diff options
author | Matus Fabian <matfabia@cisco.com> | 2017-08-21 07:05:03 -0700 |
---|---|---|
committer | Ole Trøan <otroan@employees.org> | 2017-08-23 07:42:10 +0000 |
commit | 2ba92e32e0197f676dd905e5edcb4ff3e1bec241 (patch) | |
tree | 4d5eba20eda422bde4e9218834e1b8662a43b001 /src/plugins | |
parent | cfc997ef3da9f406afe5caad99fc98a53aab7a77 (diff) |
NAT: Rename snat plugin to nat (VPP-955)
Change-Id: I30a7e3da7a4efc6038a91e27b48045d4b07e2764
Signed-off-by: Matus Fabian <matfabia@cisco.com>
Diffstat (limited to 'src/plugins')
-rw-r--r-- | src/plugins/Makefile.am | 4 | ||||
-rw-r--r-- | src/plugins/nat.am | 41 | ||||
-rw-r--r-- | src/plugins/nat/in2out.c (renamed from src/plugins/snat/in2out.c) | 144 | ||||
-rw-r--r-- | src/plugins/nat/nat.api (renamed from src/plugins/snat/snat.api) | 684 | ||||
-rw-r--r-- | src/plugins/nat/nat.c (renamed from src/plugins/snat/snat.c) | 190 | ||||
-rw-r--r-- | src/plugins/nat/nat.h (renamed from src/plugins/snat/snat.h) | 18 | ||||
-rw-r--r-- | src/plugins/nat/nat64.c (renamed from src/plugins/snat/nat64.c) | 4 | ||||
-rw-r--r-- | src/plugins/nat/nat64.h (renamed from src/plugins/snat/nat64.h) | 4 | ||||
-rw-r--r-- | src/plugins/nat/nat64_cli.c (renamed from src/plugins/snat/nat64_cli.c) | 4 | ||||
-rw-r--r-- | src/plugins/nat/nat64_db.c (renamed from src/plugins/snat/nat64_db.c) | 2 | ||||
-rw-r--r-- | src/plugins/nat/nat64_db.h (renamed from src/plugins/snat/nat64_db.h) | 2 | ||||
-rw-r--r-- | src/plugins/nat/nat64_doc.md (renamed from src/plugins/snat/nat64_doc.md) | 0 | ||||
-rw-r--r-- | src/plugins/nat/nat64_in2out.c (renamed from src/plugins/snat/nat64_in2out.c) | 2 | ||||
-rw-r--r-- | src/plugins/nat/nat64_out2in.c (renamed from src/plugins/snat/nat64_out2in.c) | 2 | ||||
-rw-r--r-- | src/plugins/nat/nat_all_api_h.h (renamed from src/plugins/snat/snat_all_api_h.h) | 4 | ||||
-rw-r--r-- | src/plugins/nat/nat_api.c (renamed from src/plugins/snat/snat_api.c) | 1311 | ||||
-rw-r--r-- | src/plugins/nat/nat_det.c (renamed from src/plugins/snat/snat_det.c) | 6 | ||||
-rw-r--r-- | src/plugins/nat/nat_det.h (renamed from src/plugins/snat/snat_det.h) | 12 | ||||
-rw-r--r-- | src/plugins/nat/nat_ipfix_logging.c (renamed from src/plugins/snat/snat_ipfix_logging.c) | 14 | ||||
-rw-r--r-- | src/plugins/nat/nat_ipfix_logging.h (renamed from src/plugins/snat/snat_ipfix_logging.h) | 10 | ||||
-rw-r--r-- | src/plugins/nat/nat_msg_enum.h (renamed from src/plugins/snat/snat_msg_enum.h) | 10 | ||||
-rw-r--r-- | src/plugins/nat/nat_test.c (renamed from src/plugins/snat/snat_test.c) | 14 | ||||
-rw-r--r-- | src/plugins/nat/out2in.c (renamed from src/plugins/snat/out2in.c) | 134 | ||||
-rw-r--r-- | src/plugins/snat.am | 41 |
24 files changed, 2279 insertions, 378 deletions
diff --git a/src/plugins/Makefile.am b/src/plugins/Makefile.am index 8c7b3fac..205bfe6d 100644 --- a/src/plugins/Makefile.am +++ b/src/plugins/Makefile.am @@ -74,8 +74,8 @@ if ENABLE_SIXRD_PLUGIN include sixrd.am endif -if ENABLE_SNAT_PLUGIN -include snat.am +if ENABLE_NAT_PLUGIN +include nat.am endif include ../suffix-rules.mk diff --git a/src/plugins/nat.am b/src/plugins/nat.am new file mode 100644 index 00000000..b967a716 --- /dev/null +++ b/src/plugins/nat.am @@ -0,0 +1,41 @@ + +# Copyright (c) <current-year> <your-organization> +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at: +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +vppapitestplugins_LTLIBRARIES += nat_test_plugin.la +vppplugins_LTLIBRARIES += nat_plugin.la + +nat_plugin_la_SOURCES = nat/nat.c \ + nat/nat_api.c \ + nat/in2out.c \ + nat/out2in.c \ + nat/nat_plugin.api.h \ + nat/nat_ipfix_logging.c \ + nat/nat_det.c \ + nat/nat64.c \ + nat/nat64_cli.c \ + nat/nat64_in2out.c \ + nat/nat64_out2in.c \ + nat/nat64_db.c + +API_FILES += nat/nat.api + +nobase_apiinclude_HEADERS += \ + nat/nat_all_api_h.h \ + nat/nat_msg_enum.h \ + nat/nat.api.h + +nat_test_plugin_la_SOURCES = \ + nat/nat_test.c nat/nat_plugin.api.h + +# vi:syntax=automake diff --git a/src/plugins/snat/in2out.c b/src/plugins/nat/in2out.c index abe0d9db..62a11170 100644 --- a/src/plugins/snat/in2out.c +++ b/src/plugins/nat/in2out.c @@ -21,9 +21,9 @@ #include <vnet/ip/ip.h> #include <vnet/ethernet/ethernet.h> #include <vnet/fib/ip4_fib.h> -#include <snat/snat.h> -#include <snat/snat_ipfix_logging.h> -#include <snat/snat_det.h> +#include <nat/nat.h> +#include <nat/nat_ipfix_logging.h> +#include <nat/nat_det.h> #include <vppinfra/hash.h> #include <vppinfra/error.h> @@ -49,8 +49,8 @@ static u8 * format_snat_in2out_trace (u8 * s, va_list * args) snat_in2out_trace_t * t = va_arg (*args, snat_in2out_trace_t *); char * tag; - tag = t->is_slow_path ? "SNAT_IN2OUT_SLOW_PATH" : "SNAT_IN2OUT_FAST_PATH"; - + tag = t->is_slow_path ? "NAT44_IN2OUT_SLOW_PATH" : "NAT44_IN2OUT_FAST_PATH"; + s = format (s, "%s: sw_if_index %d, next index %d, session %d", tag, t->sw_if_index, t->next_index, t->session_index); @@ -63,7 +63,7 @@ static u8 * format_snat_in2out_fast_trace (u8 * s, va_list * args) CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *); snat_in2out_trace_t * t = va_arg (*args, snat_in2out_trace_t *); - s = format (s, "SANT_IN2OUT_FAST: sw_if_index %d, next index %d", + s = format (s, "NAT44_IN2OUT_FAST: sw_if_index %d, next index %d", t->sw_if_index, t->next_index); return s; @@ -78,7 +78,7 @@ static u8 * format_snat_in2out_worker_handoff_trace (u8 * s, va_list * args) char * m; m = t->do_handoff ? "next worker" : "same worker"; - s = format (s, "SNAT_IN2OUT_WORKER_HANDOFF: %s %d", m, t->next_worker_index); + s = format (s, "NAT44_IN2OUT_WORKER_HANDOFF: %s %d", m, t->next_worker_index); return s; } @@ -102,7 +102,7 @@ _(OUT_OF_PORTS, "Out of ports") \ _(BAD_OUTSIDE_FIB, "Outside VRF ID not found") \ _(BAD_ICMP_TYPE, "unsupported ICMP type") \ _(NO_TRANSLATION, "No translation") - + typedef enum { #define _(sym,str) SNAT_IN2OUT_ERROR_##sym, foreach_snat_in2out_error @@ -138,11 +138,11 @@ typedef enum { * Packets aimed at outside interface and external addresss with active session * should be translated. * - * @param sm SNAT main - * @param rt SNAT runtime data + * @param sm NAT main + * @param rt NAT runtime data * @param sw_if_index0 index of the inside interface * @param ip0 IPv4 header - * @param proto0 SNAT protocol + * @param proto0 NAT protocol * @param rx_fib_index0 RX FIB index * * @returns 0 if packet should be translated otherwise 1 @@ -254,7 +254,7 @@ static u32 slow_path (snat_main_t *sm, vlib_buffer_t *b0, user_key.addr = ip0->src_address; user_key.fib_index = rx_fib_index0; kv0.key = user_key.as_u64; - + /* Ever heard of the "user" = src ip4 address before? */ if (clib_bihash_search_8_8 (&sm->user_hash, &kv0, &value0)) { @@ -387,7 +387,7 @@ static u32 slow_path (snat_main_t *sm, vlib_buffer_t *b0, /* Create a new session */ pool_get (sm->per_thread_data[thread_index].sessions, s); memset (s, 0, sizeof (*s)); - + s->outside_address_index = address_index; if (static_mapping) @@ -418,7 +418,7 @@ static u32 slow_path (snat_main_t *sm, vlib_buffer_t *b0, per_user_translation_list_elt - sm->per_thread_data[thread_index].list_pool); } - + s->in2out = *key0; s->out2in = key1; s->out2in.protocol = key0->protocol; @@ -431,10 +431,10 @@ static u32 slow_path (snat_main_t *sm, vlib_buffer_t *b0, kv0.value = s - sm->per_thread_data[thread_index].sessions; if (clib_bihash_add_del_8_8 (&sm->in2out, &kv0, 1 /* is_add */)) clib_warning ("in2out key add failed"); - + kv0.key = s->out2in.as_u64; kv0.value = s - sm->per_thread_data[thread_index].sessions; - + if (clib_bihash_add_del_8_8 (&sm->out2in, &kv0, 1 /* is_add */)) clib_warning ("out2in key add failed"); @@ -502,11 +502,11 @@ snat_in2out_error_t icmp_get_key(ip4_header_t *ip0, } /** - * Get address and port values to be used for packet SNAT translation + * Get address and port values to be used for ICMP packet translation * and create session if needed * - * @param[in,out] sm SNAT main - * @param[in,out] node SNAT node runtime + * @param[in,out] sm NAT main + * @param[in,out] node NAT node runtime * @param[in] thread_index thread index * @param[in,out] b0 buffer containing packet to be translated * @param[out] p_proto protocol used for matching @@ -601,10 +601,10 @@ out: } /** - * Get address and port values to be used for packet SNAT translation + * Get address and port values to be used for ICMP packet translation * - * @param[in] sm SNAT main - * @param[in,out] node SNAT node runtime + * @param[in] sm NAT main + * @param[in,out] node NAT node runtime * @param[in] thread_index thread index * @param[in,out] b0 buffer containing packet to be translated * @param[out] p_proto protocol used for matching @@ -732,7 +732,7 @@ static inline u32 icmp_in2out (snat_main_t *sm, sum0 = ip_csum_update (sum0, old_addr0, new_addr0, ip4_header_t, src_address /* changed member */); ip0->checksum = ip_csum_fold (sum0); - + if (!icmp_is_error_message (icmp0)) { new_id0 = sm0.port; @@ -810,12 +810,12 @@ out: * communicate even if they only use each other's external IP addresses * and ports. * - * @param sm SNAT main. + * @param sm NAT main. * @param b0 Vlib buffer. * @param ip0 IP header. * @param udp0 UDP header. * @param tcp0 TCP header. - * @param proto0 SNAT protocol. + * @param proto0 NAT protocol. */ static inline void snat_hairpinning (snat_main_t *sm, @@ -1413,14 +1413,14 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, snat_session_t * s0 = 0, * s1 = 0; clib_bihash_kv_8_8_t kv0, value0, kv1, value1; u32 iph_offset0 = 0, iph_offset1 = 0; - + /* Prefetch next iteration. */ { vlib_buffer_t * p2, * p3; - + p2 = vlib_get_buffer (vm, from[2]); p3 = vlib_get_buffer (vm, from[3]); - + vlib_prefetch_buffer_header (p2, LOAD); vlib_prefetch_buffer_header (p3, LOAD); @@ -1435,7 +1435,7 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, to_next += 2; n_left_from -= 2; n_left_to_next -= 2; - + b0 = vlib_get_buffer (vm, bi0); b1 = vlib_get_buffer (vm, bi1); @@ -1450,7 +1450,7 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, icmp0 = (icmp46_header_t *) udp0; sw_if_index0 = vnet_buffer(b0)->sw_if_index[VLIB_RX]; - rx_fib_index0 = vec_elt (sm->ip4_main->fib_index_by_sw_if_index, + rx_fib_index0 = vec_elt (sm->ip4_main->fib_index_by_sw_if_index, sw_if_index0); next0 = next1 = SNAT_IN2OUT_NEXT_LOOKUP; @@ -1479,8 +1479,8 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, if (PREDICT_FALSE (proto0 == SNAT_PROTOCOL_ICMP)) { - next0 = icmp_in2out_slow_path - (sm, b0, ip0, icmp0, sw_if_index0, rx_fib_index0, + next0 = icmp_in2out_slow_path + (sm, b0, ip0, icmp0, sw_if_index0, rx_fib_index0, node, next0, now, thread_index, &s0); goto trace00; } @@ -1498,7 +1498,7 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, key0.port = udp0->src_port; key0.protocol = proto0; key0.fib_index = rx_fib_index0; - + kv0.key = key0.as_u64; if (PREDICT_FALSE (clib_bihash_search_8_8 (&sm->in2out, &kv0, &value0) != 0)) @@ -1577,10 +1577,10 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, } trace00: - if (PREDICT_FALSE((node->flags & VLIB_NODE_FLAG_TRACE) - && (b0->flags & VLIB_BUFFER_IS_TRACED))) + if (PREDICT_FALSE((node->flags & VLIB_NODE_FLAG_TRACE) + && (b0->flags & VLIB_BUFFER_IS_TRACED))) { - snat_in2out_trace_t *t = + snat_in2out_trace_t *t = vlib_add_trace (vm, node, b0, sizeof (*t)); t->is_slow_path = is_slow_path; t->sw_if_index = sw_if_index0; @@ -1603,7 +1603,7 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, icmp1 = (icmp46_header_t *) udp1; sw_if_index1 = vnet_buffer(b1)->sw_if_index[VLIB_RX]; - rx_fib_index1 = vec_elt (sm->ip4_main->fib_index_by_sw_if_index, + rx_fib_index1 = vec_elt (sm->ip4_main->fib_index_by_sw_if_index, sw_if_index1); if (PREDICT_FALSE(ip1->ttl == 1)) @@ -1630,7 +1630,7 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, if (PREDICT_FALSE (proto1 == SNAT_PROTOCOL_ICMP)) { - next1 = icmp_in2out_slow_path + next1 = icmp_in2out_slow_path (sm, b1, ip1, icmp1, sw_if_index1, rx_fib_index1, node, next1, now, thread_index, &s1); goto trace01; @@ -1649,7 +1649,7 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, key1.port = udp1->src_port; key1.protocol = proto1; key1.fib_index = rx_fib_index1; - + kv1.key = key1.as_u64; if (PREDICT_FALSE(clib_bihash_search_8_8 (&sm->in2out, &kv1, &value1) != 0)) @@ -1728,10 +1728,10 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, } trace01: - if (PREDICT_FALSE((node->flags & VLIB_NODE_FLAG_TRACE) - && (b1->flags & VLIB_BUFFER_IS_TRACED))) + if (PREDICT_FALSE((node->flags & VLIB_NODE_FLAG_TRACE) + && (b1->flags & VLIB_BUFFER_IS_TRACED))) { - snat_in2out_trace_t *t = + snat_in2out_trace_t *t = vlib_add_trace (vm, node, b1, sizeof (*t)); t->sw_if_index = sw_if_index1; t->next_index = next1; @@ -1790,7 +1790,7 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, icmp0 = (icmp46_header_t *) udp0; sw_if_index0 = vnet_buffer(b0)->sw_if_index[VLIB_RX]; - rx_fib_index0 = vec_elt (sm->ip4_main->fib_index_by_sw_if_index, + rx_fib_index0 = vec_elt (sm->ip4_main->fib_index_by_sw_if_index, sw_if_index0); if (PREDICT_FALSE(ip0->ttl == 1)) @@ -1817,7 +1817,7 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, if (PREDICT_FALSE (proto0 == SNAT_PROTOCOL_ICMP)) { - next0 = icmp_in2out_slow_path + next0 = icmp_in2out_slow_path (sm, b0, ip0, icmp0, sw_if_index0, rx_fib_index0, node, next0, now, thread_index, &s0); goto trace0; @@ -1836,7 +1836,7 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, key0.port = udp0->src_port; key0.protocol = proto0; key0.fib_index = rx_fib_index0; - + kv0.key = key0.as_u64; if (clib_bihash_search_8_8 (&sm->in2out, &kv0, &value0)) @@ -1916,10 +1916,10 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, } trace0: - if (PREDICT_FALSE((node->flags & VLIB_NODE_FLAG_TRACE) - && (b0->flags & VLIB_BUFFER_IS_TRACED))) + if (PREDICT_FALSE((node->flags & VLIB_NODE_FLAG_TRACE) + && (b0->flags & VLIB_BUFFER_IS_TRACED))) { - snat_in2out_trace_t *t = + snat_in2out_trace_t *t = vlib_add_trace (vm, node, b0, sizeof (*t)); t->is_slow_path = is_slow_path; t->sw_if_index = sw_if_index0; @@ -1940,8 +1940,8 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, vlib_put_next_frame (vm, node, next_index, n_left_to_next); } - vlib_node_increment_counter (vm, stats_node_index, - SNAT_IN2OUT_ERROR_IN2OUT_PACKETS, + vlib_node_increment_counter (vm, stats_node_index, + SNAT_IN2OUT_ERROR_IN2OUT_PACKETS, pkts_processed); return frame->n_vectors; } @@ -1956,7 +1956,7 @@ snat_in2out_fast_path_fn (vlib_main_t * vm, VLIB_REGISTER_NODE (snat_in2out_node) = { .function = snat_in2out_fast_path_fn, - .name = "snat-in2out", + .name = "nat44-in2out", .vector_size = sizeof (u32), .format_trace = format_snat_in2out_trace, .type = VLIB_NODE_TYPE_INTERNAL, @@ -1972,7 +1972,7 @@ VLIB_REGISTER_NODE (snat_in2out_node) = { .next_nodes = { [SNAT_IN2OUT_NEXT_DROP] = "error-drop", [SNAT_IN2OUT_NEXT_LOOKUP] = "ip4-lookup", - [SNAT_IN2OUT_NEXT_SLOW_PATH] = "snat-in2out-slowpath", + [SNAT_IN2OUT_NEXT_SLOW_PATH] = "nat44-in2out-slowpath", [SNAT_IN2OUT_NEXT_ICMP_ERROR] = "ip4-icmp-error", }, }; @@ -1989,7 +1989,7 @@ snat_in2out_output_fast_path_fn (vlib_main_t * vm, VLIB_REGISTER_NODE (snat_in2out_output_node) = { .function = snat_in2out_output_fast_path_fn, - .name = "snat-in2out-output", + .name = "nat44-in2out-output", .vector_size = sizeof (u32), .format_trace = format_snat_in2out_trace, .type = VLIB_NODE_TYPE_INTERNAL, @@ -2005,7 +2005,7 @@ VLIB_REGISTER_NODE (snat_in2out_output_node) = { .next_nodes = { [SNAT_IN2OUT_NEXT_DROP] = "error-drop", [SNAT_IN2OUT_NEXT_LOOKUP] = "interface-output", - [SNAT_IN2OUT_NEXT_SLOW_PATH] = "snat-in2out-output-slowpath", + [SNAT_IN2OUT_NEXT_SLOW_PATH] = "nat44-in2out-output-slowpath", [SNAT_IN2OUT_NEXT_ICMP_ERROR] = "ip4-icmp-error", }, }; @@ -2023,7 +2023,7 @@ snat_in2out_slow_path_fn (vlib_main_t * vm, VLIB_REGISTER_NODE (snat_in2out_slowpath_node) = { .function = snat_in2out_slow_path_fn, - .name = "snat-in2out-slowpath", + .name = "nat44-in2out-slowpath", .vector_size = sizeof (u32), .format_trace = format_snat_in2out_trace, .type = VLIB_NODE_TYPE_INTERNAL, @@ -2039,7 +2039,7 @@ VLIB_REGISTER_NODE (snat_in2out_slowpath_node) = { .next_nodes = { [SNAT_IN2OUT_NEXT_DROP] = "error-drop", [SNAT_IN2OUT_NEXT_LOOKUP] = "ip4-lookup", - [SNAT_IN2OUT_NEXT_SLOW_PATH] = "snat-in2out-slowpath", + [SNAT_IN2OUT_NEXT_SLOW_PATH] = "nat44-in2out-slowpath", [SNAT_IN2OUT_NEXT_ICMP_ERROR] = "ip4-icmp-error", }, }; @@ -2057,7 +2057,7 @@ snat_in2out_output_slow_path_fn (vlib_main_t * vm, VLIB_REGISTER_NODE (snat_in2out_output_slowpath_node) = { .function = snat_in2out_output_slow_path_fn, - .name = "snat-in2out-output-slowpath", + .name = "nat44-in2out-output-slowpath", .vector_size = sizeof (u32), .format_trace = format_snat_in2out_trace, .type = VLIB_NODE_TYPE_INTERNAL, @@ -2073,7 +2073,7 @@ VLIB_REGISTER_NODE (snat_in2out_output_slowpath_node) = { .next_nodes = { [SNAT_IN2OUT_NEXT_DROP] = "error-drop", [SNAT_IN2OUT_NEXT_LOOKUP] = "interface-output", - [SNAT_IN2OUT_NEXT_SLOW_PATH] = "snat-in2out-output-slowpath", + [SNAT_IN2OUT_NEXT_SLOW_PATH] = "nat44-in2out-output-slowpath", [SNAT_IN2OUT_NEXT_ICMP_ERROR] = "ip4-icmp-error", }, }; @@ -2658,7 +2658,7 @@ snat_det_in2out_node_fn (vlib_main_t * vm, VLIB_REGISTER_NODE (snat_det_in2out_node) = { .function = snat_det_in2out_node_fn, - .name = "snat-det-in2out", + .name = "nat44-det-in2out", .vector_size = sizeof (u32), .format_trace = format_snat_in2out_trace, .type = VLIB_NODE_TYPE_INTERNAL, @@ -2681,11 +2681,11 @@ VLIB_REGISTER_NODE (snat_det_in2out_node) = { VLIB_NODE_FUNCTION_MULTIARCH (snat_det_in2out_node, snat_det_in2out_node_fn); /** - * Get address and port values to be used for packet SNAT translation + * Get address and port values to be used for ICMP packet translation * and create session if needed * - * @param[in,out] sm SNAT main - * @param[in,out] node SNAT node runtime + * @param[in,out] sm NAT main + * @param[in,out] node NAT node runtime * @param[in] thread_index thread index * @param[in,out] b0 buffer containing packet to be translated * @param[out] p_proto protocol used for matching @@ -3009,7 +3009,7 @@ snat_in2out_worker_handoff_fn (vlib_main_t * vm, VLIB_REGISTER_NODE (snat_in2out_worker_handoff_node) = { .function = snat_in2out_worker_handoff_fn, - .name = "snat-in2out-worker-handoff", + .name = "nat44-in2out-worker-handoff", .vector_size = sizeof (u32), .format_trace = format_snat_in2out_worker_handoff_trace, .type = VLIB_NODE_TYPE_INTERNAL, @@ -3034,7 +3034,7 @@ snat_in2out_output_worker_handoff_fn (vlib_main_t * vm, VLIB_REGISTER_NODE (snat_in2out_output_worker_handoff_node) = { .function = snat_in2out_output_worker_handoff_fn, - .name = "snat-in2out-output-worker-handoff", + .name = "nat44-in2out-output-worker-handoff", .vector_size = sizeof (u32), .format_trace = format_snat_in2out_worker_handoff_trace, .type = VLIB_NODE_TYPE_INTERNAL, @@ -3160,7 +3160,7 @@ snat_hairpin_dst_fn (vlib_main_t * vm, VLIB_REGISTER_NODE (snat_hairpin_dst_node) = { .function = snat_hairpin_dst_fn, - .name = "snat-hairpin-dst", + .name = "nat44-hairpin-dst", .vector_size = sizeof (u32), .type = VLIB_NODE_TYPE_INTERNAL, .n_errors = ARRAY_LEN(snat_in2out_error_strings), @@ -3240,7 +3240,7 @@ snat_hairpin_src_fn (vlib_main_t * vm, VLIB_REGISTER_NODE (snat_hairpin_src_node) = { .function = snat_hairpin_src_fn, - .name = "snat-hairpin-src", + .name = "nat44-hairpin-src", .vector_size = sizeof (u32), .type = VLIB_NODE_TYPE_INTERNAL, .n_errors = ARRAY_LEN(snat_in2out_error_strings), @@ -3248,9 +3248,9 @@ VLIB_REGISTER_NODE (snat_hairpin_src_node) = { .n_next_nodes = SNAT_HAIRPIN_SRC_N_NEXT, .next_nodes = { [SNAT_HAIRPIN_SRC_NEXT_DROP] = "error-drop", - [SNAT_HAIRPIN_SRC_NEXT_SNAT_IN2OUT] = "snat-in2out-output", + [SNAT_HAIRPIN_SRC_NEXT_SNAT_IN2OUT] = "nat44-in2out-output", [SNAT_HAIRPIN_SRC_NEXT_INTERFACE_OUTPUT] = "interface-output", - [SNAT_HAIRPIN_SRC_NEXT_SNAT_IN2OUT_WH] = "snat-in2out-output-worker-handoff", + [SNAT_HAIRPIN_SRC_NEXT_SNAT_IN2OUT_WH] = "nat44-in2out-output-worker-handoff", }, }; @@ -3430,23 +3430,23 @@ snat_in2out_fast_static_map_fn (vlib_main_t * vm, VLIB_REGISTER_NODE (snat_in2out_fast_node) = { .function = snat_in2out_fast_static_map_fn, - .name = "snat-in2out-fast", + .name = "nat44-in2out-fast", .vector_size = sizeof (u32), .format_trace = format_snat_in2out_fast_trace, .type = VLIB_NODE_TYPE_INTERNAL, - + .n_errors = ARRAY_LEN(snat_in2out_error_strings), .error_strings = snat_in2out_error_strings, .runtime_data_bytes = sizeof (snat_runtime_t), - + .n_next_nodes = SNAT_IN2OUT_N_NEXT, /* edit / add dispositions here */ .next_nodes = { [SNAT_IN2OUT_NEXT_DROP] = "error-drop", [SNAT_IN2OUT_NEXT_LOOKUP] = "ip4-lookup", - [SNAT_IN2OUT_NEXT_SLOW_PATH] = "snat-in2out-slowpath", + [SNAT_IN2OUT_NEXT_SLOW_PATH] = "nat44-in2out-slowpath", [SNAT_IN2OUT_NEXT_ICMP_ERROR] = "ip4-icmp-error", }, }; diff --git a/src/plugins/snat/snat.api b/src/plugins/nat/nat.api index 3c493dda..7245cb07 100644 --- a/src/plugins/snat/snat.api +++ b/src/plugins/nat/nat.api @@ -13,14 +13,18 @@ * limitations under the License. */ /** - * @file snat.api + * @file nat.api * @brief VPP control-plane API messages. * * This file defines VPP control-plane API messages which are generally * called through a shared memory interface. */ -/** \brief Add/del S-NAT address range +/* + * Old "snat" APIs, will be deprecated after 17.10 + */ + +/** \brief Add/del NAT44 address range @param client_index - opaque cookie to identify the sender @param context - sender context, to match reply w/ request @param is_ip4 - 1 if address type is IPv4 @@ -39,7 +43,7 @@ autoreply define snat_add_address_range { u8 is_add; }; -/** \brief Dump S-NAT addresses +/** \brief Dump NAT44 addresses @param client_index - opaque cookie to identify the sender @param context - sender context, to match reply w/ request */ @@ -48,7 +52,7 @@ define snat_address_dump { u32 context; }; -/** \brief S-NAT address details response +/** \brief NAT44 address details response @param context - sender context, to match reply w/ request @param is_ip4 - 1 if address type is IPv4 @param ip_address - IP address @@ -61,7 +65,7 @@ define snat_address_details { u32 vrf_id; }; -/** \brief Enable/disable S-NAT feature on the interface +/** \brief Enable/disable NAT44 feature on the interface @param client_index - opaque cookie to identify the sender @param context - sender context, to match reply w/ request @param is_add - 1 if add, 0 if delete @@ -76,7 +80,7 @@ autoreply define snat_interface_add_del_feature { u32 sw_if_index; }; -/** \brief Dump interfaces with S-NAT feature +/** \brief Dump interfaces with NAT44 feature @param client_index - opaque cookie to identify the sender @param context - sender context, to match reply w/ request */ @@ -85,7 +89,7 @@ define snat_interface_dump { u32 context; }; -/** \brief S-NAT interface details response +/** \brief NAT44 interface details response @param context - sender context, to match reply w/ request @param is_inside - 1 if inside, 0 if outside @param sw_if_index - software index of the interface @@ -96,7 +100,7 @@ define snat_interface_details { u32 sw_if_index; }; -/** \brief Enable/disbale S-NAT as an interface output feature (postrouting +/** \brief Enable/disbale NAT44 as an interface output feature (postrouting in2out translation) @param client_index - opaque cookie to identify the sender @param context - sender context, to match reply w/ request @@ -112,7 +116,7 @@ autoreply define snat_interface_add_del_output_feature { u32 sw_if_index; }; -/** \brief Dump interfaces with S-NAT output feature +/** \brief Dump interfaces with NAT44 output feature @param client_index - opaque cookie to identify the sender @param context - sender context, to match reply w/ request */ @@ -121,7 +125,7 @@ define snat_interface_output_feature_dump { u32 context; }; -/** \brief S-NAT interface with output feature details response +/** \brief NAT44 interface with output feature details response @param context - sender context, to match reply w/ request @param is_inside - 1 if inside, 0 if outside @param sw_if_index - software index of the interface @@ -132,7 +136,7 @@ define snat_interface_output_feature_details { u32 sw_if_index; }; -/** \brief Add/delete S-NAT static mapping +/** \brief Add/delete NAT44 static mapping @param client_index - opaque cookie to identify the sender @param context - sender context, to match reply w/ request @param is_add - 1 if add, 0 if delete @@ -163,7 +167,7 @@ autoreply define snat_add_static_mapping { u32 vrf_id; }; -/** \brief Dump S-NAT static mappings +/** \brief Dump NAT44 static mappings @param client_index - opaque cookie to identify the sender @param context - sender context, to match reply w/ request */ @@ -172,7 +176,7 @@ define snat_static_mapping_dump { u32 context; }; -/** \brief S-NAT static mapping details response +/** \brief NAT44 static mapping details response @param context - sender context, to match reply w/ request @param is_ip4 - 1 if address type is IPv4 @param addr_only - 1 if address only mapping @@ -221,7 +225,7 @@ define snat_control_ping_reply u32 vpe_pid; }; -/** \brief Show S-NAT plugin startup config +/** \brief Show NAT plugin startup config @param client_index - opaque cookie to identify the sender @param context - sender context, to match reply w/ request */ @@ -231,7 +235,7 @@ define snat_show_config u32 context; }; -/** \brief Show S-NAT plugin startup config reply +/** \brief Show NAT plugin startup config reply @param context - sender context, to match reply w/ request @param retval - return code for the request @param static_mapping_only - if 1 dynamic translations disabled @@ -261,10 +265,10 @@ define snat_show_config_reply u32 inside_vrf_id; }; -/** \brief Set S-NAT workers +/** \brief Set NAT workers @param client_index - opaque cookie to identify the sender @param context - sender context, to match reply w/ request - @param worker_mask - S-NAT workers mask + @param worker_mask - NAT workers mask */ autoreply define snat_set_workers { u32 client_index; @@ -272,7 +276,7 @@ autoreply define snat_set_workers { u64 worker_mask; }; -/** \brief Dump S-NAT workers +/** \brief Dump NAT workers @param client_index - opaque cookie to identify the sender @param context - sender context, to match reply w/ request */ @@ -281,7 +285,7 @@ define snat_worker_dump { u32 context; }; -/** \brief S-NAT workers details response +/** \brief NAT workers details response @param context - sender context, to match reply w/ request @param worker_index - worker index @param lcore_id - lcore ID @@ -294,7 +298,7 @@ define snat_worker_details { u8 name[64]; }; -/** \brief Add/delete S-NAT pool address from specific interfce +/** \brief Add/delete NAT44 pool address from specific interfce @param client_index - opaque cookie to identify the sender @param context - sender context, to match reply w/ request @param is_add - 1 if add, 0 if delete @@ -308,7 +312,7 @@ autoreply define snat_add_del_interface_addr { u32 sw_if_index; }; -/** \brief Dump S-NAT pool addresses interfaces +/** \brief Dump NAT44 pool addresses interfaces @param client_index - opaque cookie to identify the sender @param context - sender context, to match reply w/ request */ @@ -317,7 +321,7 @@ define snat_interface_addr_dump { u32 context; }; -/** \brief S-NAT pool addresses interfaces details response +/** \brief NAT44 pool addresses interfaces details response @param context - sender context, to match reply w/ request @param sw_if_index - software index of the interface */ @@ -326,7 +330,7 @@ define snat_interface_addr_details { u32 sw_if_index; }; -/** \brief Enable/disable S-NAT IPFIX logging +/** \brief Enable/disable NAT IPFIX logging @param client_index - opaque cookie to identify the sender @param context - sender context, to match reply w/ request @param domain_id - observation domain ID @@ -341,7 +345,7 @@ autoreply define snat_ipfix_enable_disable { u8 enable; }; -/** \brief Dump S-NAT users +/** \brief Dump NAT44 users @param client_index - opaque cookie to identify the sender @param context - sender context, to match reply w/ request */ @@ -350,7 +354,7 @@ define snat_user_dump { u32 context; }; -/** \brief S-NAT users response +/** \brief NAT44 users response @param context - sender context, to match reply w/ request @vrf_id - VRF ID @param is_ip4 - 1 if address type is IPv4 @@ -367,7 +371,7 @@ define snat_user_details { u32 nstaticsessions; }; -/** \brief S-NAT user's sessions +/** \brief NAT44 user's sessions @param client_index - opaque cookie to identify the sender @param context - sender context, to match reply w/ request @param is_ip4 - 1 if address type is IPv4 @@ -382,7 +386,7 @@ define snat_user_session_dump { u32 vrf_id; }; -/** \brief S-NAT user's sessions response +/** \brief NAT44 user's sessions response @param context - sender context, to match reply w/ request @param is_ip4 - 1 if address type is IPv4 @param outside_ip_address - outside IP address @@ -409,7 +413,7 @@ define snat_user_session_details { u32 total_pkts; }; -/** \brief Add/delete S-NAT deterministic mapping +/** \brief Add/delete NAT deterministic mapping @param client_index - opaque cookie to identify the sender @param context - sender context, to match reply w/ request @param is_add - 1 if add, 0 if delete @@ -489,7 +493,7 @@ define snat_det_reverse_reply { u8 in_addr[16]; }; -/** \brief Dump S-NAT deterministic mappings +/** \brief Dump NAT deterministic mappings @param client_index - opaque cookie to identify the sender @param context - sender context, to match reply w/ request */ @@ -498,7 +502,7 @@ define snat_det_map_dump { u32 context; }; -/** \brief S-NAT users response +/** \brief NAT users response @param context - sender context, to match reply w/ request @param is_ip4 - 1 if address type is IPv4 @param in_addr - inside IP address @@ -564,7 +568,7 @@ define snat_det_get_timeouts_reply { u32 icmp; }; -/** \brief Close CGNAT session by outside address and port +/** \brief Close deterministic NAT session by outside address and port @param client_index - opaque cookie to identify the sender @param context - sender context, to match reply w/ request @param is_ip4 - 1 if address type is IPv4 @@ -583,7 +587,7 @@ autoreply define snat_det_close_session_out { u16 ext_port; }; -/** \brief Close CGNAT session by inside address and port +/** \brief Close deterministic NAT session by inside address and port @param client_index - opaque cookie to identify the sender @param context - sender context, to match reply w/ request @param is_ip4 - 1 if address type is IPv4 @@ -602,7 +606,7 @@ autoreply define snat_det_close_session_in { u16 ext_port; }; -/** \brief Dump S-NAT deterministic sessions +/** \brief Dump determinstic NAT sessions @param client_index - opaque cookie to identify the sender @param context - sender context, to match reply w/ request @param is_ip4 - 1 if address type is IPv4 @@ -615,7 +619,7 @@ define snat_det_session_dump { u8 user_addr[16]; }; -/** \brief S-NAT deterministic sessions reply +/** \brief Deterministic NAT sessions reply @param context - sender context, to match reply w/ request @param is_ip4 - 1 if address type is IPv4 @param in_port - inside port @@ -637,6 +641,618 @@ define snat_det_session_details { u32 expire; }; +/* + * Common NAT plugin APIs + */ + +/** \brief Control ping from client to api server request + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request +*/ +define nat_control_ping +{ + u32 client_index; + u32 context; +}; + +/** \brief Control ping from the client to the server response + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + @param retval - return code for the request + @param vpe_pid - the pid of the vpe, returned by the server +*/ +define nat_control_ping_reply +{ + u32 context; + i32 retval; + u32 client_index; + u32 vpe_pid; +}; + +/** \brief Show NAT plugin startup config + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request +*/ +define nat_show_config +{ + u32 client_index; + u32 context; +}; + +/** \brief Show NAT plugin startup config reply + @param context - sender context, to match reply w/ request + @param retval - return code for the request + @param static_mapping_only - if 1 dynamic translations disabled + @param static_mapping_connection_tracking - if 1 create session data + @param deterministic - if 1 deterministic mapping + @param translation_buckets - number of translation hash buckets + @param translation_memory_size - translation hash memory size + @param user_buckets - number of user hash buckets + @param user_memory_size - user hash memory size + @param max_translations_per_user - maximum number of translations per user + @param outside_vrf_id - outside VRF id + @param inside_vrf_id - default inside VRF id +*/ +define nat_show_config_reply +{ + u32 context; + i32 retval; + u8 static_mapping_only; + u8 static_mapping_connection_tracking; + u8 deterministic; + u32 translation_buckets; + u32 translation_memory_size; + u32 user_buckets; + u32 user_memory_size; + u32 max_translations_per_user; + u32 outside_vrf_id; + u32 inside_vrf_id; +}; + +/** \brief Set NAT workers + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + @param worker_mask - NAT workers mask +*/ +autoreply define nat_set_workers { + u32 client_index; + u32 context; + u64 worker_mask; +}; + +/** \brief Dump NAT workers + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request +*/ +define nat_worker_dump { + u32 client_index; + u32 context; +}; + +/** \brief NAT workers details response + @param context - sender context, to match reply w/ request + @param worker_index - worker index + @param lcore_id - lcore ID + @param name - worker name +*/ +define nat_worker_details { + u32 context; + u32 worker_index; + u32 lcore_id; + u8 name[64]; +}; + +/** \brief Enable/disable NAT IPFIX logging + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + @param domain_id - observation domain ID + @param src_port - source port number + @param enable - 1 if enable, 0 if disable +*/ +autoreply define nat_ipfix_enable_disable { + u32 client_index; + u32 context; + u32 domain_id; + u16 src_port; + u8 enable; +}; + +/* + * NAT44 APIs + */ + +/** \brief Add/del NAT44 address range + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + @param first_ip_address - first IPv4 address + @param last_ip_address - last IPv4 address + @param vrf_id - VRF id of tenant, ~0 means independent of VRF + @param is_add - 1 if add, 0 if delete +*/ +autoreply define nat44_add_del_address_range { + u32 client_index; + u32 context; + u8 first_ip_address[4]; + u8 last_ip_address[4]; + u32 vrf_id; + u8 is_add; +}; + +/** \brief Dump NAT44 addresses + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request +*/ +define nat44_address_dump { + u32 client_index; + u32 context; +}; + +/** \brief NAT44 address details response + @param context - sender context, to match reply w/ request + @param ip_address - IPv4 address + @param vrf_id - VRF id of tenant, ~0 means independent of VRF +*/ +define nat44_address_details { + u32 context; + u8 ip_address[4]; + u32 vrf_id; +}; + +/** \brief Enable/disable NAT44 feature on the interface + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + @param is_add - 1 if add, 0 if delete + @param is_inside - 1 if inside, 0 if outside + @param sw_if_index - software index of the interface +*/ +autoreply define nat44_interface_add_del_feature { + u32 client_index; + u32 context; + u8 is_add; + u8 is_inside; + u32 sw_if_index; +}; + +/** \brief Dump interfaces with NAT44 feature + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request +*/ +define nat44_interface_dump { + u32 client_index; + u32 context; +}; + +/** \brief NAT44 interface details response + @param context - sender context, to match reply w/ request + @param is_inside - 1 if inside, 0 if outside + @param sw_if_index - software index of the interface +*/ +define nat44_interface_details { + u32 context; + u8 is_inside; + u32 sw_if_index; +}; + +/** \brief Enable/disbale NAT44 as an interface output feature (postrouting + in2out translation) + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + @param is_add - 1 if add, 0 if delete + @param is_inside - 1 if inside, 0 if outside + @param sw_if_index - software index of the interface +*/ +autoreply define nat44_interface_add_del_output_feature { + u32 client_index; + u32 context; + u8 is_add; + u8 is_inside; + u32 sw_if_index; +}; + +/** \brief Dump interfaces with NAT44 output feature + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request +*/ +define nat44_interface_output_feature_dump { + u32 client_index; + u32 context; +}; + +/** \brief NAT44 interface with output feature details response + @param context - sender context, to match reply w/ request + @param is_inside - 1 if inside, 0 if outside + @param sw_if_index - software index of the interface +*/ +define nat44_interface_output_feature_details { + u32 context; + u8 is_inside; + u32 sw_if_index; +}; + +/** \brief Add/delete NAT44 static mapping + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + @param is_add - 1 if add, 0 if delete + @param addr_only - 1 if address only mapping + @param local_ip_address - local IPv4 address + @param external_ip_address - external IPv4 address + @param protocol - IP protocol + @param local_port - local port number + @param external_port - external port number + @param external_sw_if_index - external interface (if set + external_ip_address is ignored, ~0 means not + used) + @param vfr_id - VRF ID +*/ +autoreply define nat44_add_del_static_mapping { + u32 client_index; + u32 context; + u8 is_add; + u8 addr_only; + u8 local_ip_address[4]; + u8 external_ip_address[4]; + u8 protocol; + u16 local_port; + u16 external_port; + u32 external_sw_if_index; + u32 vrf_id; +}; + +/** \brief Dump NAT44 static mappings + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request +*/ +define nat44_static_mapping_dump { + u32 client_index; + u32 context; +}; + +/** \brief NAT44 static mapping details response + @param context - sender context, to match reply w/ request + @param addr_only - 1 if address only mapping + @param local_ip_address - local IPv4 address + @param external_ip_address - external IPv4 address + @param protocol - IP protocol + @param local_port - local port number + @param external_port - external port number + @param external_sw_if_index - external interface + @param vfr_id - VRF ID +*/ +define nat44_static_mapping_details { + u32 context; + u8 addr_only; + u8 local_ip_address[4]; + u8 external_ip_address[4]; + u8 protocol; + u16 local_port; + u16 external_port; + u32 external_sw_if_index; + u32 vrf_id; +}; + +/** \brief Add/delete NAT44 pool address from specific interfce + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + @param is_add - 1 if add, 0 if delete + @param sw_if_index - software index of the interface +*/ +autoreply define nat44_add_del_interface_addr { + u32 client_index; + u32 context; + u8 is_add; + u8 is_inside; + u32 sw_if_index; +}; + +/** \brief Dump NAT44 pool addresses interfaces + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request +*/ +define nat44_interface_addr_dump { + u32 client_index; + u32 context; +}; + +/** \brief NAT44 pool addresses interfaces details response + @param context - sender context, to match reply w/ request + @param sw_if_index - software index of the interface +*/ +define nat44_interface_addr_details { + u32 context; + u32 sw_if_index; +}; + +/** \brief Dump NAT44 users + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request +*/ +define nat44_user_dump { + u32 client_index; + u32 context; +}; + +/** \brief NAT44 users response + @param context - sender context, to match reply w/ request + @vrf_id - VRF ID + @param ip_adress - IPv4 address + @param nsessions - number of dynamic sessions + @param nstaticsessions - number of static sessions +*/ +define nat44_user_details { + u32 context; + u32 vrf_id; + u8 ip_address[4]; + u32 nsessions; + u32 nstaticsessions; +}; + +/** \brief NAT44 user's sessions + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + @param is_ip4 - 1 if address type is IPv4 + @param user_ip - IP address of the user to dump + @param vrf_id - VRF_ID +*/ +define nat44_user_session_dump { + u32 client_index; + u32 context; + u8 ip_address[4]; + u32 vrf_id; +}; + +/** \brief NAT44 user's sessions response + @param context - sender context, to match reply w/ request + @param outside_ip_address - outside IPv4 address + @param outside_port - outside port + @param inside_ip_address - inside IPv4 address + @param inside_port - inside port + @param protocol - protocol + @param is_static - 1 if session is static + @param last_heard - last heard timer + @param total_bytes - count of bytes sent through session + @param total_pkts - count of pakets sent through session +*/ +define nat44_user_session_details { + u32 context; + u8 outside_ip_address[4]; + u16 outside_port; + u8 inside_ip_address[4]; + u16 inside_port; + u16 protocol; + u8 is_static; + u64 last_heard; + u64 total_bytes; + u32 total_pkts; +}; + +/* + * Deterministic NAT (CGN) APIs + */ + +/** \brief Add/delete NAT deterministic mapping + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + @param is_add - 1 if add, 0 if delete + @param is_nat44 - 1 if NAT44 + @param in_addr - inside IP address + @param in_plen - inside IP address prefix length + @param out_addr - outside IPv4 address + @param out_addr - outside IPv4 address prefix length +*/ +autoreply define nat_det_add_del_map { + u32 client_index; + u32 context; + u8 is_add; + u8 is_nat44; + u8 addr_only; + u8 in_addr[16]; + u8 in_plen; + u8 out_addr[4]; + u8 out_plen; +}; + +/** \brief Get outside address and port range from inside address + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + @param is_nat44 - 1 if NAT44 + @param in_addr - inside IP address +*/ +define nat_det_forward { + u32 client_index; + u32 context; + u8 is_nat44; + u8 in_addr[16]; +}; + +/** \brief Get outside address and port range from inside address + @param context - sender context, to match reply w/ request + @param retval - return code + @param out_port_lo - outside port range start + @param out_port_hi - outside port range end + @param out_addr - outside IPv4 address +*/ +define nat_det_forward_reply { + u32 context; + i32 retval; + u16 out_port_lo; + u16 out_port_hi; + u8 out_addr[4]; +}; + +/** \brief Get inside address from outside address and port + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + @param out_port - outside port + @param out_addr - outside IPv4 address +*/ +define nat_det_reverse { + u32 client_index; + u32 context; + u16 out_port; + u8 out_addr[4]; +}; + +/** \brief Get inside address from outside address and port reply + @param context - sender context, to match reply w/ request + @param retval - return code + @param is_nat44 - 1 if NAT44 + @param in_addr - inside IP address +*/ +define nat_det_reverse_reply { + u32 context; + i32 retval; + u8 is_nat44; + u8 in_addr[16]; +}; + +/** \brief Dump NAT deterministic mappings + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request +*/ +define nat_det_map_dump { + u32 client_index; + u32 context; +}; + +/** \brief NAT users response + @param context - sender context, to match reply w/ request + @param is_nat44 - 1 if NAT44 + @param in_addr - inside IP address + @param in_plen - inside IP address prefix length + @param out_addr - outside IPv4 address + @param out_plen - outside IPv4 address prefix length + @param sharing_ratio - outside to inside address sharing ratio + @param ports_per_host - number of ports available to a host + @param ses_num - number of sessions belonging to this mapping +*/ +define nat_det_map_details { + u32 context; + u8 is_nat44; + u8 in_addr[16]; + u8 in_plen; + u8 out_addr[4]; + u8 out_plen; + u32 sharing_ratio; + u16 ports_per_host; + u32 ses_num; +}; + +/** \brief Set values of timeouts for deterministic NAT (seconds, 0 = default) + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + @param udp - UDP timeout (default 300sec) + @param tcp_established - TCP established timeout (default 7440sec) + @param tcp_transitory - TCP transitory timeout (default 240sec) + @param icmp - ICMP timeout (default 60sec) +*/ +autoreply define nat_det_set_timeouts { + u32 client_index; + u32 context; + u32 udp; + u32 tcp_established; + u32 tcp_transitory; + u32 icmp; +}; + +/** \brief Get values of timeouts for deterministic NAT (seconds) + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request +*/ +define nat_det_get_timeouts { + u32 client_index; + u32 context; +}; + +/** \brief Get values of timeouts for deterministic NAT reply + @param context - sender context, to match reply w/ request + @param retval - return code + @param udp - UDP timeout (default 300sec) + @param tcp_established - TCP established timeout (default 7440sec) + @param tcp_transitory - TCP transitory timeout (default 240sec) + @param icmp - ICMP timeout (default 60sec) +*/ +define nat_det_get_timeouts_reply { + u32 context; + i32 retval; + u32 udp; + u32 tcp_established; + u32 tcp_transitory; + u32 icmp; +}; + +/** \brief Close deterministic NAT session by outside address and port + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + @param out_addr - outside IPv4 address + @param out_port - outside port + @param ext_addr - external host IPv4 address + @param ext_port - external host port +*/ +autoreply define nat_det_close_session_out { + u32 client_index; + u32 context; + u8 out_addr[4]; + u16 out_port; + u8 ext_addr[4]; + u16 ext_port; +}; + +/** \brief Close deterministic NAT session by inside address and port + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + @param is_nat44 - 1 if NAT44 + @param in_addr - inside IP address + @param in_port - inside port + @param ext_addr - external host IP address + @param ext_port - external host port +*/ +autoreply define nat_det_close_session_in { + u32 client_index; + u32 context; + u8 is_nat44; + u8 in_addr[16]; + u16 in_port; + u8 ext_addr[16]; + u16 ext_port; +}; + +/** \brief Dump determinstic NAT sessions + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + @param is_nat44 - 1 if NAT44 + @param user_addr - address of an inside user whose sessions to dump +*/ +define nat_det_session_dump { + u32 client_index; + u32 context; + u8 is_nat44; + u8 user_addr[16]; +}; + +/** \brief Deterministic NAT sessions reply + @param context - sender context, to match reply w/ request + @param in_port - inside port + @param ext_addr - external host address + @param ext_port - external host port + @param out_port - outside NAT port + @param state - session state + @param expire - session expiration timestamp +*/ +define nat_det_session_details { + u32 client_index; + u32 context; + u16 in_port; + u8 ext_addr[4]; + u16 ext_port; + u16 out_port; + u8 state; + u32 expire; +}; + +/* + * NAT64 APIs + */ + /** \brief Add/delete address range to NAT64 pool @param client_index - opaque cookie to identify the sender @param context - sender context, to match reply w/ request diff --git a/src/plugins/snat/snat.c b/src/plugins/nat/nat.c index 315cec8a..ac39be95 100644 --- a/src/plugins/snat/snat.c +++ b/src/plugins/nat/nat.c @@ -19,10 +19,10 @@ #include <vnet/ip/ip.h> #include <vnet/ip/ip4.h> #include <vnet/plugin/plugin.h> -#include <snat/snat.h> -#include <snat/snat_ipfix_logging.h> -#include <snat/snat_det.h> -#include <snat/nat64.h> +#include <nat/nat.h> +#include <nat/nat_ipfix_logging.h> +#include <nat/nat_det.h> +#include <nat/nat64.h> #include <vnet/fib/fib_table.h> #include <vnet/fib/ip4_fib.h> @@ -34,64 +34,64 @@ snat_main_t snat_main; /* Hook up input features */ VNET_FEATURE_INIT (ip4_snat_in2out, static) = { .arc_name = "ip4-unicast", - .node_name = "snat-in2out", - .runs_before = VNET_FEATURES ("snat-out2in"), + .node_name = "nat44-in2out", + .runs_before = VNET_FEATURES ("nat44-out2in"), }; VNET_FEATURE_INIT (ip4_snat_out2in, static) = { .arc_name = "ip4-unicast", - .node_name = "snat-out2in", + .node_name = "nat44-out2in", .runs_before = VNET_FEATURES ("ip4-lookup"), }; VNET_FEATURE_INIT (ip4_snat_det_in2out, static) = { .arc_name = "ip4-unicast", - .node_name = "snat-det-in2out", - .runs_before = VNET_FEATURES ("snat-det-out2in"), + .node_name = "nat44-det-in2out", + .runs_before = VNET_FEATURES ("nat44-det-out2in"), }; VNET_FEATURE_INIT (ip4_snat_det_out2in, static) = { .arc_name = "ip4-unicast", - .node_name = "snat-det-out2in", + .node_name = "nat44-det-out2in", .runs_before = VNET_FEATURES ("ip4-lookup"), }; VNET_FEATURE_INIT (ip4_snat_in2out_worker_handoff, static) = { .arc_name = "ip4-unicast", - .node_name = "snat-in2out-worker-handoff", - .runs_before = VNET_FEATURES ("snat-out2in-worker-handoff"), + .node_name = "nat44-in2out-worker-handoff", + .runs_before = VNET_FEATURES ("nat44-out2in-worker-handoff"), }; VNET_FEATURE_INIT (ip4_snat_out2in_worker_handoff, static) = { .arc_name = "ip4-unicast", - .node_name = "snat-out2in-worker-handoff", + .node_name = "nat44-out2in-worker-handoff", .runs_before = VNET_FEATURES ("ip4-lookup"), }; VNET_FEATURE_INIT (ip4_snat_in2out_fast, static) = { .arc_name = "ip4-unicast", - .node_name = "snat-in2out-fast", - .runs_before = VNET_FEATURES ("snat-out2in-fast"), + .node_name = "nat44-in2out-fast", + .runs_before = VNET_FEATURES ("nat44-out2in-fast"), }; VNET_FEATURE_INIT (ip4_snat_out2in_fast, static) = { .arc_name = "ip4-unicast", - .node_name = "snat-out2in-fast", + .node_name = "nat44-out2in-fast", .runs_before = VNET_FEATURES ("ip4-lookup"), }; VNET_FEATURE_INIT (ip4_snat_hairpin_dst, static) = { .arc_name = "ip4-unicast", - .node_name = "snat-hairpin-dst", + .node_name = "nat44-hairpin-dst", .runs_before = VNET_FEATURES ("ip4-lookup"), }; /* Hook up output features */ VNET_FEATURE_INIT (ip4_snat_in2out_output, static) = { .arc_name = "ip4-output", - .node_name = "snat-in2out-output", + .node_name = "nat44-in2out-output", .runs_before = VNET_FEATURES ("interface-output"), }; VNET_FEATURE_INIT (ip4_snat_in2out_output_worker_handoff, static) = { .arc_name = "ip4-output", - .node_name = "snat-in2out-output-worker-handoff", + .node_name = "nat44-in2out-output-worker-handoff", .runs_before = VNET_FEATURES ("interface-output"), }; VNET_FEATURE_INIT (ip4_snat_hairpin_src, static) = { .arc_name = "ip4-output", - .node_name = "snat-hairpin-src", + .node_name = "nat44-hairpin-src", .runs_before = VNET_FEATURES ("interface-output"), }; @@ -210,20 +210,20 @@ static int is_snat_address_used_in_static_mapping (snat_main_t *sm, void increment_v4_address (ip4_address_t * a) { u32 v; - + v = clib_net_to_host_u32(a->as_u32) + 1; a->as_u32 = clib_host_to_net_u32(v); } -static void -snat_add_static_mapping_when_resolved (snat_main_t * sm, - ip4_address_t l_addr, - u16 l_port, - u32 sw_if_index, - u16 e_port, +static void +snat_add_static_mapping_when_resolved (snat_main_t * sm, + ip4_address_t l_addr, + u16 l_port, + u32 sw_if_index, + u16 e_port, u32 vrf_id, snat_protocol_t proto, - int addr_only, + int addr_only, int is_add) { snat_static_map_resolve_t *rp; @@ -275,13 +275,13 @@ int snat_add_static_mapping(ip4_address_t l_addr, ip4_address_t e_addr, ip4_address_t * first_int_addr; /* Might be already set... */ - first_int_addr = ip4_interface_first_address + first_int_addr = ip4_interface_first_address (sm->ip4_main, sw_if_index, 0 /* just want the address*/); /* DHCP resolution required? */ if (first_int_addr == 0) { - snat_add_static_mapping_when_resolved + snat_add_static_mapping_when_resolved (sm, l_addr, l_port, sw_if_index, e_port, vrf_id, proto, addr_only, is_add); return 0; @@ -736,15 +736,15 @@ int snat_interface_add_del (u32 sw_if_index, u8 is_inside, int is_del) snat_det_map_t * dm; if (sm->static_mapping_only && !(sm->static_mapping_connection_tracking)) - feature_name = is_inside ? "snat-in2out-fast" : "snat-out2in-fast"; + feature_name = is_inside ? "nat44-in2out-fast" : "nat44-out2in-fast"; else { if (sm->num_workers > 1 && !sm->deterministic) - feature_name = is_inside ? "snat-in2out-worker-handoff" : "snat-out2in-worker-handoff"; + feature_name = is_inside ? "nat44-in2out-worker-handoff" : "nat44-out2in-worker-handoff"; else if (sm->deterministic) - feature_name = is_inside ? "snat-det-in2out" : "snat-det-out2in"; + feature_name = is_inside ? "nat44-det-in2out" : "nat44-det-out2in"; else - feature_name = is_inside ? "snat-in2out" : "snat-out2in"; + feature_name = is_inside ? "nat44-in2out" : "nat44-out2in"; } vnet_feature_enable_disable ("ip4-unicast", feature_name, sw_if_index, @@ -815,26 +815,26 @@ int snat_interface_add_del_output_feature (u32 sw_if_index, if (is_inside) { - vnet_feature_enable_disable ("ip4-unicast", "snat-hairpin-dst", + vnet_feature_enable_disable ("ip4-unicast", "nat44-hairpin-dst", sw_if_index, !is_del, 0, 0); - vnet_feature_enable_disable ("ip4-output", "snat-hairpin-src", + vnet_feature_enable_disable ("ip4-output", "nat44-hairpin-src", sw_if_index, !is_del, 0, 0); goto fq; } if (sm->num_workers > 1) { - vnet_feature_enable_disable ("ip4-unicast", "snat-out2in-worker-handoff", + vnet_feature_enable_disable ("ip4-unicast", "nat44-out2in-worker-handoff", sw_if_index, !is_del, 0, 0); vnet_feature_enable_disable ("ip4-output", - "snat-in2out-output-worker-handoff", + "nat44-in2out-output-worker-handoff", sw_if_index, !is_del, 0, 0); } else { - vnet_feature_enable_disable ("ip4-unicast", "snat-out2in", sw_if_index, + vnet_feature_enable_disable ("ip4-unicast", "nat44-out2in", sw_if_index, !is_del, 0, 0); - vnet_feature_enable_disable ("ip4-output", "snat-in2out-output", + vnet_feature_enable_disable ("ip4-output", "nat44-in2out-output", sw_if_index, !is_del, 0, 0); } @@ -997,13 +997,13 @@ static clib_error_t * snat_init (vlib_main_t * vm) VLIB_INIT_FUNCTION (snat_init); -void snat_free_outside_address_and_port (snat_main_t * sm, - snat_session_key_t * k, +void snat_free_outside_address_and_port (snat_main_t * sm, + snat_session_key_t * k, u32 address_index) { snat_address_t *a; u16 port_host_byte_order = clib_net_to_host_u16 (k->port); - + ASSERT (address_index < vec_len (sm->addresses)); a = sm->addresses + address_index; @@ -1024,12 +1024,12 @@ void snat_free_outside_address_and_port (snat_main_t * sm, clib_warning("unknown_protocol"); return; } -} +} /** - * @brief Match SNAT static mapping. + * @brief Match NAT44 static mapping. * - * @param sm SNAT main. + * @param sm NAT main. * @param match Address and port to match. * @param mapping External or local address and port of the matched mapping. * @param by_external If 0 match by local address otherwise match by external @@ -1199,7 +1199,7 @@ add_address_command_fn (vlib_main_t * vm, start_host_order = clib_host_to_net_u32 (start_addr.as_u32); end_host_order = clib_host_to_net_u32 (end_addr.as_u32); - + if (end_host_order < start_host_order) { error = clib_error_return (0, "end address less than start address"); @@ -1213,7 +1213,7 @@ add_address_command_fn (vlib_main_t * vm, format_ip4_address, &start_addr, format_ip4_address, &end_addr, count); - + this_addr = start_addr; for (i = 0; i < count; i++) @@ -1245,8 +1245,8 @@ done: } VLIB_CLI_COMMAND (add_address_command, static) = { - .path = "snat add address", - .short_help = "snat add addresses <ip4-range-start> [- <ip4-range-end>] " + .path = "nat44 add address", + .short_help = "nat44 add addresses <ip4-range-start> [- <ip4-range-end>] " "[tenant-vrf <vrf-id>] [del]", .function = add_address_command_fn, }; @@ -1365,9 +1365,9 @@ done: } VLIB_CLI_COMMAND (set_interface_snat_command, static) = { - .path = "set interface snat", + .path = "set interface nat44", .function = snat_feature_command_fn, - .short_help = "set interface snat in <intfc> out <intfc> [output-feature] " + .short_help = "set interface nat44 in <intfc> out <intfc> [output-feature] " "[del]", }; @@ -1503,18 +1503,18 @@ done: * to to the local network host. * To create static mapping between local host address 10.0.0.3 port 6303 and * external address 4.4.4.4 port 3606 for TCP protocol use: - * vpp# snat add static mapping local tcp 10.0.0.3 6303 external 4.4.4.4 3606 - * If not runnig "static mapping only" S-NAT plugin mode use before: - * vpp# snat add address 4.4.4.4 + * vpp# nat44 add static mapping local tcp 10.0.0.3 6303 external 4.4.4.4 3606 + * If not runnig "static mapping only" NAT plugin mode use before: + * vpp# nat44 add address 4.4.4.4 * To create static mapping between local and external address use: - * vpp# snat add static mapping local 10.0.0.3 external 4.4.4.4 + * vpp# nat44 add static mapping local 10.0.0.3 external 4.4.4.4 * @cliexend ?*/ VLIB_CLI_COMMAND (add_static_mapping_command, static) = { - .path = "snat add static mapping", + .path = "nat44 add static mapping", .function = add_static_mapping_command_fn, .short_help = - "snat add static mapping local tcp|udp|icmp <addr> [<port>] external <addr> [<port>] [vrf <table-id>] [del]", + "nat44 add static mapping local tcp|udp|icmp <addr> [<port>] external <addr> [<port>] [vrf <table-id>] [del]", }; static clib_error_t * @@ -1575,15 +1575,15 @@ done: /*? * @cliexpar * @cliexstart{set snat workers} - * Set SNAT workers if 2 or more workers available, use: + * Set NAT workers if 2 or more workers available, use: * vpp# set snat workers 0-2,5 * @cliexend ?*/ VLIB_CLI_COMMAND (set_workers_command, static) = { - .path = "set snat workers", + .path = "set nat workers", .function = set_workers_command_fn, .short_help = - "set snat workers <workers-list>", + "set nat workers <workers-list>", }; static clib_error_t * @@ -1635,16 +1635,16 @@ done: /*? * @cliexpar * @cliexstart{snat ipfix logging} - * To enable SNAT IPFIX logging use: - * vpp# snat ipfix logging + * To enable NAT IPFIX logging use: + * vpp# nat ipfix logging * To set IPFIX exporter use: * vpp# set ipfix exporter collector 10.10.10.3 src 10.10.10.1 * @cliexend ?*/ VLIB_CLI_COMMAND (snat_ipfix_logging_enable_disable_command, static) = { - .path = "snat ipfix logging", + .path = "nat ipfix logging", .function = snat_ipfix_logging_enable_disable_command_fn, - .short_help = "snat ipfix logging [domain <domain-id>] [src-port <port>] [disable]", + .short_help = "nat ipfix logging [domain <domain-id>] [src-port <port>] [disable]", }; static u32 @@ -1862,7 +1862,7 @@ snat_config (vlib_main_t * vm, unformat_input_t * input) return 0; } -VLIB_CONFIG_FUNCTION (snat_config, "snat"); +VLIB_CONFIG_FUNCTION (snat_config, "nat"); u8 * format_snat_session_state (u8 * s, va_list * args) { @@ -2067,18 +2067,18 @@ show_snat_command_fn (vlib_main_t * vm, if (sm->static_mapping_only) { if (sm->static_mapping_connection_tracking) - vlib_cli_output (vm, "SNAT mode: static mapping only connection " + vlib_cli_output (vm, "NAT plugin mode: static mapping only connection " "tracking"); else - vlib_cli_output (vm, "SNAT mode: static mapping only"); + vlib_cli_output (vm, "NAT plugin mode: static mapping only"); } else if (sm->deterministic) { - vlib_cli_output (vm, "SNAT mode: deterministic mapping"); + vlib_cli_output (vm, "NAT plugin mode: deterministic mapping"); } else { - vlib_cli_output (vm, "SNAT mode: dynamic translations enabled"); + vlib_cli_output (vm, "NAT plugin mode: dynamic translations enabled"); } if (verbose > 0) @@ -2100,7 +2100,7 @@ show_snat_command_fn (vlib_main_t * vm, if (vec_len (sm->auto_add_sw_if_indices)) { - vlib_cli_output (vm, "SNAT pool addresses interfaces:"); + vlib_cli_output (vm, "NAT44 pool addresses interfaces:"); vec_foreach (sw_if_index, sm->auto_add_sw_if_indices) { vlib_cli_output (vm, "%U", format_vnet_sw_interface_name, vnm, @@ -2253,8 +2253,8 @@ show_snat_command_fn (vlib_main_t * vm, } VLIB_CLI_COMMAND (show_snat_command, static) = { - .path = "show snat", - .short_help = "show snat", + .path = "show nat44", + .short_help = "show nat44", .function = show_snat_command_fn, }; @@ -2372,7 +2372,7 @@ int snat_add_interface_address (snat_main_t *sm, u32 sw_if_index, int is_del) return 0; } } - + if (is_del) return VNET_API_ERROR_NO_SUCH_ENTRY; @@ -2437,8 +2437,8 @@ done: } VLIB_CLI_COMMAND (snat_add_interface_address_command, static) = { - .path = "snat add interface address", - .short_help = "snat add interface address <interface> [del]", + .path = "nat44 add interface address", + .short_help = "nat44 add interface address <interface> [del]", .function = snat_add_interface_address_command_fn, }; @@ -2499,12 +2499,12 @@ done: * CGN deployments. * To create deterministic mapping between inside network 10.0.0.0/18 and * outside network 1.1.1.0/30 use: - * # vpp# snat deterministic add in 10.0.0.0/18 out 1.1.1.0/30 + * # vpp# nat44 deterministic add in 10.0.0.0/18 out 1.1.1.0/30 * @cliexend ?*/ VLIB_CLI_COMMAND (snat_det_map_command, static) = { - .path = "snat deterministic add", - .short_help = "snat deterministic add in <addr>/<plen> out <addr>/<plen> [del]", + .path = "nat44 deterministic add", + .short_help = "nat44 deterministic add in <addr>/<plen> out <addr>/<plen> [del]", .function = snat_det_map_command_fn, }; @@ -2560,13 +2560,13 @@ done: * Return outside address and port range from inside address for deterministic * NAT. * To obtain outside address and port of inside host use: - * vpp# snat deterministic forward 10.0.0.2 + * vpp# nat44 deterministic forward 10.0.0.2 * 1.1.1.0:<1054-1068> * @cliexend ?*/ VLIB_CLI_COMMAND (snat_det_forward_command, static) = { - .path = "snat deterministic forward", - .short_help = "snat deterministic forward <addr>", + .path = "nat44 deterministic forward", + .short_help = "nat44 deterministic forward <addr>", .function = snat_det_forward_command_fn, }; @@ -2625,13 +2625,13 @@ done: * @cliexstart{snat deterministic reverse} * Return inside address from outside address and port for deterministic NAT. * To obtain inside host address from outside address and port use: - * #vpp snat deterministic reverse 1.1.1.1:1276 + * #vpp nat44 deterministic reverse 1.1.1.1:1276 * 10.0.16.16 * @cliexend ?*/ VLIB_CLI_COMMAND (snat_det_reverse_command, static) = { - .path = "snat deterministic reverse", - .short_help = "snat deterministic reverse <addr>:<port>", + .path = "nat44 deterministic reverse", + .short_help = "nat44 deterministic reverse <addr>:<port>", .function = snat_det_reverse_command_fn, }; @@ -2687,17 +2687,17 @@ done: * @cliexpar * @cliexstart{set snat deterministic timeout} * Set values of timeouts for deterministic NAT (in seconds), use: - * vpp# set snat deterministic timeout udp 120 tcp-established 7500 + * vpp# set nat44 deterministic timeout udp 120 tcp-established 7500 * tcp-transitory 250 icmp 90 * To reset default values use: - * vpp# set snat deterministic timeout reset + * vpp# set nat44 deterministic timeout reset * @cliexend ?*/ VLIB_CLI_COMMAND (set_timeout_command, static) = { - .path = "set snat deterministic timeout", + .path = "set nat44 deterministic timeout", .function = set_timeout_command_fn, .short_help = - "set snat deterministic timeout [udp <sec> | tcp-established <sec> " + "set nat44 deterministic timeout [udp <sec> | tcp-established <sec> " "tcp-transitory <sec> | icmp <sec> | reset]", }; @@ -2762,12 +2762,12 @@ done: * @cliexstart{snat deterministic close session out} * Close session using outside ip address and port * and external ip address and port, use: - * vpp# snat deterministic close session out 1.1.1.1:1276 2.2.2.2:2387 + * vpp# nat44 deterministic close session out 1.1.1.1:1276 2.2.2.2:2387 * @cliexend ?*/ VLIB_CLI_COMMAND (snat_det_close_sesion_out_command, static) = { - .path = "snat deterministic close session out", - .short_help = "snat deterministic close session out " + .path = "nat44 deterministic close session out", + .short_help = "nat44 deterministic close session out " "<out_addr>:<out_port> <ext_addr>:<ext_port>", .function = snat_det_close_session_out_fn, }; @@ -2831,12 +2831,12 @@ done: * @cliexstart{snat deterministic close_session_in} * Close session using inside ip address and port * and external ip address and port, use: - * vpp# snat deterministic close session in 3.3.3.3:3487 2.2.2.2:2387 + * vpp# nat44 deterministic close session in 3.3.3.3:3487 2.2.2.2:2387 * @cliexend ?*/ VLIB_CLI_COMMAND (snat_det_close_session_in_command, static) = { - .path = "snat deterministic close session in", - .short_help = "snat deterministic close session in " + .path = "nat44 deterministic close session in", + .short_help = "nat44 deterministic close session in " "<in_addr>:<in_port> <ext_addr>:<ext_port>", .function = snat_det_close_session_in_fn, }; diff --git a/src/plugins/snat/snat.h b/src/plugins/nat/nat.h index aa0f82fc..04c466dc 100644 --- a/src/plugins/snat/snat.h +++ b/src/plugins/nat/nat.h @@ -1,6 +1,6 @@ /* - * snat.h - simple nat definitions + * nat.h - NAT plugin definitions * * Copyright (c) 2016 Cisco and/or its affiliates. * Licensed under the Apache License, Version 2.0 (the "License"); @@ -15,8 +15,8 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -#ifndef __included_snat_h__ -#define __included_snat_h__ +#ifndef __included_nat_h__ +#define __included_nat_h__ #include <vnet/vnet.h> #include <vnet/ip/ip.h> @@ -41,9 +41,9 @@ /* Key */ typedef struct { - union + union { - struct + struct { ip4_address_t addr; u16 port; @@ -156,7 +156,7 @@ typedef CLIB_PACKED(struct { f64 last_heard; /* 44-51 */ u64 total_bytes; /* 52-59 */ - + u32 total_pkts; /* 60-63 */ /* Outside address */ @@ -418,12 +418,12 @@ typedef struct { */ #define snat_is_unk_proto_session(s) s->flags & SNAT_SESSION_FLAG_UNKNOWN_PROTO -/* +/* * Why is this here? Because we don't need to touch this layer to * simply reply to an icmp. We need to change id to a unique * value to NAT an echo request/reply. */ - + typedef struct { u16 identifier; u16 sequence; @@ -538,4 +538,4 @@ is_interface_addr(snat_main_t *sm, vlib_node_runtime_t *node, u32 sw_if_index0, return 0; } -#endif /* __included_snat_h__ */ +#endif /* __included_nat_h__ */ diff --git a/src/plugins/snat/nat64.c b/src/plugins/nat/nat64.c index bd915b59..b04901fa 100644 --- a/src/plugins/snat/nat64.c +++ b/src/plugins/nat/nat64.c @@ -17,8 +17,8 @@ * @brief NAT64 implementation */ -#include <snat/nat64.h> -#include <snat/nat64_db.h> +#include <nat/nat64.h> +#include <nat/nat64_db.h> #include <vnet/fib/ip4_fib.h> diff --git a/src/plugins/snat/nat64.h b/src/plugins/nat/nat64.h index 771b9075..68224cab 100644 --- a/src/plugins/snat/nat64.h +++ b/src/plugins/nat/nat64.h @@ -19,8 +19,8 @@ #ifndef __included_nat64_h__ #define __included_nat64_h__ -#include <snat/snat.h> -#include <snat/nat64_db.h> +#include <nat/nat.h> +#include <nat/nat64_db.h> #define foreach_nat64_tcp_ses_state \ _(0, CLOSED, "closed") \ diff --git a/src/plugins/snat/nat64_cli.c b/src/plugins/nat/nat64_cli.c index ca60b12c..bb62ecf2 100644 --- a/src/plugins/snat/nat64_cli.c +++ b/src/plugins/nat/nat64_cli.c @@ -17,8 +17,8 @@ * @brief NAT64 CLI */ -#include <snat/nat64.h> -#include <snat/snat.h> +#include <nat/nat64.h> +#include <nat/nat.h> #include <vnet/fib/fib_table.h> static clib_error_t * diff --git a/src/plugins/snat/nat64_db.c b/src/plugins/nat/nat64_db.c index 9584827e..da73ceee 100644 --- a/src/plugins/snat/nat64_db.c +++ b/src/plugins/nat/nat64_db.c @@ -16,7 +16,7 @@ * @file * @brief NAT64 DB */ -#include <snat/nat64_db.h> +#include <nat/nat64_db.h> int nat64_db_init (nat64_db_t * db) diff --git a/src/plugins/snat/nat64_db.h b/src/plugins/nat/nat64_db.h index 1e2dcc93..394ca875 100644 --- a/src/plugins/snat/nat64_db.h +++ b/src/plugins/nat/nat64_db.h @@ -21,7 +21,7 @@ #include <vppinfra/bihash_24_8.h> #include <vppinfra/bihash_48_8.h> -#include <snat/snat.h> +#include <nat/nat.h> typedef struct diff --git a/src/plugins/snat/nat64_doc.md b/src/plugins/nat/nat64_doc.md index f94467da..f94467da 100644 --- a/src/plugins/snat/nat64_doc.md +++ b/src/plugins/nat/nat64_doc.md diff --git a/src/plugins/snat/nat64_in2out.c b/src/plugins/nat/nat64_in2out.c index 8c67fec2..f78baff4 100644 --- a/src/plugins/snat/nat64_in2out.c +++ b/src/plugins/nat/nat64_in2out.c @@ -17,7 +17,7 @@ * @brief NAT64 IPv6 to IPv4 translation (inside to outside network) */ -#include <snat/nat64.h> +#include <nat/nat64.h> #include <vnet/ip/ip6_to_ip4.h> #include <vnet/fib/fib_table.h> diff --git a/src/plugins/snat/nat64_out2in.c b/src/plugins/nat/nat64_out2in.c index cd5b253a..61e88a7f 100644 --- a/src/plugins/snat/nat64_out2in.c +++ b/src/plugins/nat/nat64_out2in.c @@ -17,7 +17,7 @@ * @brief NAT64 IPv4 to IPv6 translation (otside to inside network) */ -#include <snat/nat64.h> +#include <nat/nat64.h> #include <vnet/ip/ip4_to_ip6.h> #include <vnet/fib/ip4_fib.h> diff --git a/src/plugins/snat/snat_all_api_h.h b/src/plugins/nat/nat_all_api_h.h index 49017700..acd9ba1c 100644 --- a/src/plugins/snat/snat_all_api_h.h +++ b/src/plugins/nat/nat_all_api_h.h @@ -1,6 +1,6 @@ /* - * snat_all_api_h.h - skeleton vpp engine plug-in api #include file + * nat_all_api_h.h - skeleton vpp engine plug-in api #include file * * Copyright (c) <current-year> <your-organization> * Licensed under the Apache License, Version 2.0 (the "License"); @@ -16,4 +16,4 @@ * limitations under the License. */ /* Include the generated file, see BUILT_SOURCES in Makefile.am */ -#include <snat/snat.api.h> +#include <nat/nat.api.h> diff --git a/src/plugins/snat/snat_api.c b/src/plugins/nat/nat_api.c index 227074f9..0a2141f2 100644 --- a/src/plugins/snat/snat_api.c +++ b/src/plugins/nat/nat_api.c @@ -15,26 +15,26 @@ */ /** * @file - * @brief SNAT plugin API implementation + * @brief NAT plugin API implementation */ -#include <snat/snat.h> -#include <snat/snat_det.h> -#include <snat/nat64.h> +#include <nat/nat.h> +#include <nat/nat_det.h> +#include <nat/nat64.h> #include <vlibapi/api.h> #include <vlibmemory/api.h> #include <vlibsocket/api.h> -#include <snat/snat_msg_enum.h> +#include <nat/nat_msg_enum.h> #include <vnet/fib/fib_table.h> /* define message structures */ #define vl_typedefs -#include <snat/snat_all_api_h.h> +#include <nat/nat_all_api_h.h> #undef vl_typedefs /* define generated endian-swappers */ #define vl_endianfun -#include <snat/snat_all_api_h.h> +#include <nat/nat_all_api_h.h> #undef vl_endianfun #define vl_print(handle, ...) vlib_cli_output (handle, __VA_ARGS__) @@ -44,7 +44,7 @@ /* Get the API version number */ #define vl_api_version(n,v) static u32 api_version=(v); -#include <snat/snat_all_api_h.h> +#include <nat/nat_all_api_h.h> #undef vl_api_version /* Macro to finish up custom dump fns */ @@ -901,9 +901,9 @@ static void *vl_api_snat_user_session_dump_t_print FINISH; } -/****************************/ -/*** detrministic NAT/CGN ***/ -/****************************/ +/******************************************************************/ +/*** detrministic NAT/CGN (old, will be deprecated after 17.10) ***/ +/******************************************************************/ static void vl_api_snat_add_det_map_t_handler (vl_api_snat_add_det_map_t * mp) @@ -1293,6 +1293,1263 @@ static void *vl_api_snat_det_session_dump_t_print FINISH; } +/******************************/ +/*** Common NAT plugin APIs ***/ +/******************************/ + +static void +vl_api_nat_control_ping_t_handler (vl_api_nat_control_ping_t * mp) +{ + vl_api_nat_control_ping_reply_t *rmp; + snat_main_t *sm = &snat_main; + int rv = 0; + + /* *INDENT-OFF* */ + REPLY_MACRO2 (VL_API_NAT_CONTROL_PING_REPLY, + ({ + rmp->vpe_pid = ntohl (getpid ()); + })); + /* *INDENT-ON* */ +} + +static void * +vl_api_nat_control_ping_t_print (vl_api_nat_control_ping_t * mp, void *handle) +{ + u8 *s; + + s = format (0, "SCRIPT: nat_control_ping "); + + FINISH; +} + +static void +vl_api_nat_show_config_t_handler (vl_api_nat_show_config_t * mp) +{ + vl_api_nat_show_config_reply_t *rmp; + snat_main_t *sm = &snat_main; + int rv = 0; + + /* *INDENT-OFF* */ + REPLY_MACRO2 (VL_API_NAT_SHOW_CONFIG_REPLY, + ({ + rmp->translation_buckets = htonl (sm->translation_buckets); + rmp->translation_memory_size = htonl (sm->translation_memory_size); + rmp->user_buckets = htonl (sm->user_buckets); + rmp->user_memory_size = htonl (sm->user_memory_size); + rmp->max_translations_per_user = htonl (sm->max_translations_per_user); + rmp->outside_vrf_id = htonl (sm->outside_vrf_id); + rmp->inside_vrf_id = htonl (sm->inside_vrf_id); + rmp->static_mapping_only = sm->static_mapping_only; + rmp->static_mapping_connection_tracking = + sm->static_mapping_connection_tracking; + rmp->deterministic = sm->deterministic; + })); + /* *INDENT-ON* */ +} + +static void * +vl_api_nat_show_config_t_print (vl_api_nat_show_config_t * mp, void *handle) +{ + u8 *s; + + s = format (0, "SCRIPT: nat_show_config "); + + FINISH; +} + +static void +vl_api_nat_set_workers_t_handler (vl_api_nat_set_workers_t * mp) +{ + snat_main_t *sm = &snat_main; + vl_api_snat_set_workers_reply_t *rmp; + int rv = 0; + uword *bitmap = 0; + u64 mask = clib_net_to_host_u64 (mp->worker_mask); + + if (sm->num_workers < 2) + { + rv = VNET_API_ERROR_FEATURE_DISABLED; + goto send_reply; + } + + bitmap = clib_bitmap_set_multiple (bitmap, 0, mask, BITS (mask)); + rv = snat_set_workers (bitmap); + clib_bitmap_free (bitmap); + +send_reply: + REPLY_MACRO (VL_API_NAT_SET_WORKERS_REPLY); +} + +static void * +vl_api_nat_set_workers_t_print (vl_api_nat_set_workers_t * mp, void *handle) +{ + u8 *s; + uword *bitmap = 0; + u8 first = 1; + int i; + u64 mask = clib_net_to_host_u64 (mp->worker_mask); + + s = format (0, "SCRIPT: nat_set_workers "); + bitmap = clib_bitmap_set_multiple (bitmap, 0, mask, BITS (mask)); + /* *INDENT-OFF* */ + clib_bitmap_foreach (i, bitmap, + ({ + if (first) + s = format (s, "%d", i); + else + s = format (s, ",%d", i); + first = 0; + })); + /* *INDENT-ON* */ + clib_bitmap_free (bitmap); + FINISH; +} + +static void +send_nat_worker_details (u32 worker_index, unix_shared_memory_queue_t * q, + u32 context) +{ + vl_api_nat_worker_details_t *rmp; + snat_main_t *sm = &snat_main; + vlib_worker_thread_t *w = + vlib_worker_threads + worker_index + sm->first_worker_index; + + rmp = vl_msg_api_alloc (sizeof (*rmp)); + memset (rmp, 0, sizeof (*rmp)); + rmp->_vl_msg_id = ntohs (VL_API_NAT_WORKER_DETAILS + sm->msg_id_base); + rmp->context = context; + rmp->worker_index = htonl (worker_index); + rmp->lcore_id = htonl (w->lcore_id); + strncpy ((char *) rmp->name, (char *) w->name, ARRAY_LEN (rmp->name) - 1); + + vl_msg_api_send_shmem (q, (u8 *) & rmp); +} + +static void +vl_api_nat_worker_dump_t_handler (vl_api_nat_worker_dump_t * mp) +{ + unix_shared_memory_queue_t *q; + snat_main_t *sm = &snat_main; + u32 *worker_index; + + q = vl_api_client_index_to_input_queue (mp->client_index); + if (q == 0) + return; + + /* *INDENT-OFF* */ + vec_foreach (worker_index, sm->workers) + send_nat_worker_details(*worker_index, q, mp->context); + /* *INDENT-ON* */ +} + +static void * +vl_api_nat_worker_dump_t_print (vl_api_nat_worker_dump_t * mp, void *handle) +{ + u8 *s; + + s = format (0, "SCRIPT: nat_worker_dump "); + + FINISH; +} + +static void +vl_api_nat_ipfix_enable_disable_t_handler (vl_api_nat_ipfix_enable_disable_t * + mp) +{ + snat_main_t *sm = &snat_main; + vl_api_nat_ipfix_enable_disable_reply_t *rmp; + int rv = 0; + + rv = snat_ipfix_logging_enable_disable (mp->enable, + clib_host_to_net_u32 + (mp->domain_id), + clib_host_to_net_u16 + (mp->src_port)); + + REPLY_MACRO (VL_API_NAT_IPFIX_ENABLE_DISABLE_REPLY); +} + +static void * +vl_api_nat_ipfix_enable_disable_t_print (vl_api_nat_ipfix_enable_disable_t * + mp, void *handle) +{ + u8 *s; + + s = format (0, "SCRIPT: nat_ipfix_enable_disable "); + if (mp->domain_id) + s = format (s, "domain %d ", clib_net_to_host_u32 (mp->domain_id)); + if (mp->src_port) + s = format (s, "src_port %d ", clib_net_to_host_u16 (mp->src_port)); + if (!mp->enable) + s = format (s, "disable "); + + FINISH; +} + +/*************/ +/*** NAT44 ***/ +/*************/ +static void + vl_api_nat44_add_del_address_range_t_handler + (vl_api_nat44_add_del_address_range_t * mp) +{ + snat_main_t *sm = &snat_main; + vl_api_nat44_add_del_address_range_reply_t *rmp; + ip4_address_t this_addr; + u32 start_host_order, end_host_order; + u32 vrf_id; + int i, count; + int rv = 0; + u32 *tmp; + + if (sm->static_mapping_only) + { + rv = VNET_API_ERROR_FEATURE_DISABLED; + goto send_reply; + } + + tmp = (u32 *) mp->first_ip_address; + start_host_order = clib_host_to_net_u32 (tmp[0]); + tmp = (u32 *) mp->last_ip_address; + end_host_order = clib_host_to_net_u32 (tmp[0]); + + count = (end_host_order - start_host_order) + 1; + + vrf_id = clib_host_to_net_u32 (mp->vrf_id); + + if (count > 1024) + clib_warning ("%U - %U, %d addresses...", + format_ip4_address, mp->first_ip_address, + format_ip4_address, mp->last_ip_address, count); + + memcpy (&this_addr.as_u8, mp->first_ip_address, 4); + + for (i = 0; i < count; i++) + { + if (mp->is_add) + snat_add_address (sm, &this_addr, vrf_id); + else + rv = snat_del_address (sm, this_addr, 0); + + if (rv) + goto send_reply; + + increment_v4_address (&this_addr); + } + +send_reply: + REPLY_MACRO (VL_API_NAT44_ADD_DEL_ADDRESS_RANGE_REPLY); +} + +static void *vl_api_nat44_add_del_address_range_t_print + (vl_api_nat44_add_del_address_range_t * mp, void *handle) +{ + u8 *s; + + s = format (0, "SCRIPT: nat44_add_address_range "); + s = format (s, "%U ", format_ip4_address, mp->first_ip_address); + if (memcmp (mp->first_ip_address, mp->last_ip_address, 4)) + { + s = format (s, " - %U ", format_ip4_address, mp->last_ip_address); + } + FINISH; +} + +static void +send_nat44_address_details (snat_address_t * a, + unix_shared_memory_queue_t * q, u32 context) +{ + vl_api_nat44_address_details_t *rmp; + snat_main_t *sm = &snat_main; + + rmp = vl_msg_api_alloc (sizeof (*rmp)); + memset (rmp, 0, sizeof (*rmp)); + rmp->_vl_msg_id = ntohs (VL_API_NAT44_ADDRESS_DETAILS + sm->msg_id_base); + clib_memcpy (rmp->ip_address, &(a->addr), 4); + if (a->fib_index != ~0) + { + fib_table_t *fib = fib_table_get (a->fib_index, FIB_PROTOCOL_IP4); + rmp->vrf_id = ntohl (fib->ft_table_id); + } + else + rmp->vrf_id = ~0; + rmp->context = context; + + vl_msg_api_send_shmem (q, (u8 *) & rmp); +} + +static void +vl_api_nat44_address_dump_t_handler (vl_api_nat44_address_dump_t * mp) +{ + unix_shared_memory_queue_t *q; + snat_main_t *sm = &snat_main; + snat_address_t *a; + + q = vl_api_client_index_to_input_queue (mp->client_index); + if (q == 0) + return; + + /* *INDENT-OFF* */ + vec_foreach (a, sm->addresses) + send_nat44_address_details (a, q, mp->context); + /* *INDENT-ON* */ +} + +static void * +vl_api_nat44_address_dump_t_print (vl_api_nat44_address_dump_t * mp, + void *handle) +{ + u8 *s; + + s = format (0, "SCRIPT: nat44_address_dump "); + + FINISH; +} + +static void + vl_api_nat44_interface_add_del_feature_t_handler + (vl_api_nat44_interface_add_del_feature_t * mp) +{ + snat_main_t *sm = &snat_main; + vl_api_nat44_interface_add_del_feature_reply_t *rmp; + u8 is_del = mp->is_add == 0; + u32 sw_if_index = ntohl (mp->sw_if_index); + int rv = 0; + + VALIDATE_SW_IF_INDEX (mp); + + rv = snat_interface_add_del (sw_if_index, mp->is_inside, is_del); + + BAD_SW_IF_INDEX_LABEL; + + REPLY_MACRO (VL_API_NAT44_INTERFACE_ADD_DEL_FEATURE_REPLY); +} + +static void *vl_api_nat44_interface_add_del_feature_t_print + (vl_api_nat44_interface_add_del_feature_t * mp, void *handle) +{ + u8 *s; + + s = format (0, "SCRIPT: nat44_interface_add_del_feature "); + s = format (s, "sw_if_index %d %s %s", + clib_host_to_net_u32 (mp->sw_if_index), + mp->is_inside ? "in" : "out", mp->is_add ? "" : "del"); + + FINISH; +} + +static void +send_nat44_interface_details (snat_interface_t * i, + unix_shared_memory_queue_t * q, u32 context) +{ + vl_api_nat44_interface_details_t *rmp; + snat_main_t *sm = &snat_main; + + rmp = vl_msg_api_alloc (sizeof (*rmp)); + memset (rmp, 0, sizeof (*rmp)); + rmp->_vl_msg_id = ntohs (VL_API_NAT44_INTERFACE_DETAILS + sm->msg_id_base); + rmp->sw_if_index = ntohl (i->sw_if_index); + rmp->is_inside = i->is_inside; + rmp->context = context; + + vl_msg_api_send_shmem (q, (u8 *) & rmp); +} + +static void +vl_api_nat44_interface_dump_t_handler (vl_api_nat44_interface_dump_t * mp) +{ + unix_shared_memory_queue_t *q; + snat_main_t *sm = &snat_main; + snat_interface_t *i; + + q = vl_api_client_index_to_input_queue (mp->client_index); + if (q == 0) + return; + + /* *INDENT-OFF* */ + pool_foreach (i, sm->interfaces, + ({ + send_nat44_interface_details(i, q, mp->context); + })); + /* *INDENT-ON* */ +} + +static void * +vl_api_nat44_interface_dump_t_print (vl_api_nat44_interface_dump_t * mp, + void *handle) +{ + u8 *s; + + s = format (0, "SCRIPT: nat44_interface_dump "); + + FINISH; +} + +static void + vl_api_nat44_interface_add_del_output_feature_t_handler + (vl_api_nat44_interface_add_del_output_feature_t * mp) +{ + snat_main_t *sm = &snat_main; + vl_api_nat44_interface_add_del_output_feature_reply_t *rmp; + u8 is_del = mp->is_add == 0; + u32 sw_if_index = ntohl (mp->sw_if_index); + int rv = 0; + + VALIDATE_SW_IF_INDEX (mp); + + rv = snat_interface_add_del_output_feature (sw_if_index, mp->is_inside, + is_del); + + BAD_SW_IF_INDEX_LABEL; + + REPLY_MACRO (VL_API_NAT44_INTERFACE_ADD_DEL_OUTPUT_FEATURE_REPLY); +} + +static void *vl_api_nat44_interface_add_del_output_feature_t_print + (vl_api_nat44_interface_add_del_output_feature_t * mp, void *handle) +{ + u8 *s; + + s = format (0, "SCRIPT: nat44_interface_add_del_output_feature "); + s = format (s, "sw_if_index %d %s %s", + clib_host_to_net_u32 (mp->sw_if_index), + mp->is_inside ? "in" : "out", mp->is_add ? "" : "del"); + + FINISH; +} + +static void +send_nat44_interface_output_feature_details (snat_interface_t * i, + unix_shared_memory_queue_t * q, + u32 context) +{ + vl_api_nat44_interface_output_feature_details_t *rmp; + snat_main_t *sm = &snat_main; + + rmp = vl_msg_api_alloc (sizeof (*rmp)); + memset (rmp, 0, sizeof (*rmp)); + rmp->_vl_msg_id = + ntohs (VL_API_NAT44_INTERFACE_OUTPUT_FEATURE_DETAILS + sm->msg_id_base); + rmp->sw_if_index = ntohl (i->sw_if_index); + rmp->context = context; + rmp->is_inside = i->is_inside; + + vl_msg_api_send_shmem (q, (u8 *) & rmp); +} + +static void + vl_api_nat44_interface_output_feature_dump_t_handler + (vl_api_nat44_interface_output_feature_dump_t * mp) +{ + unix_shared_memory_queue_t *q; + snat_main_t *sm = &snat_main; + snat_interface_t *i; + + q = vl_api_client_index_to_input_queue (mp->client_index); + if (q == 0) + return; + + /* *INDENT-OFF* */ + pool_foreach (i, sm->output_feature_interfaces, + ({ + send_nat44_interface_output_feature_details(i, q, mp->context); + })); + /* *INDENT-ON* */ +} + +static void *vl_api_nat44_interface_output_feature_dump_t_print + (vl_api_nat44_interface_output_feature_dump_t * mp, void *handle) +{ + u8 *s; + + s = format (0, "SCRIPT: nat44_interface_output_feature_dump "); + + FINISH; +} + +static void + vl_api_nat44_add_del_static_mapping_t_handler + (vl_api_nat44_add_del_static_mapping_t * mp) +{ + snat_main_t *sm = &snat_main; + vl_api_nat44_add_del_static_mapping_reply_t *rmp; + ip4_address_t local_addr, external_addr; + u16 local_port = 0, external_port = 0; + u32 vrf_id, external_sw_if_index; + int rv = 0; + snat_protocol_t proto; + + memcpy (&local_addr.as_u8, mp->local_ip_address, 4); + memcpy (&external_addr.as_u8, mp->external_ip_address, 4); + if (mp->addr_only == 0) + { + local_port = clib_net_to_host_u16 (mp->local_port); + external_port = clib_net_to_host_u16 (mp->external_port); + } + vrf_id = clib_net_to_host_u32 (mp->vrf_id); + external_sw_if_index = clib_net_to_host_u32 (mp->external_sw_if_index); + proto = ip_proto_to_snat_proto (mp->protocol); + + rv = snat_add_static_mapping (local_addr, external_addr, local_port, + external_port, vrf_id, mp->addr_only, + external_sw_if_index, proto, mp->is_add); + + REPLY_MACRO (VL_API_NAT44_ADD_DEL_STATIC_MAPPING_REPLY); +} + +static void *vl_api_nat44_add_del_static_mapping_t_print + (vl_api_nat44_add_del_static_mapping_t * mp, void *handle) +{ + u8 *s; + + s = format (0, "SCRIPT: nat44_add_del_static_mapping "); + s = format (s, "protocol %d local_addr %U external_addr %U ", + mp->protocol, + format_ip4_address, mp->local_ip_address, + format_ip4_address, mp->external_ip_address); + + if (mp->addr_only == 0) + s = format (s, "local_port %d external_port %d ", + clib_net_to_host_u16 (mp->local_port), + clib_net_to_host_u16 (mp->external_port)); + + if (mp->vrf_id != ~0) + s = format (s, "vrf %d", clib_net_to_host_u32 (mp->vrf_id)); + + if (mp->external_sw_if_index != ~0) + s = format (s, "external_sw_if_index %d", + clib_net_to_host_u32 (mp->external_sw_if_index)); + FINISH; +} + +static void +send_nat44_static_mapping_details (snat_static_mapping_t * m, + unix_shared_memory_queue_t * q, + u32 context) +{ + vl_api_nat44_static_mapping_details_t *rmp; + snat_main_t *sm = &snat_main; + + rmp = vl_msg_api_alloc (sizeof (*rmp)); + memset (rmp, 0, sizeof (*rmp)); + rmp->_vl_msg_id = + ntohs (VL_API_NAT44_STATIC_MAPPING_DETAILS + sm->msg_id_base); + rmp->addr_only = m->addr_only; + clib_memcpy (rmp->local_ip_address, &(m->local_addr), 4); + clib_memcpy (rmp->external_ip_address, &(m->external_addr), 4); + rmp->local_port = htons (m->local_port); + rmp->external_port = htons (m->external_port); + rmp->external_sw_if_index = ~0; + rmp->vrf_id = htonl (m->vrf_id); + rmp->protocol = snat_proto_to_ip_proto (m->proto); + rmp->context = context; + + vl_msg_api_send_shmem (q, (u8 *) & rmp); +} + +static void +send_nat44_static_map_resolve_details (snat_static_map_resolve_t * m, + unix_shared_memory_queue_t * q, + u32 context) +{ + vl_api_nat44_static_mapping_details_t *rmp; + snat_main_t *sm = &snat_main; + + rmp = vl_msg_api_alloc (sizeof (*rmp)); + memset (rmp, 0, sizeof (*rmp)); + rmp->_vl_msg_id = + ntohs (VL_API_NAT44_STATIC_MAPPING_DETAILS + sm->msg_id_base); + rmp->addr_only = m->addr_only; + clib_memcpy (rmp->local_ip_address, &(m->l_addr), 4); + rmp->local_port = htons (m->l_port); + rmp->external_port = htons (m->e_port); + rmp->external_sw_if_index = htonl (m->sw_if_index); + rmp->vrf_id = htonl (m->vrf_id); + rmp->protocol = snat_proto_to_ip_proto (m->proto); + rmp->context = context; + + vl_msg_api_send_shmem (q, (u8 *) & rmp); +} + +static void +vl_api_nat44_static_mapping_dump_t_handler (vl_api_nat44_static_mapping_dump_t + * mp) +{ + unix_shared_memory_queue_t *q; + snat_main_t *sm = &snat_main; + snat_static_mapping_t *m; + snat_static_map_resolve_t *rp; + int j; + + q = vl_api_client_index_to_input_queue (mp->client_index); + if (q == 0) + return; + + /* *INDENT-OFF* */ + pool_foreach (m, sm->static_mappings, + ({ + send_nat44_static_mapping_details (m, q, mp->context); + })); + /* *INDENT-ON* */ + + for (j = 0; j < vec_len (sm->to_resolve); j++) + { + rp = sm->to_resolve + j; + send_nat44_static_map_resolve_details (rp, q, mp->context); + } +} + +static void * +vl_api_nat44_static_mapping_dump_t_print (vl_api_nat44_static_mapping_dump_t * + mp, void *handle) +{ + u8 *s; + + s = format (0, "SCRIPT: nat44_static_mapping_dump "); + + FINISH; +} + +static void + vl_api_nat44_add_del_interface_addr_t_handler + (vl_api_nat44_add_del_interface_addr_t * mp) +{ + snat_main_t *sm = &snat_main; + vl_api_nat44_add_del_interface_addr_reply_t *rmp; + u8 is_del = mp->is_add == 0; + u32 sw_if_index = ntohl (mp->sw_if_index); + int rv = 0; + + VALIDATE_SW_IF_INDEX (mp); + + rv = snat_add_interface_address (sm, sw_if_index, is_del); + + BAD_SW_IF_INDEX_LABEL; + + REPLY_MACRO (VL_API_NAT44_ADD_DEL_INTERFACE_ADDR_REPLY); +} + +static void *vl_api_nat44_add_del_interface_addr_t_print + (vl_api_nat44_add_del_interface_addr_t * mp, void *handle) +{ + u8 *s; + + s = format (0, "SCRIPT: nat44_add_del_interface_addr "); + s = format (s, "sw_if_index %d %s", + clib_host_to_net_u32 (mp->sw_if_index), + mp->is_add ? "" : "del"); + + FINISH; +} + +static void +send_nat44_interface_addr_details (u32 sw_if_index, + unix_shared_memory_queue_t * q, + u32 context) +{ + vl_api_nat44_interface_addr_details_t *rmp; + snat_main_t *sm = &snat_main; + + rmp = vl_msg_api_alloc (sizeof (*rmp)); + memset (rmp, 0, sizeof (*rmp)); + rmp->_vl_msg_id = + ntohs (VL_API_NAT44_INTERFACE_ADDR_DETAILS + sm->msg_id_base); + rmp->sw_if_index = ntohl (sw_if_index); + rmp->context = context; + + vl_msg_api_send_shmem (q, (u8 *) & rmp); +} + +static void +vl_api_nat44_interface_addr_dump_t_handler (vl_api_nat44_interface_addr_dump_t + * mp) +{ + unix_shared_memory_queue_t *q; + snat_main_t *sm = &snat_main; + u32 *i; + + q = vl_api_client_index_to_input_queue (mp->client_index); + if (q == 0) + return; + + /* *INDENT-OFF* */ + vec_foreach (i, sm->auto_add_sw_if_indices) + send_nat44_interface_addr_details(*i, q, mp->context); + /* *INDENT-ON* */ +} + +static void * +vl_api_nat44_interface_addr_dump_t_print (vl_api_nat44_interface_addr_dump_t * + mp, void *handle) +{ + u8 *s; + + s = format (0, "SCRIPT: nat44_interface_addr_dump "); + + FINISH; +} + +static void +send_nat44_user_details (snat_user_t * u, unix_shared_memory_queue_t * q, + u32 context) +{ + vl_api_nat44_user_details_t *rmp; + snat_main_t *sm = &snat_main; + fib_table_t *fib = fib_table_get (u->fib_index, FIB_PROTOCOL_IP4); + + rmp = vl_msg_api_alloc (sizeof (*rmp)); + memset (rmp, 0, sizeof (*rmp)); + rmp->_vl_msg_id = ntohs (VL_API_NAT44_USER_DETAILS + sm->msg_id_base); + + rmp->vrf_id = ntohl (fib->ft_table_id); + + clib_memcpy (rmp->ip_address, &(u->addr), 4); + rmp->nsessions = ntohl (u->nsessions); + rmp->nstaticsessions = ntohl (u->nstaticsessions); + rmp->context = context; + + vl_msg_api_send_shmem (q, (u8 *) & rmp); +} + +static void +vl_api_nat44_user_dump_t_handler (vl_api_nat44_user_dump_t * mp) +{ + unix_shared_memory_queue_t *q; + snat_main_t *sm = &snat_main; + snat_main_per_thread_data_t *tsm; + snat_user_t *u; + + q = vl_api_client_index_to_input_queue (mp->client_index); + if (q == 0) + return; + + /* *INDENT-OFF* */ + vec_foreach (tsm, sm->per_thread_data) + vec_foreach (u, tsm->users) + send_nat44_user_details (u, q, mp->context); + /* *INDENT-ON* */ +} + +static void * +vl_api_nat44_user_dump_t_print (vl_api_nat44_user_dump_t * mp, void *handle) +{ + u8 *s; + + s = format (0, "SCRIPT: nat44_user_dump "); + + FINISH; +} + +static void +send_nat44_user_session_details (snat_session_t * s, + unix_shared_memory_queue_t * q, u32 context) +{ + vl_api_nat44_user_session_details_t *rmp; + snat_main_t *sm = &snat_main; + + rmp = vl_msg_api_alloc (sizeof (*rmp)); + memset (rmp, 0, sizeof (*rmp)); + rmp->_vl_msg_id = + ntohs (VL_API_NAT44_USER_SESSION_DETAILS + sm->msg_id_base); + clib_memcpy (rmp->outside_ip_address, (&s->out2in.addr), 4); + clib_memcpy (rmp->inside_ip_address, (&s->in2out.addr), 4); + rmp->is_static = s->flags & SNAT_SESSION_FLAG_STATIC_MAPPING ? 1 : 0; + rmp->last_heard = clib_host_to_net_u64 ((u64) s->last_heard); + rmp->total_bytes = clib_host_to_net_u64 (s->total_bytes); + rmp->total_pkts = ntohl (s->total_pkts); + rmp->context = context; + if (snat_is_unk_proto_session (s)) + { + rmp->outside_port = 0; + rmp->inside_port = 0; + rmp->protocol = ntohs (s->in2out.port); + } + else + { + rmp->outside_port = s->out2in.port; + rmp->inside_port = s->in2out.port; + rmp->protocol = ntohs (snat_proto_to_ip_proto (s->in2out.protocol)); + } + + vl_msg_api_send_shmem (q, (u8 *) & rmp); +} + +static void +vl_api_nat44_user_session_dump_t_handler (vl_api_nat44_user_session_dump_t * + mp) +{ + unix_shared_memory_queue_t *q; + snat_main_t *sm = &snat_main; + snat_main_per_thread_data_t *tsm; + snat_session_t *s; + clib_bihash_kv_8_8_t key, value; + snat_user_key_t ukey; + snat_user_t *u; + u32 session_index, head_index, elt_index; + dlist_elt_t *head, *elt; + + q = vl_api_client_index_to_input_queue (mp->client_index); + if (q == 0) + return; + + clib_memcpy (&ukey.addr, mp->ip_address, 4); + ukey.fib_index = fib_table_find (FIB_PROTOCOL_IP4, ntohl (mp->vrf_id)); + key.key = ukey.as_u64; + if (!clib_bihash_search_8_8 (&sm->worker_by_in, &key, &value)) + tsm = vec_elt_at_index (sm->per_thread_data, value.value); + else + tsm = vec_elt_at_index (sm->per_thread_data, sm->num_workers); + if (clib_bihash_search_8_8 (&sm->user_hash, &key, &value)) + return; + u = pool_elt_at_index (tsm->users, value.value); + if (!u->nsessions && !u->nstaticsessions) + return; + + head_index = u->sessions_per_user_list_head_index; + head = pool_elt_at_index (tsm->list_pool, head_index); + elt_index = head->next; + elt = pool_elt_at_index (tsm->list_pool, elt_index); + session_index = elt->value; + while (session_index != ~0) + { + s = pool_elt_at_index (tsm->sessions, session_index); + + send_nat44_user_session_details (s, q, mp->context); + + elt_index = elt->next; + elt = pool_elt_at_index (tsm->list_pool, elt_index); + session_index = elt->value; + } +} + +static void * +vl_api_nat44_user_session_dump_t_print (vl_api_nat44_user_session_dump_t * mp, + void *handle) +{ + u8 *s; + + s = format (0, "SCRIPT: nat44_user_session_dump "); + s = format (s, "ip_address %U vrf_id %d\n", + format_ip4_address, mp->ip_address, + clib_net_to_host_u32 (mp->vrf_id)); + + FINISH; +} + +/*******************************/ +/*** Deterministic NAT (CGN) ***/ +/*******************************/ + +static void +vl_api_nat_det_add_del_map_t_handler (vl_api_nat_det_add_del_map_t * mp) +{ + snat_main_t *sm = &snat_main; + vl_api_nat_det_add_del_map_reply_t *rmp; + int rv = 0; + ip4_address_t in_addr, out_addr; + + if (!mp->is_nat44) + { + rv = VNET_API_ERROR_UNIMPLEMENTED; + goto send_reply; + } + + clib_memcpy (&in_addr, mp->in_addr, 4); + clib_memcpy (&out_addr, mp->out_addr, 4); + rv = snat_det_add_map (sm, &in_addr, mp->in_plen, &out_addr, + mp->out_plen, mp->is_add); + +send_reply: + REPLY_MACRO (VL_API_NAT_DET_ADD_DEL_MAP_REPLY); +} + +static void * +vl_api_nat_det_add_del_map_t_print (vl_api_nat_det_add_del_map_t * mp, + void *handle) +{ + u8 *s; + + s = format (0, "SCRIPT: nat_det_add_del_map "); + s = format (s, "inside address %U/%d outside address %U/%d\n", + format_ip4_address, mp->in_addr, mp->in_plen, + format_ip4_address, mp->out_addr, mp->out_plen); + + FINISH; +} + +static void +vl_api_nat_det_forward_t_handler (vl_api_nat_det_forward_t * mp) +{ + snat_main_t *sm = &snat_main; + vl_api_nat_det_forward_reply_t *rmp; + int rv = 0; + u16 lo_port = 0, hi_port = 0; + snat_det_map_t *dm; + ip4_address_t in_addr, out_addr; + + if (!mp->is_nat44) + { + out_addr.as_u32 = 0; + rv = VNET_API_ERROR_UNIMPLEMENTED; + goto send_reply; + } + + out_addr.as_u32 = 0; + clib_memcpy (&in_addr, mp->in_addr, 4); + dm = snat_det_map_by_user (sm, &in_addr); + if (!dm) + { + rv = VNET_API_ERROR_NO_SUCH_ENTRY; + goto send_reply; + } + + snat_det_forward (dm, &in_addr, &out_addr, &lo_port); + hi_port = lo_port + dm->ports_per_host - 1; + +send_reply: + /* *INDENT-OFF* */ + REPLY_MACRO2 (VL_API_NAT_DET_FORWARD_REPLY, + ({ + rmp->out_port_lo = ntohs (lo_port); + rmp->out_port_hi = ntohs (hi_port); + clib_memcpy (rmp->out_addr, &out_addr, 4); + })) + /* *INDENT-ON* */ +} + +static void * +vl_api_nat_det_forward_t_print (vl_api_nat_det_forward_t * mp, void *handle) +{ + u8 *s; + + s = format (0, "SCRIPT: nat_det_forward"); + s = format (s, "inside ip address %U\n", format_ip4_address, mp->in_addr); + + FINISH; +} + +static void +vl_api_nat_det_reverse_t_handler (vl_api_nat_det_reverse_t * mp) +{ + snat_main_t *sm = &snat_main; + vl_api_nat_det_reverse_reply_t *rmp; + int rv = 0; + ip4_address_t out_addr, in_addr; + snat_det_map_t *dm; + + in_addr.as_u32 = 0; + clib_memcpy (&out_addr, mp->out_addr, 4); + dm = snat_det_map_by_out (sm, &out_addr); + if (!dm) + { + rv = VNET_API_ERROR_NO_SUCH_ENTRY; + goto send_reply; + } + + snat_det_reverse (dm, &out_addr, htons (mp->out_port), &in_addr); + +send_reply: + /* *INDENT-OFF* */ + REPLY_MACRO2 (VL_API_NAT_DET_REVERSE_REPLY, + ({ + rmp->is_nat44 = 1; + memset (rmp->in_addr, 0, 16); + clib_memcpy (rmp->in_addr, &in_addr, 4); + })) + /* *INDENT-ON* */ +} + +static void * +vl_api_nat_det_reverse_t_print (vl_api_nat_det_reverse_t * mp, void *handle) +{ + u8 *s; + + s = format (0, "SCRIPT: nat_det_reverse"); + s = format (s, "outside ip address %U outside port %d", + format_ip4_address, mp->out_addr, ntohs (mp->out_port)); + + FINISH; +} + +static void +sent_nat_det_map_details (snat_det_map_t * m, unix_shared_memory_queue_t * q, + u32 context) +{ + vl_api_nat_det_map_details_t *rmp; + snat_main_t *sm = &snat_main; + + rmp = vl_msg_api_alloc (sizeof (*rmp)); + memset (rmp, 0, sizeof (*rmp)); + rmp->_vl_msg_id = ntohs (VL_API_NAT_DET_MAP_DETAILS + sm->msg_id_base); + rmp->is_nat44 = 1; + clib_memcpy (rmp->in_addr, &m->in_addr, 4); + rmp->in_plen = m->in_plen; + clib_memcpy (rmp->out_addr, &m->out_addr, 4); + rmp->out_plen = m->out_plen; + rmp->sharing_ratio = htonl (m->sharing_ratio); + rmp->ports_per_host = htons (m->ports_per_host); + rmp->ses_num = htonl (m->ses_num); + rmp->context = context; + + vl_msg_api_send_shmem (q, (u8 *) & rmp); +} + +static void +vl_api_nat_det_map_dump_t_handler (vl_api_nat_det_map_dump_t * mp) +{ + unix_shared_memory_queue_t *q; + snat_main_t *sm = &snat_main; + snat_det_map_t *m; + + q = vl_api_client_index_to_input_queue (mp->client_index); + if (q == 0) + return; + + /* *INDENT-OFF* */ + vec_foreach(m, sm->det_maps) + sent_nat_det_map_details(m, q, mp->context); + /* *INDENT-ON* */ +} + +static void * +vl_api_nat_det_map_dump_t_print (vl_api_nat_det_map_dump_t * mp, void *handle) +{ + u8 *s; + + s = format (0, "SCRIPT: nat_det_map_dump "); + + FINISH; +} + +static void +vl_api_nat_det_set_timeouts_t_handler (vl_api_nat_det_set_timeouts_t * mp) +{ + snat_main_t *sm = &snat_main; + vl_api_nat_det_set_timeouts_reply_t *rmp; + int rv = 0; + + sm->udp_timeout = ntohl (mp->udp); + sm->tcp_established_timeout = ntohl (mp->tcp_established); + sm->tcp_transitory_timeout = ntohl (mp->tcp_transitory); + sm->icmp_timeout = ntohl (mp->icmp); + + REPLY_MACRO (VL_API_NAT_DET_SET_TIMEOUTS_REPLY); +} + +static void * +vl_api_nat_det_set_timeouts_t_print (vl_api_nat_det_set_timeouts_t * mp, + void *handle) +{ + u8 *s; + + s = format (0, "SCRIPT: nat_det_set_timeouts "); + s = format (s, "udp %d tcp_established %d tcp_transitory %d icmp %d\n", + ntohl (mp->udp), + ntohl (mp->tcp_established), + ntohl (mp->tcp_transitory), ntohl (mp->icmp)); + + FINISH; +} + +static void +vl_api_nat_det_get_timeouts_t_handler (vl_api_nat_det_get_timeouts_t * mp) +{ + snat_main_t *sm = &snat_main; + vl_api_nat_det_get_timeouts_reply_t *rmp; + int rv = 0; + + /* *INDENT-OFF* */ + REPLY_MACRO2 (VL_API_NAT_DET_GET_TIMEOUTS_REPLY, + ({ + rmp->udp = htonl (sm->udp_timeout); + rmp->tcp_established = htonl (sm->tcp_established_timeout); + rmp->tcp_transitory = htonl (sm->tcp_transitory_timeout); + rmp->icmp = htonl (sm->icmp_timeout); + })) + /* *INDENT-ON* */ +} + +static void * +vl_api_nat_det_get_timeouts_t_print (vl_api_nat_det_get_timeouts_t * mp, + void *handle) +{ + u8 *s; + + s = format (0, "SCRIPT: nat_det_get_timeouts"); + + FINISH; +} + +static void +vl_api_nat_det_close_session_out_t_handler (vl_api_nat_det_close_session_out_t + * mp) +{ + snat_main_t *sm = &snat_main; + vl_api_nat_det_close_session_out_reply_t *rmp; + ip4_address_t out_addr, ext_addr, in_addr; + snat_det_out_key_t key; + snat_det_map_t *dm; + snat_det_session_t *ses; + int rv = 0; + + clib_memcpy (&out_addr, mp->out_addr, 4); + clib_memcpy (&ext_addr, mp->ext_addr, 4); + + dm = snat_det_map_by_out (sm, &out_addr); + if (!dm) + { + rv = VNET_API_ERROR_NO_SUCH_ENTRY; + goto send_reply; + } + snat_det_reverse (dm, &ext_addr, ntohs (mp->out_port), &in_addr); + key.ext_host_addr = ext_addr; + key.ext_host_port = mp->ext_port; + key.out_port = mp->out_port; + ses = snat_det_get_ses_by_out (dm, &in_addr, key.as_u64); + if (!ses) + { + rv = VNET_API_ERROR_NO_SUCH_ENTRY; + goto send_reply; + } + snat_det_ses_close (dm, ses); + +send_reply: + REPLY_MACRO (VL_API_NAT_DET_CLOSE_SESSION_OUT_REPLY); +} + +static void * +vl_api_nat_det_close_session_out_t_print (vl_api_nat_det_close_session_out_t * + mp, void *handle) +{ + u8 *s; + + s = format (0, "SCRIPT: nat_det_close_session_out "); + s = format (s, "out_addr %U out_port %d " + "ext_addr %U ext_port %d\n", + format_ip4_address, mp->out_addr, ntohs (mp->out_port), + format_ip4_address, mp->ext_addr, ntohs (mp->ext_port)); + + FINISH; +} + +static void +vl_api_nat_det_close_session_in_t_handler (vl_api_nat_det_close_session_in_t * + mp) +{ + snat_main_t *sm = &snat_main; + vl_api_nat_det_close_session_in_reply_t *rmp; + ip4_address_t in_addr, ext_addr; + snat_det_out_key_t key; + snat_det_map_t *dm; + snat_det_session_t *ses; + int rv = 0; + + if (!mp->is_nat44) + { + rv = VNET_API_ERROR_UNIMPLEMENTED; + goto send_reply; + } + + clib_memcpy (&in_addr, mp->in_addr, 4); + clib_memcpy (&ext_addr, mp->ext_addr, 4); + + dm = snat_det_map_by_user (sm, &in_addr); + if (!dm) + { + rv = VNET_API_ERROR_NO_SUCH_ENTRY; + goto send_reply; + } + key.ext_host_addr = ext_addr; + key.ext_host_port = mp->ext_port; + ses = snat_det_find_ses_by_in (dm, &in_addr, mp->in_port, key); + if (!ses) + { + rv = VNET_API_ERROR_NO_SUCH_ENTRY; + goto send_reply; + } + snat_det_ses_close (dm, ses); + +send_reply: + REPLY_MACRO (VL_API_NAT_DET_CLOSE_SESSION_OUT_REPLY); +} + +static void * +vl_api_nat_det_close_session_in_t_print (vl_api_nat_det_close_session_in_t * + mp, void *handle) +{ + u8 *s; + s = format (0, "SCRIPT: nat_det_close_session_in "); + s = format (s, "in_addr %U in_port %d ext_addr %U ext_port %d\n", + format_ip4_address, mp->in_addr, ntohs (mp->in_port), + format_ip4_address, mp->ext_addr, ntohs (mp->ext_port)); + + FINISH; +} + +static void +send_nat_det_session_details (snat_det_session_t * s, + unix_shared_memory_queue_t * q, u32 context) +{ + vl_api_nat_det_session_details_t *rmp; + snat_main_t *sm = &snat_main; + + rmp = vl_msg_api_alloc (sizeof (*rmp)); + memset (rmp, 0, sizeof (*rmp)); + rmp->_vl_msg_id = ntohs (VL_API_NAT_DET_SESSION_DETAILS + sm->msg_id_base); + rmp->in_port = s->in_port; + clib_memcpy (rmp->ext_addr, &s->out.ext_host_addr, 4); + rmp->ext_port = s->out.ext_host_port; + rmp->out_port = s->out.out_port; + rmp->state = s->state; + rmp->expire = ntohl (s->expire); + rmp->context = context; + + vl_msg_api_send_shmem (q, (u8 *) & rmp); +} + +static void +vl_api_nat_det_session_dump_t_handler (vl_api_nat_det_session_dump_t * mp) +{ + unix_shared_memory_queue_t *q; + snat_main_t *sm = &snat_main; + ip4_address_t user_addr; + snat_det_map_t *dm; + snat_det_session_t *s, empty_ses; + u16 i; + + q = vl_api_client_index_to_input_queue (mp->client_index); + if (q == 0) + return; + if (!mp->is_nat44) + return; + + memset (&empty_ses, 0, sizeof (empty_ses)); + clib_memcpy (&user_addr, mp->user_addr, 4); + dm = snat_det_map_by_user (sm, &user_addr); + if (!dm) + return; + + s = dm->sessions + snat_det_user_ses_offset (&user_addr, dm->in_plen); + for (i = 0; i < SNAT_DET_SES_PER_USER; i++) + { + if (s->out.as_u64) + send_nat_det_session_details (s, q, mp->context); + s++; + } +} + +static void * +vl_api_nat_det_session_dump_t_print (vl_api_nat_det_session_dump_t * mp, + void *handle) +{ + u8 *s; + + s = format (0, "SCRIPT: nat_det_session_dump "); + s = format (s, "user_addr %U\n", format_ip4_address, mp->user_addr); + + FINISH; +} + /*************/ /*** NAT64 ***/ /*************/ @@ -1883,6 +3140,34 @@ _(SNAT_DET_GET_TIMEOUTS, snat_det_get_timeouts) \ _(SNAT_DET_CLOSE_SESSION_OUT, snat_det_close_session_out) \ _(SNAT_DET_CLOSE_SESSION_IN, snat_det_close_session_in) \ _(SNAT_DET_SESSION_DUMP, snat_det_session_dump) \ +_(NAT_CONTROL_PING, nat_control_ping) \ +_(NAT_SHOW_CONFIG, nat_show_config) \ +_(NAT_SET_WORKERS, nat_set_workers) \ +_(NAT_WORKER_DUMP, nat_worker_dump) \ +_(NAT_IPFIX_ENABLE_DISABLE, nat_ipfix_enable_disable) \ +_(NAT44_ADD_DEL_ADDRESS_RANGE, nat44_add_del_address_range) \ +_(NAT44_INTERFACE_ADD_DEL_FEATURE, nat44_interface_add_del_feature) \ +_(NAT44_ADD_DEL_STATIC_MAPPING, nat44_add_del_static_mapping) \ +_(NAT44_STATIC_MAPPING_DUMP, nat44_static_mapping_dump) \ +_(NAT44_ADDRESS_DUMP, nat44_address_dump) \ +_(NAT44_INTERFACE_DUMP, nat44_interface_dump) \ +_(NAT44_ADD_DEL_INTERFACE_ADDR, nat44_add_del_interface_addr) \ +_(NAT44_INTERFACE_ADDR_DUMP, nat44_interface_addr_dump) \ +_(NAT44_USER_DUMP, nat44_user_dump) \ +_(NAT44_USER_SESSION_DUMP, nat44_user_session_dump) \ +_(NAT44_INTERFACE_ADD_DEL_OUTPUT_FEATURE, \ + nat44_interface_add_del_output_feature) \ +_(NAT44_INTERFACE_OUTPUT_FEATURE_DUMP, \ + nat44_interface_output_feature_dump) \ +_(NAT_DET_ADD_DEL_MAP, nat_det_add_del_map) \ +_(NAT_DET_FORWARD, nat_det_forward) \ +_(NAT_DET_REVERSE, nat_det_reverse) \ +_(NAT_DET_MAP_DUMP, nat_det_map_dump) \ +_(NAT_DET_SET_TIMEOUTS, nat_det_set_timeouts) \ +_(NAT_DET_GET_TIMEOUTS, nat_det_get_timeouts) \ +_(NAT_DET_CLOSE_SESSION_OUT, nat_det_close_session_out) \ +_(NAT_DET_CLOSE_SESSION_IN, nat_det_close_session_in) \ +_(NAT_DET_SESSION_DUMP, nat_det_session_dump) \ _(NAT64_ADD_DEL_POOL_ADDR_RANGE, nat64_add_del_pool_addr_range) \ _(NAT64_POOL_ADDR_DUMP, nat64_pool_addr_dump) \ _(NAT64_ADD_DEL_INTERFACE, nat64_add_del_interface) \ @@ -1915,7 +3200,7 @@ snat_plugin_api_hookup (vlib_main_t * vm) } #define vl_msg_name_crc_list -#include <snat/snat_all_api_h.h> +#include <nat/nat_all_api_h.h> #undef vl_msg_name_crc_list static void @@ -1923,7 +3208,7 @@ setup_message_id_table (snat_main_t * sm, api_main_t * am) { #define _(id,n,crc) \ vl_msg_api_add_msg_name_crc (am, #n "_" #crc, id + sm->msg_id_base); - foreach_vl_msg_name_crc_snat; + foreach_vl_msg_name_crc_nat; #undef _ } diff --git a/src/plugins/snat/snat_det.c b/src/plugins/nat/nat_det.c index 2d6fce85..3af6698c 100644 --- a/src/plugins/snat/snat_det.c +++ b/src/plugins/nat/nat_det.c @@ -19,7 +19,7 @@ * @brief deterministic NAT */ -#include <snat/snat_det.h> +#include <nat/nat_det.h> /** @@ -105,7 +105,7 @@ snat_det_add_map (snat_main_t * sm, ip4_address_t * in_addr, u8 in_plen, } /** - * @brief The 'snat-det-expire-walk' process's main loop. + * @brief The 'nat-det-expire-walk' process's main loop. * * Check expire time for active sessions. */ @@ -145,7 +145,7 @@ VLIB_REGISTER_NODE (snat_det_expire_walk_node, static) = { .function = snat_det_expire_walk_fn, .type = VLIB_NODE_TYPE_PROCESS, .name = - "snat-det-expire-walk", + "nat-det-expire-walk", }; /* *INDENT-ON* */ diff --git a/src/plugins/snat/snat_det.h b/src/plugins/nat/nat_det.h index f4fdb256..2ab7f27e 100644 --- a/src/plugins/snat/snat_det.h +++ b/src/plugins/nat/nat_det.h @@ -1,5 +1,5 @@ /* - * snat_det.h - deterministic nat definitions + * snat_det.h - deterministic NAT definitions * * Copyright (c) 2017 Cisco and/or its affiliates. * Licensed under the Apache License, Version 2.0 (the "License"); @@ -19,12 +19,12 @@ * @brief deterministic NAT definitions */ -#ifndef __included_snat_det_h__ -#define __included_snat_det_h__ +#ifndef __included_nat_det_h__ +#define __included_nat_det_h__ #include <vnet/ip/ip.h> -#include <snat/snat.h> -#include <snat/snat_ipfix_logging.h> +#include <nat/nat.h> +#include <nat/nat_ipfix_logging.h> #define SNAT_DET_SES_PER_USER 1000 @@ -185,7 +185,7 @@ snat_det_ses_close (snat_det_map_t * dm, snat_det_session_t * ses) } } -#endif /* __included_snat_det_h__ */ +#endif /* __included_nat_det_h__ */ /* * fd.io coding-style-patch-verification: ON diff --git a/src/plugins/snat/snat_ipfix_logging.c b/src/plugins/nat/nat_ipfix_logging.c index c68dc540..0cc0f82a 100644 --- a/src/plugins/snat/snat_ipfix_logging.c +++ b/src/plugins/nat/nat_ipfix_logging.c @@ -1,5 +1,5 @@ /* - * snat_ipfix_logging.c - NAT Events IPFIX logging + * nat_ipfix_logging.c - NAT Events IPFIX logging * * Copyright (c) 2016 Cisco and/or its affiliates. * Licensed under the Apache License, Version 2.0 (the "License"); @@ -17,8 +17,8 @@ #include <vnet/flow/flow_report.h> #include <vlibmemory/api.h> -#include <snat/snat.h> -#include <snat/snat_ipfix_logging.h> +#include <nat/nat.h> +#include <nat/nat_ipfix_logging.h> snat_ipfix_logging_main_t snat_ipfix_logging_main; @@ -610,7 +610,7 @@ snat_ipfix_logging_nat44_ses_rpc_cb (snat_ipfix_logging_nat44_ses_args_t *a) * * @param src_ip source IPv4 address * @param nat_src_ip transaltes source IPv4 address - * @param snat_proto SNAT transport protocol + * @param snat_proto NAT transport protocol * @param src_port source port * @param nat_src_port translated source port * @param vrf_id VRF ID @@ -642,7 +642,7 @@ snat_ipfix_logging_nat44_ses_create (u32 src_ip, * * @param src_ip source IPv4 address * @param nat_src_ip transaltes source IPv4 address - * @param snat_proto SNAT transport protocol + * @param snat_proto NAT transport protocol * @param src_port source port * @param nat_src_port translated source port * @param vrf_id VRF ID @@ -751,7 +751,7 @@ snat_data_callback_max_entries_per_usr (flow_report_main_t * frm, } /** - * @brief Enable/disable SNAT IPFIX logging + * @brief Enable/disable NAT plugin IPFIX logging * * @param enable 1 if enable, 0 if disable * @param domain_id observation domain ID @@ -818,7 +818,7 @@ snat_ipfix_logging_enable_disable (int enable, u32 domain_id, u16 src_port) } /** - * @brief Initialize SNAT IPFIX logging + * @brief Initialize NAT plugin IPFIX logging * * @param vm vlib main */ diff --git a/src/plugins/snat/snat_ipfix_logging.h b/src/plugins/nat/nat_ipfix_logging.h index 45c1a7bf..6dbf6627 100644 --- a/src/plugins/snat/snat_ipfix_logging.h +++ b/src/plugins/nat/nat_ipfix_logging.h @@ -1,5 +1,5 @@ /* - * snat_ipfix_logging.h - NAT Events IPFIX logging + * nat_ipfix_logging.h - NAT Events IPFIX logging * * Copyright (c) 2016 Cisco and/or its affiliates. * Licensed under the Apache License, Version 2.0 (the "License"); @@ -14,8 +14,8 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -#ifndef __included_snat_ipfix_logging_h__ -#define __included_snat_ipfix_logging_h__ +#ifndef __included_nat_ipfix_logging_h__ +#define __included_nat_ipfix_logging_h__ typedef enum { NAT_ADDRESSES_EXHAUTED = 3, @@ -30,7 +30,7 @@ typedef enum { } quota_exceed_event_t; typedef struct { - /** S-NAT IPFIX logging enabled */ + /** NAT plugin IPFIX logging enabled */ u8 enabled; /** ipfix buffers under construction */ @@ -76,4 +76,4 @@ void snat_ipfix_logging_nat44_ses_delete (u32 src_ip, u32 nat_src_ip, void snat_ipfix_logging_addresses_exhausted(u32 pool_id); void snat_ipfix_logging_max_entries_per_user(u32 src_ip); -#endif /* __included_snat_ipfix_logging_h__ */ +#endif /* __included_nat_ipfix_logging_h__ */ diff --git a/src/plugins/snat/snat_msg_enum.h b/src/plugins/nat/nat_msg_enum.h index 2c76fd51..710b631c 100644 --- a/src/plugins/snat/snat_msg_enum.h +++ b/src/plugins/nat/nat_msg_enum.h @@ -1,6 +1,6 @@ /* - * snat_msg_enum.h - skeleton vpp engine plug-in message enumeration + * nat_msg_enum.h - skeleton vpp engine plug-in message enumeration * * Copyright (c) <current-year> <your-organization> * Licensed under the Apache License, Version 2.0 (the "License"); @@ -15,17 +15,17 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -#ifndef included_snat_msg_enum_h -#define included_snat_msg_enum_h +#ifndef included_nat_msg_enum_h +#define included_nat_msg_enum_h #include <vppinfra/byte_order.h> #define vl_msg_id(n,h) n, typedef enum { -#include <snat/snat_all_api_h.h> +#include <nat/nat_all_api_h.h> /* We'll want to know how many messages IDs we need... */ VL_MSG_FIRST_AVAILABLE, } vl_msg_id_t; #undef vl_msg_id -#endif /* included_snat_msg_enum_h */ +#endif /* included_nat_msg_enum_h */ diff --git a/src/plugins/snat/snat_test.c b/src/plugins/nat/nat_test.c index 905b8fac..b653b77e 100644 --- a/src/plugins/snat/snat_test.c +++ b/src/plugins/nat/nat_test.c @@ -1,6 +1,6 @@ /* - * snat.c - skeleton vpp-api-test plug-in + * nat.c - skeleton vpp-api-test plug-in * * Copyright (c) <current-year> <your-organization> * Licensed under the Apache License, Version 2.0 (the "License"); @@ -21,7 +21,7 @@ #include <vlibsocket/api.h> #include <vppinfra/error.h> #include <vnet/ip/ip.h> -#include <snat/snat.h> +#include <nat/nat.h> #define __plugin_msg_base snat_test_main.msg_id_base #include <vlibapi/vat_helper_macros.h> @@ -29,28 +29,28 @@ uword unformat_sw_if_index (unformat_input_t * input, va_list * args); /* Declare message IDs */ -#include <snat/snat_msg_enum.h> +#include <nat/nat_msg_enum.h> /* define message structures */ #define vl_typedefs -#include <snat/snat_all_api_h.h> +#include <nat/nat_all_api_h.h> #undef vl_typedefs /* declare message handlers for each api */ #define vl_endianfun /* define message structures */ -#include <snat/snat_all_api_h.h> +#include <nat/nat_all_api_h.h> #undef vl_endianfun /* instantiate all the print functions we know about */ #define vl_print(handle, ...) #define vl_printfun -#include <snat/snat_all_api_h.h> +#include <nat/nat_all_api_h.h> #undef vl_printfun /* Get the API version number. */ #define vl_api_version(n,v) static u32 api_version=(v); -#include <snat/snat_all_api_h.h> +#include <nat/nat_all_api_h.h> #undef vl_api_version typedef struct { diff --git a/src/plugins/snat/out2in.c b/src/plugins/nat/out2in.c index 329d67dc..67950066 100644 --- a/src/plugins/snat/out2in.c +++ b/src/plugins/nat/out2in.c @@ -22,9 +22,9 @@ #include <vnet/udp/udp.h> #include <vnet/ethernet/ethernet.h> #include <vnet/fib/ip4_fib.h> -#include <snat/snat.h> -#include <snat/snat_ipfix_logging.h> -#include <snat/snat_det.h> +#include <nat/nat.h> +#include <nat/nat_ipfix_logging.h> +#include <nat/nat_det.h> #include <vppinfra/hash.h> #include <vppinfra/error.h> @@ -47,8 +47,8 @@ static u8 * format_snat_out2in_trace (u8 * s, va_list * args) CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *); CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *); snat_out2in_trace_t * t = va_arg (*args, snat_out2in_trace_t *); - - s = format (s, "SNAT_OUT2IN: sw_if_index %d, next index %d, session index %d", + + s = format (s, "NAT44_OUT2IN: sw_if_index %d, next index %d, session index %d", t->sw_if_index, t->next_index, t->session_index); return s; } @@ -58,8 +58,8 @@ static u8 * format_snat_out2in_fast_trace (u8 * s, va_list * args) CLIB_UNUSED (vlib_main_t * vm) = va_arg (*args, vlib_main_t *); CLIB_UNUSED (vlib_node_t * node) = va_arg (*args, vlib_node_t *); snat_out2in_trace_t * t = va_arg (*args, snat_out2in_trace_t *); - - s = format (s, "SNAT_OUT2IN_FAST: sw_if_index %d, next index %d", + + s = format (s, "NAT44_OUT2IN_FAST: sw_if_index %d, next index %d", t->sw_if_index, t->next_index); return s; } @@ -73,7 +73,7 @@ static u8 * format_snat_out2in_worker_handoff_trace (u8 * s, va_list * args) char * m; m = t->do_handoff ? "next worker" : "same worker"; - s = format (s, "SNAT_OUT2IN_WORKER_HANDOFF: %s %d", m, t->next_worker_index); + s = format (s, "NAT44_OUT2IN_WORKER_HANDOFF: %s %d", m, t->next_worker_index); return s; } @@ -88,7 +88,7 @@ _(UNSUPPORTED_PROTOCOL, "Unsupported protocol") \ _(OUT2IN_PACKETS, "Good out2in packets processed") \ _(BAD_ICMP_TYPE, "unsupported ICMP type") \ _(NO_TRANSLATION, "No translation") - + typedef enum { #define _(sym,str) SNAT_OUT2IN_ERROR_##sym, foreach_snat_out2in_error @@ -115,10 +115,10 @@ typedef enum { * Create NAT session initiated by host from external network with static * mapping. * - * @param sm SNAT main. + * @param sm NAT main. * @param b0 Vlib buffer. - * @param in2out In2out SNAT session key. - * @param out2in Out2in SNAT session key. + * @param in2out In2out NAT44 session key. + * @param out2in Out2in NAT44 session key. * @param node Vlib node. * * @returns SNAT session if successfully created otherwise 0. @@ -276,11 +276,11 @@ snat_out2in_error_t icmp_get_key(ip4_header_t *ip0, } /** - * Get address and port values to be used for packet SNAT translation + * Get address and port values to be used for ICMP packet translation * and create session if needed * - * @param[in,out] sm SNAT main - * @param[in,out] node SNAT node runtime + * @param[in,out] sm NAT main + * @param[in,out] node NAT node runtime * @param[in] thread_index thread index * @param[in,out] b0 buffer containing packet to be translated * @param[out] p_proto protocol used for matching @@ -387,10 +387,10 @@ out: } /** - * Get address and port values to be used for packet SNAT translation + * Get address and port values to be used for ICMP packet translation * - * @param[in] sm SNAT main - * @param[in,out] node SNAT node runtime + * @param[in] sm NAT main + * @param[in,out] node NAT node runtime * @param[in] thread_index thread index * @param[in,out] b0 buffer containing packet to be translated * @param[out] p_proto protocol used for matching @@ -793,14 +793,14 @@ snat_out2in_node_fn (vlib_main_t * vm, u32 proto0, proto1; snat_session_t * s0 = 0, * s1 = 0; clib_bihash_kv_8_8_t kv0, kv1, value0, value1; - + /* Prefetch next iteration. */ { vlib_buffer_t * p2, * p3; - + p2 = vlib_get_buffer (vm, from[2]); p3 = vlib_get_buffer (vm, from[3]); - + vlib_prefetch_buffer_header (p2, LOAD); vlib_prefetch_buffer_header (p3, LOAD); @@ -828,7 +828,7 @@ snat_out2in_node_fn (vlib_main_t * vm, icmp0 = (icmp46_header_t *) udp0; sw_if_index0 = vnet_buffer(b0)->sw_if_index[VLIB_RX]; - rx_fib_index0 = vec_elt (sm->ip4_main->fib_index_by_sw_if_index, + rx_fib_index0 = vec_elt (sm->ip4_main->fib_index_by_sw_if_index, sw_if_index0); if (PREDICT_FALSE(ip0->ttl == 1)) @@ -852,8 +852,8 @@ snat_out2in_node_fn (vlib_main_t * vm, if (PREDICT_FALSE (proto0 == SNAT_PROTOCOL_ICMP)) { - next0 = icmp_out2in_slow_path - (sm, b0, ip0, icmp0, sw_if_index0, rx_fib_index0, node, + next0 = icmp_out2in_slow_path + (sm, b0, ip0, icmp0, sw_if_index0, rx_fib_index0, node, next0, now, thread_index, &s0); goto trace0; } @@ -862,7 +862,7 @@ snat_out2in_node_fn (vlib_main_t * vm, key0.port = udp0->dst_port; key0.protocol = proto0; key0.fib_index = rx_fib_index0; - + kv0.key = key0.as_u64; if (clib_bihash_search_8_8 (&sm->out2in, &kv0, &value0)) @@ -872,12 +872,12 @@ snat_out2in_node_fn (vlib_main_t * vm, if (snat_static_mapping_match(sm, key0, &sm0, 1, 0)) { b0->error = node->errors[SNAT_OUT2IN_ERROR_NO_TRANSLATION]; - /* + /* * Send DHCP packets to the ipv4 stack, or we won't * be able to use dhcp client on the outside interface */ - if (proto0 != SNAT_PROTOCOL_UDP - || (udp0->dst_port + if (proto0 != SNAT_PROTOCOL_UDP + || (udp0->dst_port != clib_host_to_net_u16(UDP_DST_PORT_dhcp_to_client))) next0 = SNAT_OUT2IN_NEXT_DROP; goto trace0; @@ -946,10 +946,10 @@ snat_out2in_node_fn (vlib_main_t * vm, } trace0: - if (PREDICT_FALSE((node->flags & VLIB_NODE_FLAG_TRACE) - && (b0->flags & VLIB_BUFFER_IS_TRACED))) + if (PREDICT_FALSE((node->flags & VLIB_NODE_FLAG_TRACE) + && (b0->flags & VLIB_BUFFER_IS_TRACED))) { - snat_out2in_trace_t *t = + snat_out2in_trace_t *t = vlib_add_trace (vm, node, b0, sizeof (*t)); t->sw_if_index = sw_if_index0; t->next_index = next0; @@ -967,7 +967,7 @@ snat_out2in_node_fn (vlib_main_t * vm, icmp1 = (icmp46_header_t *) udp1; sw_if_index1 = vnet_buffer(b1)->sw_if_index[VLIB_RX]; - rx_fib_index1 = vec_elt (sm->ip4_main->fib_index_by_sw_if_index, + rx_fib_index1 = vec_elt (sm->ip4_main->fib_index_by_sw_if_index, sw_if_index1); if (PREDICT_FALSE(ip1->ttl == 1)) @@ -991,8 +991,8 @@ snat_out2in_node_fn (vlib_main_t * vm, if (PREDICT_FALSE (proto1 == SNAT_PROTOCOL_ICMP)) { - next1 = icmp_out2in_slow_path - (sm, b1, ip1, icmp1, sw_if_index1, rx_fib_index1, node, + next1 = icmp_out2in_slow_path + (sm, b1, ip1, icmp1, sw_if_index1, rx_fib_index1, node, next1, now, thread_index, &s1); goto trace1; } @@ -1001,7 +1001,7 @@ snat_out2in_node_fn (vlib_main_t * vm, key1.port = udp1->dst_port; key1.protocol = proto1; key1.fib_index = rx_fib_index1; - + kv1.key = key1.as_u64; if (clib_bihash_search_8_8 (&sm->out2in, &kv1, &value1)) @@ -1011,12 +1011,12 @@ snat_out2in_node_fn (vlib_main_t * vm, if (snat_static_mapping_match(sm, key1, &sm1, 1, 0)) { b1->error = node->errors[SNAT_OUT2IN_ERROR_NO_TRANSLATION]; - /* + /* * Send DHCP packets to the ipv4 stack, or we won't * be able to use dhcp client on the outside interface */ - if (proto1 != SNAT_PROTOCOL_UDP - || (udp1->dst_port + if (proto1 != SNAT_PROTOCOL_UDP + || (udp1->dst_port != clib_host_to_net_u16(UDP_DST_PORT_dhcp_to_client))) next1 = SNAT_OUT2IN_NEXT_DROP; goto trace1; @@ -1085,10 +1085,10 @@ snat_out2in_node_fn (vlib_main_t * vm, } trace1: - if (PREDICT_FALSE((node->flags & VLIB_NODE_FLAG_TRACE) - && (b1->flags & VLIB_BUFFER_IS_TRACED))) + if (PREDICT_FALSE((node->flags & VLIB_NODE_FLAG_TRACE) + && (b1->flags & VLIB_BUFFER_IS_TRACED))) { - snat_out2in_trace_t *t = + snat_out2in_trace_t *t = vlib_add_trace (vm, node, b1, sizeof (*t)); t->sw_if_index = sw_if_index1; t->next_index = next1; @@ -1123,7 +1123,7 @@ snat_out2in_node_fn (vlib_main_t * vm, u32 proto0; snat_session_t * s0 = 0; clib_bihash_kv_8_8_t kv0, value0; - + /* speculatively enqueue b0 to the current next frame */ bi0 = from[0]; to_next[0] = bi0; @@ -1142,7 +1142,7 @@ snat_out2in_node_fn (vlib_main_t * vm, icmp0 = (icmp46_header_t *) udp0; sw_if_index0 = vnet_buffer(b0)->sw_if_index[VLIB_RX]; - rx_fib_index0 = vec_elt (sm->ip4_main->fib_index_by_sw_if_index, + rx_fib_index0 = vec_elt (sm->ip4_main->fib_index_by_sw_if_index, sw_if_index0); proto0 = ip_proto_to_snat_proto (ip0->protocol); @@ -1166,8 +1166,8 @@ snat_out2in_node_fn (vlib_main_t * vm, if (PREDICT_FALSE (proto0 == SNAT_PROTOCOL_ICMP)) { - next0 = icmp_out2in_slow_path - (sm, b0, ip0, icmp0, sw_if_index0, rx_fib_index0, node, + next0 = icmp_out2in_slow_path + (sm, b0, ip0, icmp0, sw_if_index0, rx_fib_index0, node, next0, now, thread_index, &s0); goto trace00; } @@ -1176,7 +1176,7 @@ snat_out2in_node_fn (vlib_main_t * vm, key0.port = udp0->dst_port; key0.protocol = proto0; key0.fib_index = rx_fib_index0; - + kv0.key = key0.as_u64; if (clib_bihash_search_8_8 (&sm->out2in, &kv0, &value0)) @@ -1186,12 +1186,12 @@ snat_out2in_node_fn (vlib_main_t * vm, if (snat_static_mapping_match(sm, key0, &sm0, 1, 0)) { b0->error = node->errors[SNAT_OUT2IN_ERROR_NO_TRANSLATION]; - /* + /* * Send DHCP packets to the ipv4 stack, or we won't * be able to use dhcp client on the outside interface */ - if (proto0 != SNAT_PROTOCOL_UDP - || (udp0->dst_port + if (proto0 != SNAT_PROTOCOL_UDP + || (udp0->dst_port != clib_host_to_net_u16(UDP_DST_PORT_dhcp_to_client))) next0 = SNAT_OUT2IN_NEXT_DROP; @@ -1261,10 +1261,10 @@ snat_out2in_node_fn (vlib_main_t * vm, } trace00: - if (PREDICT_FALSE((node->flags & VLIB_NODE_FLAG_TRACE) - && (b0->flags & VLIB_BUFFER_IS_TRACED))) + if (PREDICT_FALSE((node->flags & VLIB_NODE_FLAG_TRACE) + && (b0->flags & VLIB_BUFFER_IS_TRACED))) { - snat_out2in_trace_t *t = + snat_out2in_trace_t *t = vlib_add_trace (vm, node, b0, sizeof (*t)); t->sw_if_index = sw_if_index0; t->next_index = next0; @@ -1284,24 +1284,24 @@ snat_out2in_node_fn (vlib_main_t * vm, vlib_put_next_frame (vm, node, next_index, n_left_to_next); } - vlib_node_increment_counter (vm, snat_out2in_node.index, - SNAT_OUT2IN_ERROR_OUT2IN_PACKETS, + vlib_node_increment_counter (vm, snat_out2in_node.index, + SNAT_OUT2IN_ERROR_OUT2IN_PACKETS, pkts_processed); return frame->n_vectors; } VLIB_REGISTER_NODE (snat_out2in_node) = { .function = snat_out2in_node_fn, - .name = "snat-out2in", + .name = "nat44-out2in", .vector_size = sizeof (u32), .format_trace = format_snat_out2in_trace, .type = VLIB_NODE_TYPE_INTERNAL, - + .n_errors = ARRAY_LEN(snat_out2in_error_strings), .error_strings = snat_out2in_error_strings, .runtime_data_bytes = sizeof (snat_runtime_t), - + .n_next_nodes = SNAT_OUT2IN_N_NEXT, /* edit / add dispositions here */ @@ -1779,7 +1779,7 @@ snat_det_out2in_node_fn (vlib_main_t * vm, VLIB_REGISTER_NODE (snat_det_out2in_node) = { .function = snat_det_out2in_node_fn, - .name = "snat-det-out2in", + .name = "nat44-det-out2in", .vector_size = sizeof (u32), .format_trace = format_snat_out2in_trace, .type = VLIB_NODE_TYPE_INTERNAL, @@ -1801,11 +1801,11 @@ VLIB_REGISTER_NODE (snat_det_out2in_node) = { VLIB_NODE_FUNCTION_MULTIARCH (snat_det_out2in_node, snat_det_out2in_node_fn); /** - * Get address and port values to be used for packet SNAT translation + * Get address and port values to be used for ICMP packet translation * and create session if needed * - * @param[in,out] sm SNAT main - * @param[in,out] node SNAT node runtime + * @param[in,out] sm NAT main + * @param[in,out] node NAT node runtime * @param[in] thread_index thread index * @param[in,out] b0 buffer containing packet to be translated * @param[out] p_proto protocol used for matching @@ -2089,11 +2089,11 @@ snat_out2in_worker_handoff_fn (vlib_main_t * vm, VLIB_REGISTER_NODE (snat_out2in_worker_handoff_node) = { .function = snat_out2in_worker_handoff_fn, - .name = "snat-out2in-worker-handoff", + .name = "nat44-out2in-worker-handoff", .vector_size = sizeof (u32), .format_trace = format_snat_out2in_worker_handoff_trace, .type = VLIB_NODE_TYPE_INTERNAL, - + .n_next_nodes = 1, .next_nodes = { @@ -2105,7 +2105,7 @@ VLIB_NODE_FUNCTION_MULTIARCH (snat_out2in_worker_handoff_node, snat_out2in_worke static uword snat_out2in_fast_node_fn (vlib_main_t * vm, - vlib_node_runtime_t * node, + vlib_node_runtime_t * node, vlib_frame_t * frame) { u32 n_left_from, * from, * to_next; @@ -2272,16 +2272,16 @@ snat_out2in_fast_node_fn (vlib_main_t * vm, VLIB_REGISTER_NODE (snat_out2in_fast_node) = { .function = snat_out2in_fast_node_fn, - .name = "snat-out2in-fast", + .name = "nat44-out2in-fast", .vector_size = sizeof (u32), .format_trace = format_snat_out2in_fast_trace, .type = VLIB_NODE_TYPE_INTERNAL, - + .n_errors = ARRAY_LEN(snat_out2in_error_strings), .error_strings = snat_out2in_error_strings, .runtime_data_bytes = sizeof (snat_runtime_t), - + .n_next_nodes = SNAT_OUT2IN_N_NEXT, /* edit / add dispositions here */ diff --git a/src/plugins/snat.am b/src/plugins/snat.am deleted file mode 100644 index 6b75f3d2..00000000 --- a/src/plugins/snat.am +++ /dev/null @@ -1,41 +0,0 @@ - -# Copyright (c) <current-year> <your-organization> -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at: -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -vppapitestplugins_LTLIBRARIES += snat_test_plugin.la -vppplugins_LTLIBRARIES += snat_plugin.la - -snat_plugin_la_SOURCES = snat/snat.c \ - snat/snat_api.c \ - snat/in2out.c \ - snat/out2in.c \ - snat/snat_plugin.api.h \ - snat/snat_ipfix_logging.c \ - snat/snat_det.c \ - snat/nat64.c \ - snat/nat64_cli.c \ - snat/nat64_in2out.c \ - snat/nat64_out2in.c \ - snat/nat64_db.c - -API_FILES += snat/snat.api - -nobase_apiinclude_HEADERS += \ - snat/snat_all_api_h.h \ - snat/snat_msg_enum.h \ - snat/snat.api.h - -snat_test_plugin_la_SOURCES = \ - snat/snat_test.c snat/snat_plugin.api.h - -# vi:syntax=automake |