, external_port = 0; - u32 vrf_id, external_sw_if_index; - twice_nat_type_t twice_nat = TWICE_NAT_DISABLED; - int rv = 0; - nat_protocol_t proto; - u8 *tag = 0; - - memcpy (&local_addr.as_u8, mp->local_ip_address, 4); - memcpy (&external_addr.as_u8, mp->external_ip_address, 4); - - if (!(mp->flags & NAT_API_IS_ADDR_ONLY)) - { - local_port = mp->local_port; - external_port = mp->external_port; - } - - vrf_id = clib_net_to_host_u32 (mp->vrf_id); - external_sw_if_index = clib_net_to_host_u32 (mp->external_sw_if_index); - proto = ip_proto_to_nat_proto (mp->protocol); - - if (mp->flags & NAT_API_IS_TWICE_NAT) - twice_nat = TWICE_NAT; - else if (mp->flags & NAT_API_IS_SELF_TWICE_NAT) - twice_nat = TWICE_NAT_SELF; - mp->tag[sizeof (mp->tag) - 1] = 0; - tag = format (0, "%s", mp->tag); - vec_terminate_c_string (tag); - - rv = snat_add_static_mapping (local_addr, external_addr, local_port, - external_port, vrf_id, - mp->flags & NAT_API_IS_ADDR_ONLY, - external_sw_if_index, proto, - mp->is_add, twice_nat, - mp->flags & NAT_API_IS_OUT2IN_ONLY, tag, 0, - pool_addr, 0); - vec_free (tag); - - REPLY_MACRO (VL_API_NAT44_ADD_DEL_STATIC_MAPPING_REPLY); -} - -static void - vl_api_nat44_add_del_static_mapping_v2_t_handler - (vl_api_nat44_add_del_static_mapping_v2_t * mp) -{ - snat_main_t *sm = &snat_main; - vl_api_nat44_add_del_static_mapping_v2_reply_t *rmp; - ip4_address_t local_addr, external_addr, pool_addr; - u16 local_port = 0, external_port = 0; - u32 vrf_id, external_sw_if_index; - twice_nat_type_t twice_nat = TWICE_NAT_DISABLED; - int rv = 0; - nat_protocol_t proto; - u8 *tag = 0; - - memcpy (&pool_addr.as_u8, mp->pool_ip_address, 4); - memcpy (&local_addr.as_u8, mp->local_ip_address, 4); - memcpy (&external_addr.as_u8, mp->external_ip_address, 4); - - if (!(mp->flags & NAT_API_IS_ADDR_ONLY)) - { - local_port = mp->local_port; - external_port = mp->external_port; - } - - vrf_id = clib_net_to_host_u32 (mp->vrf_id); - external_sw_if_index = clib_net_to_host_u32 (mp->external_sw_if_index); - proto = ip_proto_to_nat_proto (mp->protocol); - - if (mp->flags & NAT_API_IS_TWICE_NAT) - twice_nat = TWICE_NAT; - else if (mp->flags & NAT_API_IS_SELF_TWICE_NAT) - twice_nat = TWICE_NAT_SELF; - mp->tag[sizeof (mp->tag) - 1] = 0; - tag = format (0, "%s", mp->tag); - vec_terminate_c_string (tag); - - rv = snat_add_static_mapping (local_addr, external_addr, local_port, - external_port, vrf_id, - mp->flags & NAT_API_IS_ADDR_ONLY, - external_sw_if_index, proto, - mp->is_add, twice_nat, - mp->flags & NAT_API_IS_OUT2IN_ONLY, tag, 0, - pool_addr, mp->match_pool); - vec_free (tag); - - REPLY_MACRO (VL_API_NAT44_ADD_DEL_STATIC_MAPPING_V2_REPLY); -} - -static void *vl_api_nat44_add_del_static_mapping_t_print - (vl_api_nat44_add_del_static_mapping_t * mp, void *handle) -{ - u8 *s; - - s = format (0, "SCRIPT: nat44_add_del_static_mapping "); - s = format (s, "protocol %d local_addr %U external_addr %U ", - mp->protocol, - format_ip4_address, mp->local_ip_address, - format_ip4_address, mp->external_ip_address); - - if (!(mp->flags & NAT_API_IS_ADDR_ONLY)) - s = format (s, "local_port %d external_port %d ", - clib_net_to_host_u16 (mp->local_port), - clib_net_to_host_u16 (mp->external_port)); - - s = format (s, "twice_nat %d out2in_only %d ", - mp->flags & NAT_API_IS_TWICE_NAT, - mp->flags & NAT_API_IS_OUT2IN_ONLY); - - if (mp->vrf_id != ~0) - s = format (s, "vrf %d", clib_net_to_host_u32 (mp->vrf_id)); - - if (mp->external_sw_if_index != ~0) - s = format (s, "external_sw_if_index %d", - clib_net_to_host_u32 (mp->external_sw_if_index)); - FINISH; -} - -static void *vl_api_nat44_add_del_static_mapping_v2_t_print - (vl_api_nat44_add_del_static_mapping_v2_t * mp, void *handle) -{ - u8 *s; - - s = format (0, "SCRIPT: nat44_add_del_static_mapping_v2 "); - s = format (s, "protocol %d local_addr %U external_addr %U ", - mp->protocol, - format_ip4_address, mp->local_ip_address, - format_ip4_address, mp->external_ip_address); - - if (!(mp->flags & NAT_API_IS_ADDR_ONLY)) - s = format (s, "local_port %d external_port %d ", - clib_net_to_host_u16 (mp->local_port), - clib_net_to_host_u16 (mp->external_port)); - - s = format (s, "twice_nat %d out2in_only %d ", - mp->flags & NAT_API_IS_TWICE_NAT, - mp->flags & NAT_API_IS_OUT2IN_ONLY); - - if (mp->vrf_id != ~0) - s = format (s, "vrf %d", clib_net_to_host_u32 (mp->vrf_id)); - - if (mp->external_sw_if_index != ~0) - s = format (s, "external_sw_if_index %d", - clib_net_to_host_u32 (mp->external_sw_if_index)); - if (mp->match_pool) - s = format (s, "match pool address %U", - format_ip4_address, mp->pool_ip_address); - - FINISH; -} - -static void -send_nat44_static_mapping_details (snat_static_mapping_t * m, - vl_api_registration_t * reg, u32 context) -{ - vl_api_nat44_static_mapping_details_t *rmp; - snat_main_t *sm = &snat_main; - u32 len = sizeof (*rmp); - - rmp = vl_msg_api_alloc (len); - clib_memset (rmp, 0, len); - rmp->_vl_msg_id = - ntohs (VL_API_NAT44_STATIC_MAPPING_DETAILS + sm->msg_id_base); - - clib_memcpy (rmp->local_ip_address, &(m->local_addr), 4); - clib_memcpy (rmp->external_ip_address, &(m->external_addr), 4); - rmp->external_sw_if_index = ~0; - rmp->vrf_id = htonl (m->vrf_id); - rmp->context = context; - - if (m->twice_nat == TWICE_NAT) - rmp->flags |= NAT_API_IS_TWICE_NAT; - else if (m->twice_nat == TWICE_NAT_SELF) - rmp->flags |= NAT_API_IS_SELF_TWICE_NAT; - - if (is_out2in_only_static_mapping (m)) - rmp->flags |= NAT_API_IS_OUT2IN_ONLY; - - if (is_addr_only_static_mapping (m)) - { - rmp->flags |= NAT_API_IS_ADDR_ONLY; - } - else - { - rmp->protocol = nat_proto_to_ip_proto (m->proto); - rmp->external_port = m->external_port; - rmp->local_port = m->local_port; - } - - if (m->tag) - strncpy ((char *) rmp->tag, (char *) m->tag, vec_len (m->tag)); - - vl_api_send_msg (reg, (u8 *) rmp); -} - -static void -send_nat44_static_map_resolve_details (snat_static_map_resolve_t * m, - vl_api_registration_t * reg, - u32 context) -{ - vl_api_nat44_static_mapping_details_t *rmp; - snat_main_t *sm = &snat_main; - - rmp = vl_msg_api_alloc (sizeof (*rmp)); - clib_memset (rmp, 0, sizeof (*rmp)); - rmp->_vl_msg_id = - ntohs (VL_API_NAT44_STATIC_MAPPING_DETAILS + sm->msg_id_base); - clib_memcpy (rmp->local_ip_address, &(m->l_addr), 4); - rmp->external_sw_if_index = htonl (m->sw_if_index); - rmp->vrf_id = htonl (m->vrf_id); - rmp->context = context; - - if (m->twice_nat) - rmp->flags |= NAT_API_IS_TWICE_NAT; - - if (m->addr_only) - { - rmp->flags |= NAT_API_IS_ADDR_ONLY; - } - else - { - rmp->protocol = nat_proto_to_ip_proto (m->proto); - rmp->external_port = m->e_port; - rmp->local_port = m->l_port; - } - if (m->tag) - strncpy ((char *) rmp->tag, (char *) m->tag, vec_len (m->tag)); - - vl_api_send_msg (reg, (u8 *) rmp); -} - -static void -vl_api_nat44_static_mapping_dump_t_handler (vl_api_nat44_static_mapping_dump_t - * mp) -{ - vl_api_registration_t *reg; - snat_main_t *sm = &snat_main; - snat_static_mapping_t *m; - snat_static_map_resolve_t *rp; - int j; - - reg = vl_api_client_index_to_registration (mp->client_index); - if (!reg) - return; - - /* *INDENT-OFF* */ - pool_foreach (m, sm->static_mappings, - ({ - if (!is_identity_static_mapping(m) && !is_lb_static_mapping (m)) - send_nat44_static_mapping_details (m, reg, mp->context); - })); - /* *INDENT-ON* */ - - for (j = 0; j < vec_len (sm->to_resolve); j++) - { - rp = sm->to_resolve + j; - if (!rp->identity_nat) - send_nat44_static_map_resolve_details (rp, reg, mp->context); - } -} - -static void * -vl_api_nat44_static_mapping_dump_t_print (vl_api_nat44_static_mapping_dump_t * - mp, void *handle) -{ - u8 *s; - - s = format (0, "SCRIPT: nat44_static_mapping_dump "); - - FINISH; -} - -static void - vl_api_nat44_add_del_identity_mapping_t_handler - (vl_api_nat44_add_del_identity_mapping_t * mp) -{ - snat_main_t *sm = &snat_main; - vl_api_nat44_add_del_identity_mapping_reply_t *rmp; - ip4_address_t addr, pool_addr = { 0 }; - u16 port = 0; - u32 vrf_id, sw_if_index; - int rv = 0; - nat_protocol_t proto = NAT_PROTOCOL_OTHER; - u8 *tag = 0; - - if (!(mp->flags & NAT_API_IS_ADDR_ONLY)) - { - port = mp->port; - proto = ip_proto_to_nat_proto (mp->protocol); - } - vrf_id = clib_net_to_host_u32 (mp->vrf_id); - sw_if_index = clib_net_to_host_u32 (mp->sw_if_index); - if (sw_if_index != ~0) - addr.as_u32 = 0; - else - memcpy (&addr.as_u8, mp->ip_address, 4); - mp->tag[sizeof (mp->tag) - 1] = 0; - tag = format (0, "%s", mp->tag); - vec_terminate_c_string (tag); - - rv = - snat_add_static_mapping (addr, addr, port, port, vrf_id, - mp->flags & NAT_API_IS_ADDR_ONLY, sw_if_index, - proto, mp->is_add, 0, 0, tag, 1, pool_addr, 0); - vec_free (tag); - - REPLY_MACRO (VL_API_NAT44_ADD_DEL_IDENTITY_MAPPING_REPLY); -} - -static void *vl_api_nat44_add_del_identity_mapping_t_print - (vl_api_nat44_add_del_identity_mapping_t * mp, void *handle) -{ - u8 *s; - - s = format (0, "SCRIPT: nat44_add_del_identity_mapping "); - if (mp->sw_if_index != ~0) - s = format (s, "sw_if_index %d", clib_net_to_host_u32 (mp->sw_if_index)); - else - s = format (s, "addr %U", format_ip4_address, mp->ip_address); - - if (!(mp->flags & NAT_API_IS_ADDR_ONLY)) - s = - format (s, " protocol %d port %d", mp->protocol, - clib_net_to_host_u16 (mp->port)); - - if (mp->vrf_id != ~0) - s = format (s, " vrf %d", clib_net_to_host_u32 (mp->vrf_id)); - - FINISH; -} - -static void -send_nat44_identity_mapping_details (snat_static_mapping_t * m, int index, - vl_api_registration_t * reg, u32 context) -{ - vl_api_nat44_identity_mapping_details_t *rmp; - snat_main_t *sm = &snat_main; - nat44_lb_addr_port_t *local = pool_elt_at_index (m->locals, index); - - rmp = vl_msg_api_alloc (sizeof (*rmp)); - clib_memset (rmp, 0, sizeof (*rmp)); - rmp->_vl_msg_id = - ntohs (VL_API_NAT44_IDENTITY_MAPPING_DETAILS + sm->msg_id_base); - - if (is_addr_only_static_mapping (m)) - rmp->flags |= NAT_API_IS_ADDR_ONLY; - - clib_memcpy (rmp->ip_address, &(m->local_addr), 4); - rmp->port = m->local_port; - rmp->sw_if_index = ~0; - rmp->vrf_id = htonl (local->vrf_id); - rmp->protocol = nat_proto_to_ip_proto (m->proto); - rmp->context = context; - if (m->tag) - strncpy ((char *) rmp->tag, (char *) m->tag, vec_len (m->tag)); - - vl_api_send_msg (reg, (u8 *) rmp); -} - -static void -send_nat44_identity_map_resolve_details (snat_static_map_resolve_t * m, - vl_api_registration_t * reg, - u32 context) -{ - vl_api_nat44_identity_mapping_details_t *rmp; - snat_main_t *sm = &snat_main; - - rmp = vl_msg_api_alloc (sizeof (*rmp)); - clib_memset (rmp, 0, sizeof (*rmp)); - rmp->_vl_msg_id = - ntohs (VL_API_NAT44_IDENTITY_MAPPING_DETAILS + sm->msg_id_base); - - if (m->addr_only) - rmp->flags = (vl_api_nat_config_flags_t) NAT_API_IS_ADDR_ONLY; - - rmp->port = m->l_port; - rmp->sw_if_index = htonl (m->sw_if_index); - rmp->vrf_id = htonl (m->vrf_id); - rmp->protocol = nat_proto_to_ip_proto (m->proto); - rmp->context = context; - if (m->tag) - strncpy ((char *) rmp->tag, (char *) m->tag, vec_len (m->tag)); - - vl_api_send_msg (reg, (u8 *) rmp); -} - -static void - vl_api_nat44_identity_mapping_dump_t_handler - (vl_api_nat44_identity_mapping_dump_t * mp) -{ - vl_api_registration_t *reg; - snat_main_t *sm = &snat_main; - snat_static_mapping_t *m; - snat_static_map_resolve_t *rp; - int j; - - reg = vl_api_client_index_to_registration (mp->client_index); - if (!reg) - return; - - /* *INDENT-OFF* */ - pool_foreach (m, sm->static_mappings, - ({ - if (is_identity_static_mapping(m) && !is_lb_static_mapping (m)) - { - pool_foreach_index (j, m->locals, - ({ - send_nat44_identity_mapping_details (m, j, reg, mp->context); - })); - } - })); - /* *INDENT-ON* */ - - for (j = 0; j < vec_len (sm->to_resolve); j++) - { - rp = sm->to_resolve + j; - if (rp->identity_nat) - send_nat44_identity_map_resolve_details (rp, reg, mp->context); - } -} - -static void *vl_api_nat44_identity_mapping_dump_t_print - (vl_api_nat44_identity_mapping_dump_t * mp, void *handle) -{ - u8 *s; - - s = format (0, "SCRIPT: nat44_identity_mapping_dump "); - - FINISH; -} - -static void - vl_api_nat44_add_del_interface_addr_t_handler - (vl_api_nat44_add_del_interface_addr_t * mp) -{ - snat_main_t *sm = &snat_main; - vl_api_nat44_add_del_interface_addr_reply_t *rmp; - u32 sw_if_index = ntohl (mp->sw_if_index); - int rv = 0; - u8 is_del; - - is_del = !mp->is_add; - - VALIDATE_SW_IF_INDEX (mp); - - rv = snat_add_interface_address (sm, sw_if_index, is_del, - mp->flags & NAT_API_IS_TWICE_NAT); - - BAD_SW_IF_INDEX_LABEL; - REPLY_MACRO (VL_API_NAT44_ADD_DEL_INTERFACE_ADDR_REPLY); -} - -static void *vl_api_nat44_add_del_interface_addr_t_print - (vl_api_nat44_add_del_interface_addr_t * mp, void *handle) -{ - u8 *s; - - s = format (0, "SCRIPT: nat44_add_del_interface_addr "); - s = format (s, "sw_if_index %d twice_nat %d %s", - clib_host_to_net_u32 (mp->sw_if_index), - mp->flags & NAT_API_IS_TWICE_NAT, mp->is_add ? "" : "del"); - - FINISH; -} - -static void -send_nat44_interface_addr_details (u32 sw_if_index, - vl_api_registration_t * reg, u32 context, - u8 twice_nat) -{ - vl_api_nat44_interface_addr_details_t *rmp; - snat_main_t *sm = &snat_main; - - rmp = vl_msg_api_alloc (sizeof (*rmp)); - clib_memset (rmp, 0, sizeof (*rmp)); - rmp->_vl_msg_id = - ntohs (VL_API_NAT44_INTERFACE_ADDR_DETAILS + sm->msg_id_base); - rmp->sw_if_index = ntohl (sw_if_index); - - if (twice_nat) - rmp->flags = (vl_api_nat_config_flags_t) NAT_API_IS_TWICE_NAT; - rmp->context = context; - - vl_api_send_msg (reg, (u8 *) rmp); -} - -static void -vl_api_nat44_interface_addr_dump_t_handler (vl_api_nat44_interface_addr_dump_t - * mp) -{ - vl_api_registration_t *reg; - snat_main_t *sm = &snat_main; - u32 *i; - - reg = vl_api_client_index_to_registration (mp->client_index); - if (!reg) - return; - - /* *INDENT-OFF* */ - vec_foreach (i, sm->auto_add_sw_if_indices) - send_nat44_interface_addr_details(*i, reg, mp->context, 0); - vec_foreach (i, sm->auto_add_sw_if_indices_twice_nat) - send_nat44_interface_addr_details(*i, reg, mp->context, 1); - /* *INDENT-ON* */ -} - -static void * -vl_api_nat44_interface_addr_dump_t_print (vl_api_nat44_interface_addr_dump_t * - mp, void *handle) -{ - u8 *s; - - s = format (0, "SCRIPT: nat44_interface_addr_dump "); - - FINISH; -} - -static void -send_nat44_user_details (snat_user_t * u, vl_api_registration_t * reg, - u32 context) -{ - vl_api_nat44_user_details_t *rmp; - snat_main_t *sm = &snat_main; - ip4_main_t *im = &ip4_main; - - rmp = vl_msg_api_alloc (sizeof (*rmp)); - clib_memset (rmp, 0, sizeof (*rmp)); - rmp->_vl_msg_id = ntohs (VL_API_NAT44_USER_DETAILS + sm->msg_id_base); - - if (!pool_is_free_index (im->fibs, u->fib_index)) - { - fib_table_t *fib = fib_table_get (u->fib_index, FIB_PROTOCOL_IP4); - rmp->vrf_id = ntohl (fib->ft_table_id); - } - - clib_memcpy (rmp->ip_address, &(u->addr), 4); - rmp->nsessions = ntohl (u->nsessions); - rmp->nstaticsessions = ntohl (u->nstaticsessions); - rmp->context = context; - - vl_api_send_msg (reg, (u8 *) rmp); -} - -static void -nat_ed_user_create_helper (snat_main_per_thread_data_t * tsm, - snat_session_t * s) -{ - snat_user_key_t k; - k.addr = s->in2out.addr; - k.fib_index = s->in2out.fib_index; - clib_bihash_kv_8_8_t key, value; - key.key = k.as_u64; - snat_user_t *u; - if (clib_bihash_search_8_8 (&tsm->user_hash, &key, &value)) - { - pool_get (tsm->users, u); - u->addr = k.addr; - u->fib_index = k.fib_index; - u->nsessions = 0; - u->nstaticsessions = 0; - key.value = u - tsm->users; - clib_bihash_add_del_8_8 (&tsm->user_hash, &key, 1); - } - else - { - u = pool_elt_at_index (tsm->users, value.value); - } - if (snat_is_session_static (s)) - { - ++u->nstaticsessions; - } - else - { - ++u->nsessions; - } -} - -static void -nat_ed_users_create (snat_main_per_thread_data_t * tsm) -{ - snat_session_t *s; - /* *INDENT-OFF* */ - pool_foreach (s, tsm->sessions, { nat_ed_user_create_helper (tsm, s); }); - /* *INDENT-ON* */ -} - -static void -nat_ed_users_destroy (snat_main_per_thread_data_t * tsm) -{ - snat_user_t *u; - /* *INDENT-OFF* */ - pool_flush (u, tsm->users, { }); - /* *INDENT-ON* */ - clib_bihash_free_8_8 (&tsm->user_hash); - clib_bihash_init_8_8 (&tsm->user_hash, "users", snat_main.user_buckets, 0); - clib_bihash_set_kvp_format_fn_8_8 (&tsm->user_hash, format_user_kvp); -} - -static void -vl_api_nat44_user_dump_t_handler (vl_api_nat44_user_dump_t * mp) -{ - vl_api_registration_t *reg; - snat_main_t *sm = &snat_main; - snat_main_per_thread_data_t *tsm; - snat_user_t *u; - - reg = vl_api_client_index_to_registration (mp->client_index); - if (!reg) - return; - - /* *INDENT-OFF* */ - vec_foreach (tsm, sm->per_thread_data) - { - if (sm->endpoint_dependent) - { - nat_ed_users_create (tsm); - } - pool_foreach (u, tsm->users, - ({ - send_nat44_user_details (u, reg, mp->context); - })); - if (sm->endpoint_dependent) - { - nat_ed_users_destroy (tsm); - } - } - /* *INDENT-ON* */ -} - -static void * -vl_api_nat44_user_dump_t_print (vl_api_nat44_user_dump_t * mp, void *handle) -{ - u8 *s; - - s = format (0, "SCRIPT: nat44_user_dump "); - - FINISH; -} - -static void -send_nat44_user_session_details (snat_session_t * s, - vl_api_registration_t * reg, u32 context) -{ - vl_api_nat44_user_session_details_t *rmp; - snat_main_t *sm = &snat_main; - - rmp = vl_msg_api_alloc (sizeof (*rmp)); - clib_memset (rmp, 0, sizeof (*rmp)); - rmp->_vl_msg_id = - ntohs (VL_API_NAT44_USER_SESSION_DETAILS + sm->msg_id_base); - clib_memcpy (rmp->outside_ip_address, (&s->out2in.addr), 4); - clib_memcpy (rmp->inside_ip_address, (&s->in2out.addr), 4); - - if (snat_is_session_static (s)) - rmp->flags |= NAT_API_IS_STATIC; - - if (is_twice_nat_session (s)) - rmp->flags |= NAT_API_IS_TWICE_NAT; - - if (is_ed_session (s) || is_fwd_bypass_session (s)) - rmp->flags |= NAT_API_IS_EXT_HOST_VALID; - - rmp->last_heard = clib_host_to_net_u64 ((u64) s->last_heard); - rmp->total_bytes = clib_host_to_net_u64 (s->total_bytes); - rmp->total_pkts = ntohl (s->total_pkts); - rmp->context = context; - if (snat_is_unk_proto_session (s)) - { - rmp->outside_port = 0; - rmp->inside_port = 0; - rmp->protocol = ntohs (s->in2out.port); - } - else - { - rmp->outside_port = s->out2in.port; - rmp->inside_port = s->in2out.port; - rmp->protocol = ntohs (nat_proto_to_ip_proto (s->nat_proto)); - } - if (is_ed_session (s) || is_fwd_bypass_session (s)) - { - clib_memcpy (rmp->ext_host_address, &s->ext_host_addr, 4); - rmp->ext_host_port = s->ext_host_port; - if (is_twice_nat_session (s)) - { - clib_memcpy (rmp->ext_host_nat_address, &s->ext_host_nat_addr, 4); - rmp->ext_host_nat_port = s->ext_host_nat_port; - } - } - - vl_api_send_msg (reg, (u8 *) rmp); -} - -static void -vl_api_nat44_user_session_dump_t_handler (vl_api_nat44_user_session_dump_t * - mp) -{ - vl_api_registration_t *reg; - snat_main_t *sm = &snat_main; - snat_main_per_thread_data_t *tsm; - snat_session_t *s; - clib_bihash_kv_8_8_t key, value; - snat_user_key_t ukey; - snat_user_t *u; - u32 session_index, head_index, elt_index; - dlist_elt_t *head, *elt; - ip4_header_t ip; - - reg = vl_api_client_index_to_registration (mp->client_index); - if (!reg) - return; - - clib_memcpy (&ukey.addr, mp->ip_address, 4); - ip.src_address.as_u32 = ukey.addr.as_u32; - ukey.fib_index = fib_table_find (FIB_PROTOCOL_IP4, ntohl (mp->vrf_id)); - key.key = ukey.as_u64; - if (sm->num_workers > 1) - tsm = - vec_elt_at_index (sm->per_thread_data, - sm->worker_in2out_cb (&ip, ukey.fib_index, 0)); - else - tsm = vec_elt_at_index (sm->per_thread_data, sm->num_workers); - if (!sm->endpoint_dependent) - { - if (clib_bihash_search_8_8 (&tsm->user_hash, &key, &value)) - return; - u = pool_elt_at_index (tsm->users, value.value); - if (!u->nsessions && !u->nstaticsessions) - return; - - head_index = u->sessions_per_user_list_head_index; - head = pool_elt_at_index (tsm->list_pool, head_index); - elt_index = head->next; - elt = pool_elt_at_index (tsm->list_pool, elt_index); - session_index = elt->value; - while (session_index != ~0) - { - s = pool_elt_at_index (tsm->sessions, session_index); - - send_nat44_user_session_details (s, reg, mp->context); - - elt_index = elt->next; - elt = pool_elt_at_index (tsm->list_pool, elt_index); - session_index = elt->value; - } - } - else - { - /* *INDENT-OFF* */ - pool_foreach (s, tsm->sessions, { - if (s->in2out.addr.as_u32 == ukey.addr.as_u32) - { - send_nat44_user_session_details (s, reg, mp->context); - } - }); - /* *INDENT-ON* */ - } -} - -static void * -vl_api_nat44_user_session_dump_t_print (vl_api_nat44_user_session_dump_t * mp, - void *handle) -{ - u8 *s; - - s = format (0, "SCRIPT: nat44_user_session_dump "); - s = format (s, "ip_address %U vrf_id %d\n", - format_ip4_address, mp->ip_address, - clib_net_to_host_u32 (mp->vrf_id)); - - FINISH; -} - -static nat44_lb_addr_port_t * -unformat_nat44_lb_addr_port (vl_api_nat44_lb_addr_port_t * addr_port_pairs, - u32 addr_port_pair_num) -{ - u8 i; - nat44_lb_addr_port_t *lb_addr_port_pairs = 0, lb_addr_port; - vl_api_nat44_lb_addr_port_t *ap; - - for (i = 0; i < addr_port_pair_num; i++) - { - ap = &addr_port_pairs[i]; - clib_memset (&lb_addr_port, 0, sizeof (lb_addr_port)); - clib_memcpy (&lb_addr_port.addr, ap->addr, 4); - lb_addr_port.port = ap->port; - lb_addr_port.probability = ap->probability; - lb_addr_port.vrf_id = clib_net_to_host_u32 (ap->vrf_id); - vec_add1 (lb_addr_port_pairs, lb_addr_port); - } - - return lb_addr_port_pairs; -} - -static void - vl_api_nat44_add_del_lb_static_mapping_t_handler - (vl_api_nat44_add_del_lb_static_mapping_t * mp) -{ - snat_main_t *sm = &snat_main; - vl_api_nat44_add_del_lb_static_mapping_reply_t *rmp; - twice_nat_type_t twice_nat = TWICE_NAT_DISABLED; - int rv = 0; - nat44_lb_addr_port_t *locals = 0; - ip4_address_t e_addr; - nat_protocol_t proto; - u8 *tag = 0; - - if (!sm->endpoint_dependent) - { - rv = VNET_API_ERROR_UNSUPPORTED; - goto send_reply; - } - - locals = - unformat_nat44_lb_addr_port (mp->locals, - clib_net_to_host_u32 (mp->local_num)); - clib_memcpy (&e_addr, mp->external_addr, 4); - proto = ip_proto_to_nat_proto (mp->protocol); - - if (mp->flags & NAT_API_IS_TWICE_NAT) - twice_nat = TWICE_NAT; - else if (mp->flags & NAT_API_IS_SELF_TWICE_NAT) - twice_nat = TWICE_NAT_SELF; - mp->tag[sizeof (mp->tag) - 1] = 0; - tag = format (0, "%s", mp->tag); - vec_terminate_c_string (tag); - - rv = - nat44_add_del_lb_static_mapping (e_addr, - mp->external_port, - proto, locals, mp->is_add, - twice_nat, - mp->flags & NAT_API_IS_OUT2IN_ONLY, tag, - clib_net_to_host_u32 (mp->affinity)); - - vec_free (locals); - vec_free (tag); - -send_reply: - REPLY_MACRO (VL_API_NAT44_ADD_DEL_LB_STATIC_MAPPING_REPLY); -} - -static void *vl_api_nat44_add_del_lb_static_mapping_t_print - (vl_api_nat44_add_del_lb_static_mapping_t * mp, void *handle) -{ - u8 *s; - - s = format (0, "SCRIPT: nat44_add_del_lb_static_mapping "); - s = format (s, "is_add %d twice_nat %d out2in_only %d ", - mp->is_add, - mp->flags & NAT_API_IS_TWICE_NAT, - mp->flags & NAT_API_IS_OUT2IN_ONLY); - - FINISH; -} - -static void - vl_api_nat44_lb_static_mapping_add_del_local_t_handler - (vl_api_nat44_lb_static_mapping_add_del_local_t * mp) -{ - snat_main_t *sm = &snat_main; - vl_api_nat44_lb_static_mapping_add_del_local_reply_t *rmp; - int rv = 0; - ip4_address_t e_addr, l_addr; - nat_protocol_t proto; - - if (!sm->endpoint_dependent) - { - rv = VNET_API_ERROR_UNSUPPORTED; - goto send_reply; - } - - clib_memcpy (&e_addr, mp->external_addr, 4); - clib_memcpy (&l_addr, mp->local.addr, 4); - proto = ip_proto_to_nat_proto (mp->protocol); - - rv = - nat44_lb_static_mapping_add_del_local (e_addr, - clib_net_to_host_u16 - (mp->external_port), l_addr, - clib_net_to_host_u16 (mp-> - local.port), - proto, - clib_net_to_host_u32 (mp-> - local.vrf_id), - mp->local.probability, mp->is_add); - -send_reply: - REPLY_MACRO (VL_API_NAT44_LB_STATIC_MAPPING_ADD_DEL_LOCAL_REPLY); -} - -static void *vl_api_nat44_lb_static_mapping_add_del_local_t_print - (vl_api_nat44_lb_static_mapping_add_del_local_t * mp, void *handle) -{ - u8 *s; - - s = format (0, "SCRIPT: nat44_lb_static_mapping_add_del_local "); - s = format (s, "is_add %d", mp->is_add); - - FINISH; -} - -static void -send_nat44_lb_static_mapping_details (snat_static_mapping_t * m, - vl_api_registration_t * reg, - u32 context) -{ - vl_api_nat44_lb_static_mapping_details_t *rmp; - snat_main_t *sm = &snat_main; - nat44_lb_addr_port_t *ap; - vl_api_nat44_lb_addr_port_t *locals; - u32 local_num = 0; - - rmp = - vl_msg_api_alloc (sizeof (*rmp) + - (pool_elts (m->locals) * - sizeof (nat44_lb_addr_port_t))); - clib_memset (rmp, 0, sizeof (*rmp)); - rmp->_vl_msg_id = - ntohs (VL_API_NAT44_LB_STATIC_MAPPING_DETAILS + sm->msg_id_base); - - clib_memcpy (rmp->external_addr, &(m->external_addr), 4); - rmp->external_port = m->external_port; - rmp->protocol = nat_proto_to_ip_proto (m->proto); - rmp->context = context; - - if (m->twice_nat == TWICE_NAT) - rmp->flags |= NAT_API_IS_TWICE_NAT; - else if (m->twice_nat == TWICE_NAT_SELF) - rmp->flags |= NAT_API_IS_SELF_TWICE_NAT; - if (is_out2in_only_static_mapping (m)) - rmp->flags |= NAT_API_IS_OUT2IN_ONLY; - if (m->tag) - strncpy ((char *) rmp->tag, (char *) m->tag, vec_len (m->tag)); - - locals = (vl_api_nat44_lb_addr_port_t *) rmp->locals; - /* *INDENT-OFF* */ - pool_foreach (ap, m->locals, - ({ - clib_memcpy (locals->addr, &(ap->addr), 4); - locals->port = ap->port; - locals->probability = ap->probability; - locals->vrf_id = ntohl (ap->vrf_id); - locals++; - local_num++; - })); - /* *INDENT-ON* */ - rmp->local_num = ntohl (local_num); - - vl_api_send_msg (reg, (u8 *) rmp); -} - -static void - vl_api_nat44_lb_static_mapping_dump_t_handler - (vl_api_nat44_lb_static_mapping_dump_t * mp) -{ - vl_api_registration_t *reg; - snat_main_t *sm = &snat_main; - snat_static_mapping_t *m; - - if (!sm->endpoint_dependent) - return; - - reg = vl_api_client_index_to_registration (mp->client_index); - if (!reg) - return; - - /* *INDENT-OFF* */ - pool_foreach (m, sm->static_mappings, - ({ - if (is_lb_static_mapping(m)) - send_nat44_lb_static_mapping_details (m, reg, mp->context); - })); - /* *INDENT-ON* */ -} - -static void *vl_api_nat44_lb_static_mapping_dump_t_print - (vl_api_nat44_lb_static_mapping_dump_t * mp, void *handle) -{ - u8 *s; - - s = format (0, "SCRIPT: nat44_lb_static_mapping_dump "); - - FINISH; -} - -static void -vl_api_nat44_del_session_t_handler (vl_api_nat44_del_session_t * mp) -{ - snat_main_t *sm = &snat_main; - vl_api_nat44_del_session_reply_t *rmp; - ip4_address_t addr, eh_addr; - u16 port, eh_port; - u32 vrf_id; - int rv = 0; - u8 is_in; - nat_protocol_t proto; - - memcpy (&addr.as_u8, mp->address, 4); - port = mp->port; - vrf_id = clib_net_to_host_u32 (mp->vrf_id); - proto = ip_proto_to_nat_proto (mp->protocol); - memcpy (&eh_addr.as_u8, mp->ext_host_address, 4); - eh_port = mp->ext_host_port; - - is_in = mp->flags & NAT_API_IS_INSIDE; - - if (mp->flags & NAT_API_IS_EXT_HOST_VALID) - rv = - nat44_del_ed_session (sm, &addr, port, &eh_addr, eh_port, mp->protocol, - vrf_id, is_in); - else - rv = nat44_del_session (sm, &addr, port, proto, vrf_id, is_in); - - REPLY_MACRO (VL_API_NAT44_DEL_SESSION_REPLY); -} - -static void * -vl_api_nat44_del_session_t_print (vl_api_nat44_del_session_t * mp, - void *handle) -{ - u8 *s; - - s = format (0, "SCRIPT: nat44_add_del_session "); - s = format (s, "addr %U port %d protocol %d vrf_id %d is_in %d", - format_ip4_address, mp->address, - clib_net_to_host_u16 (mp->port), - mp->protocol, clib_net_to_host_u32 (mp->vrf_id), - mp->flags & NAT_API_IS_INSIDE); - if (mp->flags & NAT_API_IS_EXT_HOST_VALID) - s = format (s, "ext_host_address %U ext_host_port %d", - format_ip4_address, mp->ext_host_address, - clib_net_to_host_u16 (mp->ext_host_port)); - - FINISH; -} - -static void - vl_api_nat44_forwarding_enable_disable_t_handler - (vl_api_nat44_forwarding_enable_disable_t * mp) -{ - snat_main_t *sm = &snat_main; - vl_api_nat44_forwarding_enable_disable_reply_t *rmp; - int rv = 0; - u32 *ses_to_be_removed = 0, *ses_index; - snat_main_per_thread_data_t *tsm; - snat_session_t *s; - - sm->forwarding_enabled = mp->enable != 0; - - if (mp->enable == 0) - { - /* *INDENT-OFF* */ - vec_foreach (tsm, sm->per_thread_data) - { - pool_foreach (s, tsm->sessions, - ({ - if (is_fwd_bypass_session(s)) - { - vec_add1 (ses_to_be_removed, s - tsm->sessions); - } - })); - if(sm->endpoint_dependent){ - vec_foreach (ses_index, ses_to_be_removed) - { - s = pool_elt_at_index(tsm->sessions, ses_index[0]); - nat_free_session_data (sm, s, tsm - sm->per_thread_data, 0); - nat_ed_session_delete (sm, s, tsm - sm->per_thread_data, 1); - } - }else{ - vec_foreach (ses_index, ses_to_be_removed) - { - s = pool_elt_at_index(tsm->sessions, ses_index[0]); - nat_free_session_data (sm, s, tsm - sm->per_thread_data, 0); - nat44_delete_session (sm, s, tsm - sm->per_thread_data); - } - } - vec_free (ses_to_be_removed); - } - /* *INDENT-ON* */ - } - - REPLY_MACRO (VL_API_NAT44_FORWARDING_ENABLE_DISABLE_REPLY); -} - -static void *vl_api_nat44_forwarding_enable_disable_t_print - (vl_api_nat44_forwarding_enable_disable_t * mp, void *handle) -{ - u8 *s; - - s = format (0, "SCRIPT: nat44_forwarding_enable_disable "); - s = format (s, "enable %d", mp->enable != 0); - - FINISH; -} - -static void - vl_api_nat44_forwarding_is_enabled_t_handler - (vl_api_nat44_forwarding_is_enabled_t * mp) -{ - vl_api_registration_t *reg; - snat_main_t *sm = &snat_main; - vl_api_nat44_forwarding_is_enabled_reply_t *rmp; - - reg = vl_api_client_index_to_registration (mp->client_index); - if (!reg) - return; - - rmp = vl_msg_api_alloc (sizeof (*rmp)); - clib_memset (rmp, 0, sizeof (*rmp)); - rmp->_vl_msg_id = - ntohs (VL_API_NAT44_FORWARDING_IS_ENABLED_REPLY + sm->msg_id_base); - rmp->context = mp->context; - - rmp->enabled = sm->forwarding_enabled; - - vl_api_send_msg (reg, (u8 *) rmp); -} - -static void *vl_api_nat44_forwarding_is_enabled_t_print - (vl_api_nat44_forwarding_is_enabled_t * mp, void *handle) -{ - u8 *s; - - s = format (0, "SCRIPT: nat44_forwarding_is_enabled "); - - FINISH; -} - -/* List of message types that this plugin understands */ -#define foreach_snat_plugin_api_msg \ -_(NAT_CONTROL_PING, nat_control_ping) \ -_(NAT_SHOW_CONFIG, nat_show_config) \ -_(NAT_SHOW_CONFIG_2, nat_show_config_2) \ -_(NAT_SET_WORKERS, nat_set_workers) \ -_(NAT_WORKER_DUMP, nat_worker_dump) \ -_(NAT44_PLUGIN_ENABLE_DISABLE, nat44_plugin_enable_disable) \ -_(NAT44_DEL_USER, nat44_del_user) \ -_(NAT44_SET_SESSION_LIMIT, nat44_set_session_limit) \ -_(NAT_SET_LOG_LEVEL, nat_set_log_level) \ -_(NAT_IPFIX_ENABLE_DISABLE, nat_ipfix_enable_disable) \ -_(NAT_SET_TIMEOUTS, nat_set_timeouts) \ -_(NAT_GET_TIMEOUTS, nat_get_timeouts) \ -_(NAT_SET_ADDR_AND_PORT_ALLOC_ALG, nat_set_addr_and_port_alloc_alg) \ -_(NAT_GET_ADDR_AND_PORT_ALLOC_ALG, nat_get_addr_and_port_alloc_alg) \ -_(NAT_SET_MSS_CLAMPING, nat_set_mss_clamping) \ -_(NAT_GET_MSS_CLAMPING, nat_get_mss_clamping) \ -_(NAT_HA_SET_LISTENER, nat_ha_set_listener) \ -_(NAT_HA_SET_FAILOVER, nat_ha_set_failover) \ -_(NAT_HA_GET_LISTENER, nat_ha_get_listener) \ -_(NAT_HA_GET_FAILOVER, nat_ha_get_failover) \ -_(NAT_HA_FLUSH, nat_ha_flush) \ -_(NAT_HA_RESYNC, nat_ha_resync) \ -_(NAT44_ADD_DEL_ADDRESS_RANGE, nat44_add_del_address_range) \ -_(NAT44_INTERFACE_ADD_DEL_FEATURE, nat44_interface_add_del_feature) \ -_(NAT44_ADD_DEL_STATIC_MAPPING, nat44_add_del_static_mapping) \ -_(NAT44_ADD_DEL_STATIC_MAPPING_V2, nat44_add_del_static_mapping_v2) \ -_(NAT44_ADD_DEL_IDENTITY_MAPPING, nat44_add_del_identity_mapping) \ -_(NAT44_STATIC_MAPPING_DUMP, nat44_static_mapping_dump) \ -_(NAT44_IDENTITY_MAPPING_DUMP, nat44_identity_mapping_dump) \ -_(NAT44_ADDRESS_DUMP, nat44_address_dump) \ -_(NAT44_INTERFACE_DUMP, nat44_interface_dump) \ -_(NAT44_ADD_DEL_INTERFACE_ADDR, nat44_add_del_interface_addr) \ -_(NAT44_INTERFACE_ADDR_DUMP, nat44_interface_addr_dump) \ -_(NAT44_USER_DUMP, nat44_user_dump) \ -_(NAT44_USER_SESSION_DUMP, nat44_user_session_dump) \ -_(NAT44_INTERFACE_ADD_DEL_OUTPUT_FEATURE, \ - nat44_interface_add_del_output_feature) \ -_(NAT44_INTERFACE_OUTPUT_FEATURE_DUMP, \ - nat44_interface_output_feature_dump) \ -_(NAT44_ADD_DEL_LB_STATIC_MAPPING, nat44_add_del_lb_static_mapping) \ -_(NAT44_LB_STATIC_MAPPING_ADD_DEL_LOCAL, \ - nat44_lb_static_mapping_add_del_local) \ -_(NAT44_LB_STATIC_MAPPING_DUMP, nat44_lb_static_mapping_dump) \ -_(NAT44_DEL_SESSION, nat44_del_session) \ -_(NAT44_FORWARDING_ENABLE_DISABLE, nat44_forwarding_enable_disable) \ -_(NAT44_FORWARDING_IS_ENABLED, nat44_forwarding_is_enabled) - -/* Set up the API message handling tables */ -static clib_error_t * -snat_plugin_api_hookup (vlib_main_t * vm) -{ - snat_main_t *sm __attribute__ ((unused)) = &snat_main; -#define _(N,n) \ - vl_msg_api_set_handlers((VL_API_##N + sm->msg_id_base), \ - #n, \ - vl_api_##n##_t_handler, \ - vl_noop_handler, \ - vl_api_##n##_t_endian, \ - vl_api_##n##_t_print, \ - sizeof(vl_api_##n##_t), 1); - foreach_snat_plugin_api_msg; -#undef _ - - return 0; -} - -#define vl_msg_name_crc_list -#include -#undef vl_msg_name_crc_list - -static void -setup_message_id_table (snat_main_t * sm, api_main_t * am) -{ -#define _(id,n,crc) \ - vl_msg_api_add_msg_name_crc (am, #n "_" #crc, id + sm->msg_id_base); - foreach_vl_msg_name_crc_nat; -#undef _ -} - -static void -plugin_custom_dump_configure (snat_main_t * sm) -{ -#define _(n,f) sm->api_main->msg_print_handlers \ - [VL_API_##n + sm->msg_id_base] \ - = (void *) vl_api_##f##_t_print; - foreach_snat_plugin_api_msg; -#undef _ -} - -clib_error_t * -snat_api_init (vlib_main_t * vm, snat_main_t * sm) -{ - u8 *name; - clib_error_t *error = 0; - - name = format (0, "nat_%08x%c", api_version, 0); - - /* Ask for a correctly-sized block of API message decode slots */ - sm->msg_id_base = - vl_msg_api_get_msg_ids ((char *) name, VL_MSG_FIRST_AVAILABLE); - - error = snat_plugin_api_hookup (vm); - - /* Add our API messages to the global name_crc hash table */ - setup_message_id_table (sm, sm->api_main); - - plugin_custom_dump_configure (sm); - - vec_free (name); - - return error; -} - -/* - * fd.io coding-style-patch-verification: ON - * - * Local Variables: - * eval: (c-set-style "gnu") - * End: - */ diff --git a/src/plugins/nat/nat_msg_enum.h b/src/plugins/nat/nat_msg_enum.h deleted file mode 100644 index 710b631c73d..00000000000 --- a/src/plugins/nat/nat_msg_enum.h +++ /dev/null @@ -1,31 +0,0 @@ - -/* - * nat_msg_enum.h - skeleton vpp engine plug-in message enumeration - * - * Copyright (c) - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at: - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#ifndef included_nat_msg_enum_h -#define included_nat_msg_enum_h - -#include - -#define vl_msg_id(n,h) n, -typedef enum { -#include - /* We'll want to know how many messages IDs we need... */ - VL_MSG_FIRST_AVAILABLE, -} vl_msg_id_t; -#undef vl_msg_id - -#endif /* included_nat_msg_enum_h */ diff --git a/src/plugins/nat/nat_test.c b/src/plugins/nat/nat_test.c deleted file mode 100644 index 228d5b58157..00000000000 --- a/src/plugins/nat/nat_test.c +++ /dev/null @@ -1,1017 +0,0 @@ -/* - * nat.c - skeleton vpp-api-test plug-in - * - * Copyright (c) - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at: - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#include -#include -#include - -#include -#include -#include - -#define __plugin_msg_base snat_test_main.msg_id_base -#include - -uword unformat_sw_if_index (unformat_input_t * input, va_list * args); - -/* Declare message IDs */ -#include - -/* define message structures */ -#define vl_typedefs -#include -#undef vl_typedefs - -/* declare message handlers for each api */ - -#define vl_endianfun /* define message structures */ -#include -#undef vl_endianfun - -/* instantiate all the print functions we know about */ -#define vl_print(handle, ...) -#define vl_printfun -#include -#undef vl_printfun - -/* Get the API version number. */ -#define vl_api_version(n,v) static u32 api_version=(v); -#include -#undef vl_api_version - -typedef struct { - /* API message ID base */ - u16 msg_id_base; - vat_main_t *vat_main; -} snat_test_main_t; - -snat_test_main_t snat_test_main; - -#define foreach_standard_reply_retval_handler \ -_(nat44_add_del_address_range_reply) \ -_(nat44_interface_add_del_feature_reply) \ -_(nat44_interface_add_del_output_feature_reply) \ -_(nat44_add_del_static_mapping_reply) \ -_(nat_set_workers_reply) \ -_(nat44_add_del_interface_addr_reply) \ -_(nat_ipfix_enable_disable_reply) \ -_(nat_set_timeouts_reply) - -#define _(n) \ - static void vl_api_##n##_t_handler \ - (vl_api_##n##_t * mp) \ - { \ - vat_main_t * vam = snat_test_main.vat_main; \ - i32 retval = ntohl(mp->retval); \ - if (vam->async_mode) { \ - vam->async_errors += (retval < 0); \ - } else { \ - vam->retval = retval; \ - vam->result_ready = 1; \ - } \ - } -foreach_standard_reply_retval_handler; -#undef _ - -/* - * Table of message reply handlers, must include boilerplate handlers - * we just generated - */ -#define foreach_vpe_api_reply_msg \ -_(NAT44_ADD_DEL_ADDRESS_RANGE_REPLY, \ - nat44_add_del_address_range_reply) \ -_(NAT44_INTERFACE_ADD_DEL_FEATURE_REPLY, \ - nat44_interface_add_del_feature_reply) \ -_(NAT44_INTERFACE_ADD_DEL_OUTPUT_FEATURE_REPLY, \ - nat44_interface_add_del_output_feature_reply) \ -_(NAT44_ADD_DEL_STATIC_MAPPING_REPLY, \ - nat44_add_del_static_mapping_reply) \ -_(NAT_CONTROL_PING_REPLY, nat_control_ping_reply) \ -_(NAT44_STATIC_MAPPING_DETAILS, nat44_static_mapping_details) \ -_(NAT_SHOW_CONFIG_REPLY, nat_show_config_reply) \ -_(NAT_SHOW_CONFIG_2_REPLY, nat_show_config_2_reply) \ -_(NAT44_ADDRESS_DETAILS, nat44_address_details) \ -_(NAT44_INTERFACE_DETAILS, nat44_interface_details) \ -_(NAT_SET_WORKERS_REPLY, nat_set_workers_reply) \ -_(NAT_WORKER_DETAILS, nat_worker_details) \ -_(NAT44_ADD_DEL_INTERFACE_ADDR_REPLY, \ - nat44_add_del_interface_addr_reply) \ -_(NAT44_INTERFACE_ADDR_DETAILS, nat44_interface_addr_details) \ -_(NAT_IPFIX_ENABLE_DISABLE_REPLY, \ - nat_ipfix_enable_disable_reply) \ -_(NAT44_USER_DETAILS, nat44_user_details) \ -_(NAT44_USER_SESSION_DETAILS, nat44_user_session_details) \ -_(NAT_SET_TIMEOUTS_REPLY, nat_set_timeouts_reply) \ -_(NAT_GET_TIMEOUTS_REPLY, nat_get_timeouts_reply) - -static int api_nat44_add_del_address_range (vat_main_t * vam) -{ - unformat_input_t * i = vam->input; - ip4_address_t start_addr, end_addr; - u32 start_host_order, end_host_order; - vl_api_nat44_add_del_address_range_t * mp; - u8 is_add = 1; - u8 twice_nat = 0; - int vrf_id = ~0; - int count; - int ret; - - while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT) - { - if (unformat (i, "%U - %U", - unformat_ip4_address, &start_addr, - unformat_ip4_address, &end_addr)) - ; - else if (unformat (i, "%U", unformat_ip4_address, &start_addr)) - end_addr = start_addr; - else if (unformat (i, "twice-nat")) - twice_nat = 1; - else if (unformat (i, "vrf %u", &vrf_id)) - ; - else if (unformat (i, "del")) - is_add = 0; - else - { - clib_warning("unknown input '%U'", format_unformat_error, i); - return -99; - } - } - - start_host_order = clib_host_to_net_u32 (start_addr.as_u32); - end_host_order = clib_host_to_net_u32 (end_addr.as_u32); - - if (end_host_order < start_host_order) - { - errmsg ("end address less than start address\n"); - return -99; - } - - count = (end_host_order - start_host_order) + 1; - - if (count > 1024) - { - errmsg ("%U - %U, %d addresses...\n", - format_ip4_address, &start_addr, - format_ip4_address, &end_addr, - count); - } - - M(NAT44_ADD_DEL_ADDRESS_RANGE, mp); - - memcpy (mp->first_ip_address, &start_addr, 4); - memcpy (mp->last_ip_address, &end_addr, 4); - mp->vrf_id = vrf_id; - if (twice_nat) - mp->flags = (vl_api_nat_config_flags_t)NAT_API_IS_TWICE_NAT; - mp->is_add = is_add; - - S(mp); - W (ret); - return ret; -} - -static int api_nat44_interface_add_del_feature (vat_main_t * vam) -{ - unformat_input_t * i = vam->input; - vl_api_nat44_interface_add_del_feature_t * mp; - u32 sw_if_index; - u8 sw_if_index_set = 0; - u8 is_inside = 1; - u8 is_add = 1; - int ret; - - while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT) - { - if (unformat (i, "%U", unformat_sw_if_index, vam, &sw_if_index)) - sw_if_index_set = 1; - else if (unformat (i, "sw_if_index %d", &sw_if_index)) - sw_if_index_set = 1; - else if (unformat (i, "out")) - is_inside = 0; - else if (unformat (i, "in")) - is_inside = 1; - else if (unformat (i, "del")) - is_add = 0; - else - { - clib_warning("unknown input '%U'", format_unformat_error, i); - return -99; - } - } - - if (sw_if_index_set == 0) - { - errmsg ("interface / sw_if_index required\n"); - return -99; - } - - M(NAT44_INTERFACE_ADD_DEL_FEATURE, mp); - mp->sw_if_index = ntohl(sw_if_index); - mp->is_add = is_add; - if (is_inside) - mp->flags |= NAT_API_IS_INSIDE; - - S(mp); - W (ret); - return ret; -} - -static int api_nat44_interface_add_del_output_feature (vat_main_t * vam) -{ - unformat_input_t * i = vam->input; - vl_api_nat44_interface_add_del_output_feature_t * mp; - u32 sw_if_index; - u8 sw_if_index_set = 0; - u8 is_inside = 1; - u8 is_add = 1; - int ret; - - while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT) - { - if (unformat (i, "%U", unformat_sw_if_index, vam, &sw_if_index)) - sw_if_index_set = 1; - else if (unformat (i, "sw_if_index %d", &sw_if_index)) - sw_if_index_set = 1; - else if (unformat (i, "out")) - is_inside = 0; - else if (unformat (i, "in")) - is_inside = 1; - else if (unformat (i, "del")) - is_add = 0; - else - { - clib_warning("unknown input '%U'", format_unformat_error, i); - return -99; - } - } - - if (sw_if_index_set == 0) - { - errmsg ("interface / sw_if_index required\n"); - return -99; - } - - M(NAT44_INTERFACE_ADD_DEL_OUTPUT_FEATURE, mp); - mp->sw_if_index = ntohl(sw_if_index); - mp->is_add = is_add; - if (is_inside) - mp->flags |= NAT_API_IS_INSIDE; - - S(mp); - W (ret); - return ret; -} - -static int api_nat44_add_del_static_mapping(vat_main_t * vam) -{ - unformat_input_t * i = vam->input; - vl_api_nat44_add_del_static_mapping_t * mp; - u8 external_addr_set = 0; - u8 local_addr_set = 0; - u8 is_add = 1; - u8 addr_only = 1; - ip4_address_t local_addr, external_addr; - u32 local_port = 0, external_port = 0, vrf_id = ~0; - u32 sw_if_index = ~0; - u8 sw_if_index_set = 0; - u32 proto = NAT_PROTOCOL_OTHER; - u8 proto_set = 0; - int ret; - - while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT) - { - if (unformat (i, "local_addr %U", unformat_ip4_address, &local_addr)) - local_addr_set = 1; - else if (unformat (i, "external_addr %U", unformat_ip4_address, - &external_addr)) - external_addr_set = 1; - else if (unformat (i, "local_port %u", &local_port)) - addr_only = 0; - else if (unformat (i, "external_port %u", &external_port)) - addr_only = 0; - else if (unformat (i, "external_if %U", unformat_sw_if_index, vam, - &sw_if_index)) - sw_if_index_set = 1; - else if (unformat (i, "external_sw_if_index %d", &sw_if_index)) - sw_if_index_set = 1; - else if (unformat (i, "vrf %u", &vrf_id)) - ; - else if (unformat (i, "protocol %u", &proto)) - proto_set = 1; - else if (unformat (i, "del")) - is_add = 0; - else - { - clib_warning("unknown input '%U'", format_unformat_error, i); - return -99; - } - } - - if (!addr_only && !proto_set) - { - errmsg ("protocol required\n"); - return -99; - } - - if (!local_addr_set) - { - errmsg ("local addr required\n"); - return -99; - } - if (!external_addr_set && !sw_if_index_set) - { - errmsg ("external addr or interface required\n"); - return -99; - } - - M(NAT44_ADD_DEL_STATIC_MAPPING, mp); - - mp->is_add = is_add; - if (addr_only) - mp->flags |= NAT_API_IS_ADDR_ONLY; - - mp->local_port = ntohs ((u16) local_port); - mp->external_port = ntohs ((u16) external_port); - mp->external_sw_if_index = ntohl (sw_if_index); - mp->vrf_id = ntohl (vrf_id); - mp->protocol = (u8) proto; - memcpy (mp->local_ip_address, &local_addr, 4); - memcpy (mp->external_ip_address, &external_addr, 4); - - S(mp); - W (ret); - return ret; -} - -static void vl_api_nat_control_ping_reply_t_handler - (vl_api_nat_control_ping_reply_t * mp) -{ - vat_main_t *vam = &vat_main; - i32 retval = ntohl (mp->retval); - if (vam->async_mode) - { - vam->async_errors += (retval < 0); - } - else - { - vam->retval = retval; - vam->result_ready = 1; - } -} - -static void vl_api_nat44_static_mapping_details_t_handler - (vl_api_nat44_static_mapping_details_t *mp) -{ - snat_test_main_t * sm = &snat_test_main; - vat_main_t *vam = sm->vat_main; - nat_config_flags_t flags = (nat_config_flags_t) mp->flags; - - if (flags & NAT_API_IS_ADDR_ONLY && mp->external_sw_if_index != ~0) - fformat (vam->ofp, "%15U%6s%15d%6s%11d%6d\n", - format_ip4_address, &mp->local_ip_address, "", - ntohl (mp->external_sw_if_index), "", - ntohl (mp->vrf_id), - mp->protocol); - else if (flags & NAT_API_IS_ADDR_ONLY && mp->external_sw_if_index == ~0) - fformat (vam->ofp, "%15U%6s%15U%6s%11d%6d\n", - format_ip4_address, &mp->local_ip_address, "", - format_ip4_address, &mp->external_ip_address, "", - ntohl (mp->vrf_id), - mp->protocol); - else if (!(flags & NAT_API_IS_ADDR_ONLY) && mp->external_sw_if_index != ~0) - fformat (vam->ofp, "%15U%6d%15d%6d%11d%6d\n", - format_ip4_address, &mp->local_ip_address, - ntohs (mp->local_port), - ntohl (mp->external_sw_if_index), - ntohs (mp->external_port), - ntohl (mp->vrf_id), - mp->protocol); - else - fformat (vam->ofp, "%15U%6d%15U%6d%11d%6d\n", - format_ip4_address, &mp->local_ip_address, - ntohs (mp->local_port), - format_ip4_address, &mp->external_ip_address, - ntohs (mp->external_port), - ntohl (mp->vrf_id), - mp->protocol); - -} - -static int api_nat44_static_mapping_dump(vat_main_t * vam) -{ - vl_api_nat44_static_mapping_dump_t * mp; - vl_api_nat_control_ping_t *mp_ping; - int ret; - - if (vam->json_output) - { - clib_warning ("JSON output not supported for nat44_static_mapping_dump"); - return -99; - } - - fformat (vam->ofp, "%21s%21s\n", "local", "external"); - fformat (vam->ofp, "%15s%6s%15s%6s%11s%6s\n", "address", "port", - "address/if_idx", "port", "vrf", "proto"); - - M(NAT44_STATIC_MAPPING_DUMP, mp); - S(mp); - - /* Use a control ping for synchronization */ - M(NAT_CONTROL_PING, mp_ping); - S(mp_ping); - - W (ret); - return ret; -} - -static void vl_api_nat_show_config_reply_t_handler - (vl_api_nat_show_config_reply_t *mp) -{ - snat_test_main_t * sm = &snat_test_main; - vat_main_t *vam = sm->vat_main; - i32 retval = ntohl (mp->retval); - - if (retval >= 0) - { - fformat (vam->ofp, "translation hash buckets %d\n", - ntohl (mp->translation_buckets)); - fformat (vam->ofp, "translation hash memory %d\n", - ntohl (mp->translation_memory_size)); - fformat (vam->ofp, "user hash buckets %d\n", ntohl (mp->user_buckets)); - fformat (vam->ofp, "user hash memory %d\n", ntohl (mp->user_memory_size)); - fformat (vam->ofp, "max translations per user %d\n", - ntohl (mp->max_translations_per_user)); - fformat (vam->ofp, "outside VRF id %d\n", ntohl (mp->outside_vrf_id)); - fformat (vam->ofp, "inside VRF id %d\n", ntohl (mp->inside_vrf_id)); - if (mp->static_mapping_only) - { - fformat (vam->ofp, "static mapping only"); - if (mp->static_mapping_connection_tracking) - fformat (vam->ofp, " connection tracking"); - fformat (vam->ofp, "\n"); - } - } - vam->retval = retval; - vam->result_ready = 1; -} - -static void vl_api_nat_show_config_2_reply_t_handler - (vl_api_nat_show_config_2_reply_t *mp) -{ - snat_test_main_t * sm = &snat_test_main; - vat_main_t *vam = sm->vat_main; - i32 retval = ntohl (mp->retval); - - if (retval >= 0) - { - fformat (vam->ofp, "translation hash buckets %d\n", - ntohl (mp->translation_buckets)); - fformat (vam->ofp, "translation hash memory %d\n", - ntohl (mp->translation_memory_size)); - fformat (vam->ofp, "user hash buckets %d\n", ntohl (mp->user_buckets)); - fformat (vam->ofp, "user hash memory %d\n", ntohl (mp->user_memory_size)); - fformat (vam->ofp, "max translations per user %d\n", - ntohl (mp->max_translations_per_user)); - fformat (vam->ofp, "outside VRF id %d\n", ntohl (mp->outside_vrf_id)); - fformat (vam->ofp, "inside VRF id %d\n", ntohl (mp->inside_vrf_id)); - if (mp->static_mapping_only) - { - fformat (vam->ofp, "static mapping only"); - if (mp->static_mapping_connection_tracking) - fformat (vam->ofp, " connection tracking"); - fformat (vam->ofp, "\n"); - } - } - vam->retval = retval; - vam->result_ready = 1; -} - -static int api_nat_show_config(vat_main_t * vam) -{ - vl_api_nat_show_config_t * mp; - int ret; - - if (vam->json_output) - { - clib_warning ("JSON output not supported for nat_show_config"); - return -99; - } - - M(NAT_SHOW_CONFIG, mp); - S(mp); - W (ret); - return ret; -} - -static int api_nat_show_config_2(vat_main_t * vam) -{ - vl_api_nat_show_config_2_t * mp; - int ret; - - if (vam->json_output) - { - clib_warning ("JSON output not supported for nat_show_config_2"); - return -99; - } - - M(NAT_SHOW_CONFIG_2, mp); - S(mp); - W (ret); - return ret; -} - -static void vl_api_nat44_address_details_t_handler - (vl_api_nat44_address_details_t *mp) -{ - snat_test_main_t * sm = &snat_test_main; - vat_main_t *vam = sm->vat_main; - - fformat (vam->ofp, "%U\n", format_ip4_address, &mp->ip_address); -} - -static int api_nat44_address_dump(vat_main_t * vam) -{ - vl_api_nat44_address_dump_t * mp; - vl_api_nat_control_ping_t *mp_ping; - int ret; - - if (vam->json_output) - { - clib_warning ("JSON output not supported for nat44_address_dump"); - return -99; - } - - M(NAT44_ADDRESS_DUMP, mp); - S(mp); - - /* Use a control ping for synchronization */ - M(NAT_CONTROL_PING, mp_ping); - S(mp_ping); - - W (ret); - return ret; -} - -static void vl_api_nat44_interface_details_t_handler - (vl_api_nat44_interface_details_t *mp) -{ - nat_config_flags_t flags = (nat_config_flags_t) mp->flags; - snat_test_main_t * sm = &snat_test_main; - vat_main_t *vam = sm->vat_main; - - if ((flags & NAT_API_IS_INSIDE) && (flags & NAT_API_IS_OUTSIDE)) - { - fformat (vam->ofp, "sw_if_index %d in & out\n", ntohl (mp->sw_if_index)); - } - else - { - fformat (vam->ofp, "sw_if_index %d %s\n", ntohl (mp->sw_if_index), - flags & NAT_API_IS_INSIDE ? "in" : "out"); - } -} - -static int api_nat44_interface_dump(vat_main_t * vam) -{ - vl_api_nat44_interface_dump_t * mp; - vl_api_nat_control_ping_t *mp_ping; - int ret; - - if (vam->json_output) - { - clib_warning ("JSON output not supported for nat44_address_dump"); - return -99; - } - - M(NAT44_INTERFACE_DUMP, mp); - S(mp); - - /* Use a control ping for synchronization */ - M(NAT_CONTROL_PING, mp_ping); - S(mp_ping); - - W (ret); - return ret; -} - -static int api_nat_set_workers (vat_main_t * vam) -{ - unformat_input_t * i = vam->input; - vl_api_nat_set_workers_t * mp; - uword *bitmap; - int ret; - - while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT) - { - if (unformat (i, "%U", unformat_bitmap_list, &bitmap)) - ; - else - { - clib_warning("unknown input '%U'", format_unformat_error, i); - return -99; - } - } - - M(NAT_SET_WORKERS, mp); - mp->worker_mask = clib_host_to_net_u64 (bitmap[0]); - - S(mp); - W (ret); - return ret; -} - -static void vl_api_nat_worker_details_t_handler - (vl_api_nat_worker_details_t *mp) -{ - snat_test_main_t * sm = &snat_test_main; - vat_main_t *vam = sm->vat_main; - - fformat (vam->ofp, "worker_index %d (%s at lcore %u)\n", - ntohl (mp->worker_index), mp->name, ntohl (mp->lcore_id)); -} - -static int api_nat_worker_dump(vat_main_t * vam) -{ - vl_api_nat_worker_dump_t * mp; - vl_api_nat_control_ping_t *mp_ping; - int ret; - - if (vam->json_output) - { - clib_warning ("JSON output not supported for nat_address_dump"); - return -99; - } - - M(NAT_WORKER_DUMP, mp); - S(mp); - - /* Use a control ping for synchronization */ - M(NAT_CONTROL_PING, mp_ping); - S(mp_ping); - - W (ret); - return ret; -} - -static int api_nat44_add_del_interface_addr (vat_main_t * vam) -{ - unformat_input_t * i = vam->input; - vl_api_nat44_add_del_interface_addr_t * mp; - u32 sw_if_index; - u8 sw_if_index_set = 0; - u8 is_add = 1; - u8 twice_nat = 0; - int ret; - - while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT) - { - if (unformat (i, "%U", unformat_sw_if_index, vam, &sw_if_index)) - sw_if_index_set = 1; - else if (unformat (i, "sw_if_index %d", &sw_if_index)) - sw_if_index_set = 1; - else if (unformat (i, "twice-nat")) - twice_nat = 1; - else if (unformat (i, "del")) - is_add = 0; - else - { - clib_warning("unknown input '%U'", format_unformat_error, i); - return -99; - } - } - - if (sw_if_index_set == 0) - { - errmsg ("interface / sw_if_index required\n"); - return -99; - } - - M(NAT44_ADD_DEL_INTERFACE_ADDR, mp); - mp->sw_if_index = ntohl(sw_if_index); - if (twice_nat) - mp->flags = (vl_api_nat_config_flags_t)NAT_API_IS_TWICE_NAT; - mp->is_add = is_add; - - S(mp); - W (ret); - return ret; -} - -static void vl_api_nat44_interface_addr_details_t_handler - (vl_api_nat44_interface_addr_details_t *mp) -{ - snat_test_main_t * sm = &snat_test_main; - vat_main_t *vam = sm->vat_main; - - fformat (vam->ofp, "sw_if_index %d\n", ntohl (mp->sw_if_index)); -} - -static int api_nat44_interface_addr_dump(vat_main_t * vam) -{ - vl_api_nat44_interface_addr_dump_t * mp; - vl_api_nat_control_ping_t *mp_ping; - int ret; - - if (vam->json_output) - { - clib_warning ("JSON output not supported for nat44_address_dump"); - return -99; - } - - M(NAT44_INTERFACE_ADDR_DUMP, mp); - S(mp); - - /* Use a control ping for synchronization */ - M(NAT_CONTROL_PING, mp_ping); - S(mp_ping); - - W (ret); - return ret; -} - -static int api_nat_ipfix_enable_disable (vat_main_t * vam) -{ - unformat_input_t * i = vam->input; - vl_api_nat_ipfix_enable_disable_t * mp; - u32 domain_id = 0; - u32 src_port = 0; - u8 enable = 1; - int ret; - - while (unformat_check_input (i) != UNFORMAT_END_OF_INPUT) - { - if (unformat (i, "domain %d", &domain_id)) - ; - else if (unformat (i, "src_port %d", &src_port)) - ; - else if (unformat (i, "disable")) - enable = 0; - else - { - clib_warning("unknown input '%U'", format_unformat_error, i); - return -99; - } - } - - M(NAT_IPFIX_ENABLE_DISABLE, mp); - mp->domain_id = htonl(domain_id); - mp->src_port = htons((u16) src_port); - mp->enable = enable; - - S(mp); - W (ret); - return ret; -} - -static void vl_api_nat44_user_session_details_t_handler - (vl_api_nat44_user_session_details_t *mp) -{ - snat_test_main_t * sm = &snat_test_main; - vat_main_t *vam = sm->vat_main; - - fformat(vam->ofp, "%s session %U:%d to %U:%d protocol id %d " - "total packets %d total bytes %lld\n", - mp->flags & NAT_API_IS_STATIC ? "static" : "dynamic", - format_ip4_address, mp->inside_ip_address, ntohs(mp->inside_port), - format_ip4_address, mp->outside_ip_address, ntohs(mp->outside_port), - ntohs(mp->protocol), ntohl(mp->total_pkts), - clib_net_to_host_u64(mp->total_bytes)); -} - -static int api_nat44_user_session_dump(vat_main_t * vam) -{ - unformat_input_t* i = vam->input; - vl_api_nat44_user_session_dump_t * mp; - vl_api_nat_control_ping_t *mp_ping; - ip4_address_t addr; - u32 vrf_id = ~0; - int ret; - - if (vam->json_output) - { - clib_warning ("JSON output not supported for nat44_address_dump"); - return -99; - } - - if (unformat (i, "ip_address %U vrf_id %d", - unformat_ip4_address, &addr, &vrf_id)) - ; - else - { - clib_warning("unknown input '%U'", format_unformat_error, i); - return -99; - } - - M(NAT44_USER_SESSION_DUMP, mp); - S(mp); - - /* Use a control ping for synchronization */ - M(NAT_CONTROL_PING, mp_ping); - clib_memset(mp->ip_address, 0, 16); - clib_memcpy(mp->ip_address, &addr, 4); - mp->vrf_id = htonl(vrf_id); - S(mp_ping); - - W (ret); - return ret; -} - -static void vl_api_nat44_user_details_t_handler - (vl_api_nat44_user_details_t *mp) -{ - snat_test_main_t * sm = &snat_test_main; - vat_main_t *vam = sm->vat_main; - - fformat(vam->ofp, "user with ip %U with vrf_id %d " - "with %d sessions and %d static sessions\n", - format_ip4_address, mp->ip_address, ntohl(mp->vrf_id), - ntohl(mp->nsessions), ntohl(mp->nstaticsessions)); -} - -static int api_nat44_user_dump(vat_main_t * vam) -{ - vl_api_nat44_user_dump_t * mp; - vl_api_nat_control_ping_t *mp_ping; - int ret; - - if (vam->json_output) - { - clib_warning ("JSON output not supported for nat44_address_dump"); - return -99; - } - - M(NAT44_USER_DUMP, mp); - S(mp); - - /* Use a control ping for synchronization */ - M(NAT_CONTROL_PING, mp_ping); - S(mp_ping); - - W (ret); - return ret; -} - -static int api_nat_set_timeouts (vat_main_t * vam) -{ - unformat_input_t * i = vam->input; - vl_api_nat_set_timeouts_t * mp; - u32 udp = SNAT_UDP_TIMEOUT; - u32 tcp_established = SNAT_TCP_ESTABLISHED_TIMEOUT; - u32 tcp_transitory = SNAT_TCP_TRANSITORY_TIMEOUT; - u32 icmp = SNAT_ICMP_TIMEOUT; - int ret; - - if (unformat (i, "udp %d", &udp)) - ; - else if (unformat (i, "tcp_established %d", &tcp_established)) - ; - else if (unformat (i, "tcp_transitory %d", &tcp_transitory)) - ; - else if (unformat (i, "icmp %d", &icmp)) - ; - else - { - clib_warning("unknown input '%U'", format_unformat_error, i); - return -99; - } - - M(NAT_SET_TIMEOUTS, mp); - mp->udp = htonl(udp); - mp->tcp_established = htonl(tcp_established); - mp->tcp_transitory = htonl(tcp_transitory); - mp->icmp = htonl(icmp); - - S(mp); - W (ret); - return ret; -} - -static void vl_api_nat_get_timeouts_reply_t_handler - (vl_api_nat_get_timeouts_reply_t *mp) -{ - snat_test_main_t * sm = &snat_test_main; - vat_main_t *vam = sm->vat_main; - i32 retval = ntohl (mp->retval); - - if (retval >= 0) - { - fformat (vam->ofp, "udp timeout: %dsec\n", ntohl (mp->udp)); - fformat (vam->ofp, "tcp-established timeout: %dsec", - ntohl (mp->tcp_established)); - fformat (vam->ofp, "tcp-transitory timeout: %dsec", - ntohl (mp->tcp_transitory)); - fformat (vam->ofp, "icmp timeout: %dsec", ntohl (mp->icmp)); - } - vam->retval = retval; - vam->result_ready = 1; -} - -static int api_nat_get_timeouts(vat_main_t * vam) -{ - vl_api_nat_get_timeouts_t * mp; - int ret; - - if (vam->json_output) - { - clib_warning ("JSON output not supported for nat_get_timeouts"); - return -99; - } - - M(NAT_GET_TIMEOUTS, mp); - S(mp); - W (ret); - return ret; -} - -/* - * List of messages that the api test plugin sends, - * and that the data plane plugin processes - */ -#define foreach_vpe_api_msg \ -_(nat44_add_del_address_range, \ - " [- ] [vrf ] [twice-nat] [del]") \ -_(nat44_interface_add_del_feature, \ - " | sw_if_index [in] [out] [del]") \ -_(nat44_interface_add_del_output_feature, \ - " | sw_if_index [in] [out] [del]") \ -_(nat44_add_del_static_mapping, "local_addr " \ - " (external_addr | external_if |" \ - " external_sw_if_ndex ) [local_port ]" \ - " [external_port ] [vrf ] [del] protocol ") \ -_(nat_set_workers, "") \ -_(nat44_static_mapping_dump, "") \ -_(nat_show_config, "") \ -_(nat_show_config_2, "") \ -_(nat44_address_dump, "") \ -_(nat44_interface_dump, "") \ -_(nat_worker_dump, "") \ -_(nat44_add_del_interface_addr, \ - " | sw_if_index [twice-nat] [del]") \ -_(nat44_interface_addr_dump, "") \ -_(nat_ipfix_enable_disable, "[domain ] [src_port ] " \ - "[disable]") \ -_(nat44_user_dump, "") \ -_(nat44_user_session_dump, "ip_address vrf_id ") \ -_(nat_set_timeouts, "[udp | tcp_established | " \ - "tcp_transitory | icmp ]") \ -_(nat_get_timeouts, "") - -static void -snat_vat_api_hookup (vat_main_t *vam) -{ - snat_test_main_t * sm __attribute__((unused)) = &snat_test_main; - /* Hook up handlers for replies from the data plane plug-in */ -#define _(N,n) \ - vl_msg_api_set_handlers((VL_API_##N + sm->msg_id_base), \ - #n, \ - vl_api_##n##_t_handler, \ - vl_noop_handler, \ - vl_api_##n##_t_endian, \ - vl_api_##n##_t_print, \ - sizeof(vl_api_##n##_t), 1); - foreach_vpe_api_reply_msg; -#undef _ - - /* API messages we can send */ -#define _(n,h) \ - hash_set_mem (vam->function_by_name, #n, api_##n); - foreach_vpe_api_msg; -#undef _ - - /* Help strings */ -#define _(n,h) hash_set_mem (vam->help_by_name, #n, h); - foreach_vpe_api_msg; -#undef _ -} - -clib_error_t * vat_plugin_register (vat_main_t *vam) -{ - snat_test_main_t * sm = &snat_test_main; - u8 * name; - - sm->vat_main = vam; - - /* Ask the vpp engine for the first assigned message-id */ - name = format (0, "nat_%08x%c", api_version, 0); - sm->msg_id_base = vl_client_get_first_plugin_msg_id ((char *) name); - vec_free(name); - - if (sm->msg_id_base != (u16) ~0) - snat_vat_api_hookup (vam); - else - return clib_error_return (0, "nat plugin not loaded..."); - - return 0; -} -- cgit 1.2.3-korg