diff options
author | Filip Varga <fivarga@cisco.com> | 2020-07-21 10:27:39 +0200 |
---|---|---|
committer | Ole Trøan <otroan@employees.org> | 2020-08-13 10:06:33 +0000 |
commit | 603e75465899385a95350f3c96499050f7f960a5 (patch) | |
tree | f7a7130769ea795c1c3460db3aea99a49a309b13 /src/plugins/nat/det44/det44_api.c | |
parent | de118da58e80aec43f4b816a1ea957634a8bc07c (diff) |
nat: move deterministic nat to det44 sub feature
Type: refactor
Change-Id: I0bb203102a0e13dd7448e2125925ab356bbd7937
Signed-off-by: Filip Varga <fivarga@cisco.com>
Diffstat (limited to 'src/plugins/nat/det44/det44_api.c')
-rw-r--r-- | src/plugins/nat/det44/det44_api.c | 633 |
1 files changed, 633 insertions, 0 deletions
diff --git a/src/plugins/nat/det44/det44_api.c b/src/plugins/nat/det44/det44_api.c new file mode 100644 index 00000000000..7c7b1788009 --- /dev/null +++ b/src/plugins/nat/det44/det44_api.c @@ -0,0 +1,633 @@ +/* + * Copyright (c) 2020 Cisco and/or its affiliates. + * * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/** + * @file + * @brief Deterministic NAT (CGN) plugin API implementation + */ + +#include <vnet/ip/ip_types_api.h> +#include <nat/det44/det44.h> +#include <nat/det44/det44.api_enum.h> +#include <nat/det44/det44.api_types.h> +#include <vnet/fib/fib_table.h> +#include <vnet/ip/ip.h> + +#include <vlibmemory/api.h> + +#define REPLY_MSG_ID_BASE dm->msg_id_base +#include <vlibapi/api_helper_macros.h> + +static void +vl_api_det44_add_del_map_t_handler (vl_api_det44_add_del_map_t * mp) +{ + det44_main_t *dm = &det44_main; + vl_api_det44_add_del_map_reply_t *rmp; + int rv = 0; + ip4_address_t in_addr, out_addr; + clib_memcpy (&in_addr, mp->in_addr, 4); + clib_memcpy (&out_addr, mp->out_addr, 4); + rv = snat_det_add_map (&in_addr, mp->in_plen, &out_addr, + mp->out_plen, mp->is_add); + REPLY_MACRO (VL_API_DET44_ADD_DEL_MAP_REPLY); +} + +static void +vl_api_det44_forward_t_handler (vl_api_det44_forward_t * mp) +{ + det44_main_t *dm = &det44_main; + vl_api_det44_forward_reply_t *rmp; + int rv = 0; + u16 lo_port = 0, hi_port = 0; + snat_det_map_t *m; + ip4_address_t in_addr, out_addr; + + out_addr.as_u32 = 0; + clib_memcpy (&in_addr, mp->in_addr, 4); + m = snat_det_map_by_user (&in_addr); + if (!m) + { + rv = VNET_API_ERROR_NO_SUCH_ENTRY; + goto send_reply; + } + + snat_det_forward (m, &in_addr, &out_addr, &lo_port); + hi_port = lo_port + m->ports_per_host - 1; + +send_reply: + /* *INDENT-OFF* */ + REPLY_MACRO2 (VL_API_DET44_FORWARD_REPLY, + ({ + rmp->out_port_lo = ntohs (lo_port); + rmp->out_port_hi = ntohs (hi_port); + clib_memcpy (rmp->out_addr, &out_addr, 4); + })) + /* *INDENT-ON* */ +} + +static void +vl_api_det44_reverse_t_handler (vl_api_det44_reverse_t * mp) +{ + det44_main_t *dm = &det44_main; + vl_api_det44_reverse_reply_t *rmp; + int rv = 0; + ip4_address_t out_addr, in_addr; + snat_det_map_t *m; + + in_addr.as_u32 = 0; + clib_memcpy (&out_addr, mp->out_addr, 4); + m = snat_det_map_by_out (&out_addr); + if (!m) + { + rv = VNET_API_ERROR_NO_SUCH_ENTRY; + goto send_reply; + } + + snat_det_reverse (m, &out_addr, htons (mp->out_port), &in_addr); + +send_reply: + /* *INDENT-OFF* */ + REPLY_MACRO2 (VL_API_DET44_REVERSE_REPLY, + ({ + clib_memcpy (rmp->in_addr, &in_addr, 4); + })) + /* *INDENT-ON* */ +} + +static void +sent_det44_map_details (snat_det_map_t * m, vl_api_registration_t * reg, + u32 context) +{ + det44_main_t *dm = &det44_main; + vl_api_det44_map_details_t *rmp; + + rmp = vl_msg_api_alloc (sizeof (*rmp)); + clib_memset (rmp, 0, sizeof (*rmp)); + rmp->_vl_msg_id = ntohs (VL_API_DET44_MAP_DETAILS + dm->msg_id_base); + clib_memcpy (rmp->in_addr, &m->in_addr, 4); + rmp->in_plen = m->in_plen; + clib_memcpy (rmp->out_addr, &m->out_addr, 4); + rmp->out_plen = m->out_plen; + rmp->sharing_ratio = htonl (m->sharing_ratio); + rmp->ports_per_host = htons (m->ports_per_host); + rmp->ses_num = htonl (m->ses_num); + rmp->context = context; + + vl_api_send_msg (reg, (u8 *) rmp); +} + +static void +vl_api_det44_map_dump_t_handler (vl_api_det44_map_dump_t * mp) +{ + det44_main_t *dm = &det44_main; + vl_api_registration_t *reg; + snat_det_map_t *m; + + reg = vl_api_client_index_to_registration (mp->client_index); + if (!reg) + return; + + /* *INDENT-OFF* */ + vec_foreach(m, dm->det_maps) + sent_det44_map_details(m, reg, mp->context); + /* *INDENT-ON* */ +} + +static void +vl_api_det44_close_session_out_t_handler (vl_api_det44_close_session_out_t + * mp) +{ + det44_main_t *dm = &det44_main; + vl_api_det44_close_session_out_reply_t *rmp; + ip4_address_t out_addr, ext_addr, in_addr; + snat_det_out_key_t key; + snat_det_map_t *m; + snat_det_session_t *ses; + int rv = 0; + + clib_memcpy (&out_addr, mp->out_addr, 4); + clib_memcpy (&ext_addr, mp->ext_addr, 4); + + m = snat_det_map_by_out (&out_addr); + if (!m) + { + rv = VNET_API_ERROR_NO_SUCH_ENTRY; + goto send_reply; + } + snat_det_reverse (m, &ext_addr, ntohs (mp->out_port), &in_addr); + key.ext_host_addr = ext_addr; + key.ext_host_port = mp->ext_port; + key.out_port = mp->out_port; + ses = snat_det_get_ses_by_out (m, &in_addr, key.as_u64); + if (!ses) + { + rv = VNET_API_ERROR_NO_SUCH_ENTRY; + goto send_reply; + } + snat_det_ses_close (m, ses); + +send_reply: + REPLY_MACRO (VL_API_DET44_CLOSE_SESSION_OUT_REPLY); +} + +static void +vl_api_det44_close_session_in_t_handler (vl_api_det44_close_session_in_t * mp) +{ + det44_main_t *dm = &det44_main; + vl_api_det44_close_session_in_reply_t *rmp; + ip4_address_t in_addr, ext_addr; + snat_det_out_key_t key; + snat_det_map_t *m; + snat_det_session_t *ses; + int rv = 0; + + clib_memcpy (&in_addr, mp->in_addr, 4); + clib_memcpy (&ext_addr, mp->ext_addr, 4); + + m = snat_det_map_by_user (&in_addr); + if (!m) + { + rv = VNET_API_ERROR_NO_SUCH_ENTRY; + goto send_reply; + } + key.ext_host_addr = ext_addr; + key.ext_host_port = mp->ext_port; + ses = snat_det_find_ses_by_in (m, &in_addr, mp->in_port, key); + if (!ses) + { + rv = VNET_API_ERROR_NO_SUCH_ENTRY; + goto send_reply; + } + snat_det_ses_close (m, ses); + +send_reply: + REPLY_MACRO (VL_API_DET44_CLOSE_SESSION_OUT_REPLY); +} + +static void +send_det44_session_details (snat_det_session_t * s, + vl_api_registration_t * reg, u32 context) +{ + det44_main_t *dm = &det44_main; + vl_api_det44_session_details_t *rmp; + + rmp = vl_msg_api_alloc (sizeof (*rmp)); + clib_memset (rmp, 0, sizeof (*rmp)); + rmp->_vl_msg_id = ntohs (VL_API_DET44_SESSION_DETAILS + dm->msg_id_base); + rmp->in_port = s->in_port; + clib_memcpy (rmp->ext_addr, &s->out.ext_host_addr, 4); + rmp->ext_port = s->out.ext_host_port; + rmp->out_port = s->out.out_port; + rmp->state = s->state; + rmp->expire = ntohl (s->expire); + rmp->context = context; + + vl_api_send_msg (reg, (u8 *) rmp); +} + +static void +vl_api_det44_session_dump_t_handler (vl_api_det44_session_dump_t * mp) +{ + vl_api_registration_t *reg; + ip4_address_t user_addr; + snat_det_map_t *m; + snat_det_session_t *s, empty_ses; + u16 i; + + reg = vl_api_client_index_to_registration (mp->client_index); + if (!reg) + return; + + clib_memset (&empty_ses, 0, sizeof (empty_ses)); + clib_memcpy (&user_addr, mp->user_addr, 4); + m = snat_det_map_by_user (&user_addr); + if (!m) + return; + + s = m->sessions + snat_det_user_ses_offset (&user_addr, m->in_plen); + for (i = 0; i < DET44_SES_PER_USER; i++) + { + if (s->out.as_u64) + send_det44_session_details (s, reg, mp->context); + s++; + } +} + +static void + vl_api_det44_plugin_enable_disable_t_handler + (vl_api_det44_plugin_enable_disable_t * mp) +{ + det44_main_t *dm = &det44_main; + vl_api_det44_plugin_enable_disable_reply_t *rmp; + det44_config_t c = { 0 }; + int rv = 0; + if (mp->enable) + { + c.outside_vrf_id = ntohl (mp->outside_vrf); + c.inside_vrf_id = ntohl (mp->inside_vrf); + rv = det44_plugin_enable (c); + } + else + { + rv = det44_plugin_disable (); + } + REPLY_MACRO (VL_API_DET44_PLUGIN_ENABLE_DISABLE_REPLY); +} + +static void + vl_api_det44_interface_add_del_feature_t_handler + (vl_api_det44_interface_add_del_feature_t * mp) +{ + det44_main_t *dm = &det44_main; + vl_api_det44_interface_add_del_feature_reply_t *rmp; + u32 sw_if_index = ntohl (mp->sw_if_index); + int rv = 0; + VALIDATE_SW_IF_INDEX (mp); + rv = det44_interface_add_del (sw_if_index, mp->is_inside, !mp->is_add); + BAD_SW_IF_INDEX_LABEL; + REPLY_MACRO (VL_API_DET44_INTERFACE_ADD_DEL_FEATURE_REPLY); +} + +static void +det44_send_interface_details (det44_interface_t * i, + vl_api_registration_t * reg, u32 context) +{ + det44_main_t *dm = &det44_main; + vl_api_det44_interface_details_t *rmp; + + rmp = vl_msg_api_alloc (sizeof (*rmp)); + clib_memset (rmp, 0, sizeof (*rmp)); + rmp->_vl_msg_id = ntohs (VL_API_DET44_INTERFACE_DETAILS + dm->msg_id_base); + rmp->sw_if_index = ntohl (i->sw_if_index); + rmp->is_outside = det44_interface_is_outside (i); + rmp->is_inside = det44_interface_is_inside (i); + rmp->context = context; + vl_api_send_msg (reg, (u8 *) rmp); +} + +static void +vl_api_det44_interface_dump_t_handler (vl_api_det44_interface_dump_t * mp) +{ + det44_main_t *dm = &det44_main; + vl_api_registration_t *reg; + det44_interface_t *i; + + reg = vl_api_client_index_to_registration (mp->client_index); + if (!reg) + return; + + /* *INDENT-OFF* */ + pool_foreach (i, dm->interfaces, + ({ + det44_send_interface_details(i, reg, mp->context); + })); + /* *INDENT-ON* */ +} + +static void +vl_api_det44_set_timeouts_t_handler (vl_api_det44_set_timeouts_t * mp) +{ + det44_main_t *dm = &det44_main; + vl_api_det44_set_timeouts_reply_t *rmp; + nat_timeouts_t timeouts; + int rv = 0; + timeouts.udp = ntohl (mp->udp); + timeouts.tcp.established = ntohl (mp->tcp_established); + timeouts.tcp.transitory = ntohl (mp->tcp_transitory); + timeouts.icmp = ntohl (mp->icmp); + rv = det44_set_timeouts (&timeouts); + REPLY_MACRO (VL_API_DET44_SET_TIMEOUTS_REPLY); +} + +static void +vl_api_det44_get_timeouts_t_handler (vl_api_det44_get_timeouts_t * mp) +{ + det44_main_t *dm = &det44_main; + vl_api_det44_get_timeouts_reply_t *rmp; + nat_timeouts_t timeouts; + int rv = 0; + timeouts = det44_get_timeouts (); + /* *INDENT-OFF* */ + REPLY_MACRO2 (VL_API_DET44_GET_TIMEOUTS_REPLY, + ({ + rmp->udp = htonl (timeouts.udp); + rmp->tcp_established = htonl (timeouts.tcp.established); + rmp->tcp_transitory = htonl (timeouts.tcp.transitory); + rmp->icmp = htonl (timeouts.icmp); + })) + /* *INDENT-ON* */ +} + +/* + * Obsolete deterministic API to be removed + */ + +static void +vl_api_nat_det_add_del_map_t_handler (vl_api_nat_det_add_del_map_t * mp) +{ + det44_main_t *dm = &det44_main; + vl_api_nat_det_add_del_map_reply_t *rmp; + int rv = 0; + ip4_address_t in_addr, out_addr; + + clib_memcpy (&in_addr, mp->in_addr, 4); + clib_memcpy (&out_addr, mp->out_addr, 4); + rv = snat_det_add_map (&in_addr, mp->in_plen, &out_addr, + mp->out_plen, mp->is_add); + REPLY_MACRO (VL_API_NAT_DET_ADD_DEL_MAP_REPLY); +} + +static void +vl_api_nat_det_forward_t_handler (vl_api_nat_det_forward_t * mp) +{ + det44_main_t *dm = &det44_main; + vl_api_nat_det_forward_reply_t *rmp; + int rv = 0; + u16 lo_port = 0, hi_port = 0; + snat_det_map_t *m; + ip4_address_t in_addr, out_addr; + + out_addr.as_u32 = 0; + clib_memcpy (&in_addr, mp->in_addr, 4); + m = snat_det_map_by_user (&in_addr); + if (!m) + { + rv = VNET_API_ERROR_NO_SUCH_ENTRY; + goto send_reply; + } + + snat_det_forward (m, &in_addr, &out_addr, &lo_port); + hi_port = lo_port + m->ports_per_host - 1; + +send_reply: + /* *INDENT-OFF* */ + REPLY_MACRO2 (VL_API_NAT_DET_FORWARD_REPLY, + ({ + rmp->out_port_lo = ntohs (lo_port); + rmp->out_port_hi = ntohs (hi_port); + clib_memcpy (rmp->out_addr, &out_addr, 4); + })) + /* *INDENT-ON* */ +} + +static void +vl_api_nat_det_reverse_t_handler (vl_api_nat_det_reverse_t * mp) +{ + det44_main_t *dm = &det44_main; + vl_api_nat_det_reverse_reply_t *rmp; + int rv = 0; + ip4_address_t out_addr, in_addr; + snat_det_map_t *m; + + in_addr.as_u32 = 0; + clib_memcpy (&out_addr, mp->out_addr, 4); + m = snat_det_map_by_out (&out_addr); + if (!m) + { + rv = VNET_API_ERROR_NO_SUCH_ENTRY; + goto send_reply; + } + + snat_det_reverse (m, &out_addr, htons (mp->out_port), &in_addr); + +send_reply: + /* *INDENT-OFF* */ + REPLY_MACRO2 (VL_API_NAT_DET_REVERSE_REPLY, + ({ + clib_memcpy (rmp->in_addr, &in_addr, 4); + })) + /* *INDENT-ON* */ +} + +static void +sent_nat_det_map_details (snat_det_map_t * m, vl_api_registration_t * reg, + u32 context) +{ + det44_main_t *dm = &det44_main; + vl_api_nat_det_map_details_t *rmp; + + rmp = vl_msg_api_alloc (sizeof (*rmp)); + clib_memset (rmp, 0, sizeof (*rmp)); + rmp->_vl_msg_id = ntohs (VL_API_NAT_DET_MAP_DETAILS + dm->msg_id_base); + clib_memcpy (rmp->in_addr, &m->in_addr, 4); + rmp->in_plen = m->in_plen; + clib_memcpy (rmp->out_addr, &m->out_addr, 4); + rmp->out_plen = m->out_plen; + rmp->sharing_ratio = htonl (m->sharing_ratio); + rmp->ports_per_host = htons (m->ports_per_host); + rmp->ses_num = htonl (m->ses_num); + rmp->context = context; + + vl_api_send_msg (reg, (u8 *) rmp); +} + +static void +vl_api_nat_det_map_dump_t_handler (vl_api_nat_det_map_dump_t * mp) +{ + det44_main_t *dm = &det44_main; + vl_api_registration_t *reg; + snat_det_map_t *m; + + reg = vl_api_client_index_to_registration (mp->client_index); + if (!reg) + return; + + /* *INDENT-OFF* */ + vec_foreach(m, dm->det_maps) + sent_nat_det_map_details(m, reg, mp->context); + /* *INDENT-ON* */ +} + +static void +vl_api_nat_det_close_session_out_t_handler (vl_api_nat_det_close_session_out_t + * mp) +{ + det44_main_t *dm = &det44_main; + vl_api_nat_det_close_session_out_reply_t *rmp; + ip4_address_t out_addr, ext_addr, in_addr; + snat_det_out_key_t key; + snat_det_map_t *m; + snat_det_session_t *ses; + int rv = 0; + + clib_memcpy (&out_addr, mp->out_addr, 4); + clib_memcpy (&ext_addr, mp->ext_addr, 4); + + m = snat_det_map_by_out (&out_addr); + if (!m) + { + rv = VNET_API_ERROR_NO_SUCH_ENTRY; + goto send_reply; + } + snat_det_reverse (m, &ext_addr, ntohs (mp->out_port), &in_addr); + key.ext_host_addr = ext_addr; + key.ext_host_port = mp->ext_port; + key.out_port = mp->out_port; + ses = snat_det_get_ses_by_out (m, &in_addr, key.as_u64); + if (!ses) + { + rv = VNET_API_ERROR_NO_SUCH_ENTRY; + goto send_reply; + } + snat_det_ses_close (m, ses); + +send_reply: + REPLY_MACRO (VL_API_NAT_DET_CLOSE_SESSION_OUT_REPLY); +} + +static void +vl_api_nat_det_close_session_in_t_handler (vl_api_nat_det_close_session_in_t * + mp) +{ + det44_main_t *dm = &det44_main; + vl_api_nat_det_close_session_in_reply_t *rmp; + ip4_address_t in_addr, ext_addr; + snat_det_out_key_t key; + snat_det_map_t *m; + snat_det_session_t *ses; + int rv = 0; + + clib_memcpy (&in_addr, mp->in_addr, 4); + clib_memcpy (&ext_addr, mp->ext_addr, 4); + + m = snat_det_map_by_user (&in_addr); + if (!m) + { + rv = VNET_API_ERROR_NO_SUCH_ENTRY; + goto send_reply; + } + key.ext_host_addr = ext_addr; + key.ext_host_port = mp->ext_port; + ses = snat_det_find_ses_by_in (m, &in_addr, mp->in_port, key); + if (!ses) + { + rv = VNET_API_ERROR_NO_SUCH_ENTRY; + goto send_reply; + } + snat_det_ses_close (m, ses); + +send_reply: + REPLY_MACRO (VL_API_NAT_DET_CLOSE_SESSION_OUT_REPLY); +} + +static void +send_nat_det_session_details (snat_det_session_t * s, + vl_api_registration_t * reg, u32 context) +{ + det44_main_t *dm = &det44_main; + vl_api_nat_det_session_details_t *rmp; + + rmp = vl_msg_api_alloc (sizeof (*rmp)); + clib_memset (rmp, 0, sizeof (*rmp)); + rmp->_vl_msg_id = ntohs (VL_API_NAT_DET_SESSION_DETAILS + dm->msg_id_base); + rmp->in_port = s->in_port; + clib_memcpy (rmp->ext_addr, &s->out.ext_host_addr, 4); + rmp->ext_port = s->out.ext_host_port; + rmp->out_port = s->out.out_port; + rmp->state = s->state; + rmp->expire = ntohl (s->expire); + rmp->context = context; + + vl_api_send_msg (reg, (u8 *) rmp); +} + +static void +vl_api_nat_det_session_dump_t_handler (vl_api_nat_det_session_dump_t * mp) +{ + vl_api_registration_t *reg; + ip4_address_t user_addr; + snat_det_map_t *m; + snat_det_session_t *s, empty_ses; + u16 i; + + reg = vl_api_client_index_to_registration (mp->client_index); + if (!reg) + return; + + clib_memset (&empty_ses, 0, sizeof (empty_ses)); + clib_memcpy (&user_addr, mp->user_addr, 4); + m = snat_det_map_by_user (&user_addr); + if (!m) + return; + + s = m->sessions + snat_det_user_ses_offset (&user_addr, m->in_plen); + for (i = 0; i < DET44_SES_PER_USER; i++) + { + if (s->out.as_u64) + send_nat_det_session_details (s, reg, mp->context); + s++; + } +} + +/* API definitions */ +#include <vnet/format_fns.h> +#include <nat/det44/det44.api.c> + +/* Set up the API message handling tables */ +clib_error_t * +det44_api_hookup (vlib_main_t * vm) +{ + det44_main_t *dm = &det44_main; + dm->msg_id_base = setup_message_id_table (); + return 0; +} + +/* + * fd.io coding-style-patch-verification: ON + * + * Local Variables: + * eval: (c-set-style "gnu") + * End: + */ |