aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorMatus Fabian <matfabia@cisco.com>2018-09-04 03:55:45 -0700
committerDamjan Marion <dmarion@me.com>2018-09-04 17:50:51 +0000
commit5d28c7afbc0abd172d0053768b2ebe37b7a6c348 (patch)
treeafdef90641a9fc25c9d24e166488e66d3e9049b7 /src
parentb17cd37bb9c86ea5d8b43efad7ce5b7fc808e528 (diff)
NAT: add support for configurable port range (VPP-1346)
Change-Id: I6882b6daa05db866fe6e78a62b380ec331507f74 Signed-off-by: Matus Fabian <matfabia@cisco.com>
Diffstat (limited to 'src')
-rw-r--r--src/plugins/nat/nat.api55
-rwxr-xr-xsrc/plugins/nat/nat.c84
-rw-r--r--src/plugins/nat/nat.h19
-rw-r--r--src/plugins/nat/nat44_cli.c60
-rw-r--r--src/plugins/nat/nat_api.c95
5 files changed, 310 insertions, 3 deletions
diff --git a/src/plugins/nat/nat.api b/src/plugins/nat/nat.api
index f1c95b2d65b..1ff288dba2a 100644
--- a/src/plugins/nat/nat.api
+++ b/src/plugins/nat/nat.api
@@ -277,6 +277,61 @@ define nat_get_timeouts_reply {
u32 icmp;
};
+/** \brief Set address and port assignment algorithm
+ @param client_index - opaque cookie to identify the sender
+ @param context - sender context, to match reply w/ request
+ @param alg - address and port assignment algorithm:
+ 0 - default, 1 - MAP-E, 2 - port range
+ (see nat_addr_and_port_alloc_alg_t in nat.h)
+ @param psid_offset - number of offset bits (valid only for MAP-E alg)
+ @param psid_length - length of PSID (valid only for MAP-E alg)
+ @param psid - Port Set Identifier (PSID) value (valid only for MAP-E alg)
+ @param start_port - beginning of the port range
+ @param end_port - end of the port range
+*/
+autoreply define nat_set_addr_and_port_alloc_alg {
+ u32 client_index;
+ u32 context;
+ u8 alg;
+ u8 psid_offset;
+ u8 psid_length;
+ u16 psid;
+ u16 start_port;
+ u16 end_port;
+};
+
+/** \brief Get address and port assignment algorithm
+ @param client_index - opaque cookie to identify the sender
+ @param context - sender context, to match reply w/ request
+*/
+define nat_get_addr_and_port_alloc_alg {
+ u32 client_index;
+ u32 context;
+};
+
+/** \brief Get address and port assignment algorithm reply
+ @param context - sender context, to match reply w/ request
+ @param retval - return code
+ @param alg - address and port assignment algorithm:
+ 0 - default, 1 - MAP-E, 2 - port range
+ (see nat_addr_and_port_alloc_alg_t in nat.h)
+ @param psid_offset - number of offset bits (valid only for MAP-E alg)
+ @param psid_length - length of PSID (valid only for MAP-E alg)
+ @param psid - Port Set Identifier (PSID) value (valid only for MAP-E alg)
+ @param start_port - beginning of the port range
+ @param end_port - end of the port range
+*/
+define nat_get_addr_and_port_alloc_alg_reply {
+ u32 context;
+ i32 retval;
+ u8 alg;
+ u8 psid_offset;
+ u8 psid_length;
+ u16 psid;
+ u16 start_port;
+ u16 end_port;
+};
+
/*
* NAT44 APIs
*/
diff --git a/src/plugins/nat/nat.c b/src/plugins/nat/nat.c
index 0ce1a60c976..fe6d6cae82f 100755
--- a/src/plugins/nat/nat.c
+++ b/src/plugins/nat/nat.c
@@ -2062,6 +2062,7 @@ static clib_error_t * snat_init (vlib_main_t * vm)
sm->tcp_transitory_timeout = SNAT_TCP_TRANSITORY_TIMEOUT;
sm->icmp_timeout = SNAT_ICMP_TIMEOUT;
sm->alloc_addr_and_port = nat_alloc_addr_and_port_default;
+ sm->addr_and_port_alloc_alg = NAT_ADDR_AND_PORT_ALLOC_ALG_DEFAULT;
sm->forwarding_enabled = 0;
sm->log_class = vlib_log_register_class ("nat", 0);
error_drop_node = vlib_get_node_by_name (vm, (u8 *) "error-drop");
@@ -2466,6 +2467,57 @@ exhausted:
return 1;
}
+static int
+nat_alloc_addr_and_port_range (snat_address_t * addresses,
+ u32 fib_index,
+ u32 thread_index,
+ snat_session_key_t * k,
+ u32 * address_indexp,
+ u16 port_per_thread,
+ u32 snat_thread_index)
+{
+ snat_main_t *sm = &snat_main;
+ snat_address_t *a = addresses;
+ u16 portnum, ports;
+
+ ports = sm->end_port - sm->start_port + 1;
+
+ if (!vec_len (addresses))
+ goto exhausted;
+
+ switch (k->protocol)
+ {
+#define _(N, i, n, s) \
+ case SNAT_PROTOCOL_##N: \
+ if (a->busy_##n##_ports < ports) \
+ { \
+ while (1) \
+ { \
+ portnum = snat_random_port(sm->start_port, sm->end_port); \
+ if (clib_bitmap_get_no_check (a->busy_##n##_port_bitmap, portnum)) \
+ continue; \
+ clib_bitmap_set_no_check (a->busy_##n##_port_bitmap, portnum, 1); \
+ a->busy_##n##_ports++; \
+ k->addr = a->addr; \
+ k->port = clib_host_to_net_u16 (portnum); \
+ *address_indexp = i; \
+ return 0; \
+ } \
+ } \
+ break;
+ foreach_snat_protocol
+#undef _
+ default:
+ nat_log_info ("unknown protocol");
+ return 1;
+ }
+
+exhausted:
+ /* Totally out of translations to use... */
+ snat_ipfix_logging_addresses_exhausted(0);
+ return 1;
+}
+
void
nat44_add_del_address_dpo (ip4_address_t addr, u8 is_add)
{
@@ -2522,6 +2574,25 @@ format_snat_protocol (u8 * s, va_list * args)
return s;
}
+u8 *
+format_nat_addr_and_port_alloc_alg (u8 * s, va_list * args)
+{
+ u32 i = va_arg (*args, u32);
+ u8 *t = 0;
+
+ switch (i)
+ {
+#define _(v, N, s) case NAT_ADDR_AND_PORT_ALLOC_ALG_##N: t = (u8 *) s; break;
+ foreach_nat_addr_and_port_alloc_alg
+#undef _
+ default:
+ s = format (s, "unknown");
+ return s;
+ }
+ s = format (s, "%s", t);
+ return s;
+}
+
u8 * format_snat_key (u8 * s, va_list * args);
u8 * format_static_mapping_key (u8 * s, va_list * args);
@@ -3550,6 +3621,7 @@ nat_set_alloc_addr_and_port_mape (u16 psid, u16 psid_offset, u16 psid_length)
{
snat_main_t *sm = &snat_main;
+ sm->addr_and_port_alloc_alg = NAT_ADDR_AND_PORT_ALLOC_ALG_MAPE;
sm->alloc_addr_and_port = nat_alloc_addr_and_port_mape;
sm->psid = psid;
sm->psid_offset = psid_offset;
@@ -3557,10 +3629,22 @@ nat_set_alloc_addr_and_port_mape (u16 psid, u16 psid_offset, u16 psid_length)
}
void
+nat_set_alloc_addr_and_port_range (u16 start_port, u16 end_port)
+{
+ snat_main_t *sm = &snat_main;
+
+ sm->addr_and_port_alloc_alg = NAT_ADDR_AND_PORT_ALLOC_ALG_RANGE;
+ sm->alloc_addr_and_port = nat_alloc_addr_and_port_range;
+ sm->start_port = start_port;
+ sm->end_port = end_port;
+}
+
+void
nat_set_alloc_addr_and_port_default (void)
{
snat_main_t *sm = &snat_main;
+ sm->addr_and_port_alloc_alg = NAT_ADDR_AND_PORT_ALLOC_ALG_DEFAULT;
sm->alloc_addr_and_port = nat_alloc_addr_and_port_default;
}
diff --git a/src/plugins/nat/nat.h b/src/plugins/nat/nat.h
index 660fb4c2965..d8d0b2a9c4d 100644
--- a/src/plugins/nat/nat.h
+++ b/src/plugins/nat/nat.h
@@ -96,6 +96,16 @@ typedef struct {
};
} snat_user_key_t;
+#define foreach_nat_addr_and_port_alloc_alg \
+ _(0, DEFAULT, "default") \
+ _(1, MAPE, "map-e") \
+ _(2, RANGE, "port-range")
+
+typedef enum {
+#define _(v, N, s) NAT_ADDR_AND_PORT_ALLOC_ALG_##N = v,
+ foreach_nat_addr_and_port_alloc_alg
+#undef _
+} nat_addr_and_port_alloc_alg_t;
#define foreach_snat_protocol \
_(UDP, 0, udp, "udp") \
@@ -361,10 +371,17 @@ typedef struct snat_main_s {
/* Vector of outside addresses */
snat_address_t * addresses;
+ /* Address and port allocation function */
nat_alloc_out_addr_and_port_function_t *alloc_addr_and_port;
+ /* Address and port allocation type */
+ nat_addr_and_port_alloc_alg_t addr_and_port_alloc_alg;
+ /* Port set parameters (MAP-E) */
u8 psid_offset;
u8 psid_length;
u16 psid;
+ /* Port range parameters */
+ u16 start_port;
+ u16 end_port;
/* vector of outside fibs */
nat_outside_fib_t * outside_fibs;
@@ -631,6 +648,7 @@ int snat_add_interface_address(snat_main_t *sm, u32 sw_if_index, int is_del,
u8 twice_nat);
uword unformat_snat_protocol(unformat_input_t * input, va_list * args);
u8 * format_snat_protocol(u8 * s, va_list * args);
+u8 * format_nat_addr_and_port_alloc_alg(u8 * s, va_list * args);
int nat44_add_del_lb_static_mapping (ip4_address_t e_addr, u16 e_port,
snat_protocol_t proto,
nat44_lb_addr_port_t *locals, u8 is_add,
@@ -651,6 +669,7 @@ snat_session_t * nat_ed_session_alloc (snat_main_t *sm, snat_user_t *u,
u32 thread_index);
void nat_set_alloc_addr_and_port_mape (u16 psid, u16 psid_offset,
u16 psid_length);
+void nat_set_alloc_addr_and_port_range (u16 start_port, u16 end_port);
void nat_set_alloc_addr_and_port_default (void);
int nat44_i2o_ed_is_idle_session_cb (clib_bihash_kv_16_8_t *kv, void *arg);
int nat44_o2i_ed_is_idle_session_cb (clib_bihash_kv_16_8_t *kv, void *arg);
diff --git a/src/plugins/nat/nat44_cli.c b/src/plugins/nat/nat44_cli.c
index 3847502ca7e..17a3827dee6 100644
--- a/src/plugins/nat/nat44_cli.c
+++ b/src/plugins/nat/nat44_cli.c
@@ -214,7 +214,7 @@ nat44_set_alloc_addr_and_port_alg_command_fn (vlib_main_t * vm,
unformat_input_t _line_input, *line_input = &_line_input;
snat_main_t *sm = &snat_main;
clib_error_t *error = 0;
- u32 psid, psid_offset, psid_length;
+ u32 psid, psid_offset, psid_length, port_start, port_end;
if (sm->deterministic)
return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
@@ -234,6 +234,20 @@ nat44_set_alloc_addr_and_port_alg_command_fn (vlib_main_t * vm,
nat_set_alloc_addr_and_port_mape ((u16) psid, (u16) psid_offset,
(u16) psid_length);
else
+ if (unformat
+ (line_input, "port-range %d - %d", &port_start, &port_end))
+ {
+ if (port_end <= port_start)
+ {
+ error =
+ clib_error_return (0,
+ "The end-port must be greater than start-port");
+ goto done;
+ }
+ nat_set_alloc_addr_and_port_range ((u16) port_start,
+ (u16) port_end);
+ }
+ else
{
error = clib_error_return (0, "unknown input '%U'",
format_unformat_error, line_input);
@@ -248,6 +262,36 @@ done:
};
static clib_error_t *
+nat44_show_alloc_addr_and_port_alg_command_fn (vlib_main_t * vm,
+ unformat_input_t * input,
+ vlib_cli_command_t * cmd)
+{
+ snat_main_t *sm = &snat_main;
+
+ if (sm->deterministic)
+ return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
+
+ vlib_cli_output (vm, "NAT address and port: %U",
+ format_nat_addr_and_port_alloc_alg,
+ sm->addr_and_port_alloc_alg);
+ switch (sm->addr_and_port_alloc_alg)
+ {
+ case NAT_ADDR_AND_PORT_ALLOC_ALG_MAPE:
+ vlib_cli_output (vm, " psid %d psid-offset %d psid-len %d", sm->psid,
+ sm->psid_offset, sm->psid_length);
+ break;
+ case NAT_ADDR_AND_PORT_ALLOC_ALG_RANGE:
+ vlib_cli_output (vm, " start-port %d end-port %d", sm->start_port,
+ sm->end_port);
+ break;
+ default:
+ break;
+ }
+
+ return 0;
+}
+
+static clib_error_t *
add_address_command_fn (vlib_main_t * vm,
unformat_input_t * input, vlib_cli_command_t * cmd)
{
@@ -1634,6 +1678,8 @@ VLIB_CLI_COMMAND (snat_ipfix_logging_enable_disable_command, static) = {
* Set address and port assignment algorithm
* For the MAP-E CE limit port choice based on PSID use:
* vpp# nat addr-port-assignment-alg map-e psid 10 psid-offset 6 psid-len 6
+ * For port range use:
+ * vpp# nat addr-port-assignment-alg port-range <start-port> - <end-port>
* To set standard (default) address and port assignment algorithm use:
* vpp# nat addr-port-assignment-alg default
* @cliexend
@@ -1646,6 +1692,18 @@ VLIB_CLI_COMMAND (nat44_set_alloc_addr_and_port_alg_command, static) = {
/*?
* @cliexpar
+ * @cliexstart{show nat addr-port-assignment-alg}
+ * Show address and port assignment algorithm
+ * @cliexend
+?*/
+VLIB_CLI_COMMAND (nat44_show_alloc_addr_and_port_alg_command, static) = {
+ .path = "show nat addr-port-assignment-alg",
+ .short_help = "show nat addr-port-assignment-alg",
+ .function = nat44_show_alloc_addr_and_port_alg_command_fn,
+};
+
+/*?
+ * @cliexpar
* @cliexstart{show nat44 hash tables}
* Show NAT44 hash tables
* @cliexend
diff --git a/src/plugins/nat/nat_api.c b/src/plugins/nat/nat_api.c
index 17009c93561..2994f8001f4 100644
--- a/src/plugins/nat/nat_api.c
+++ b/src/plugins/nat/nat_api.c
@@ -484,6 +484,95 @@ vl_api_nat_get_timeouts_t_print (vl_api_nat_get_timeouts_t * mp, void *handle)
FINISH;
}
+static void
+ vl_api_nat_set_addr_and_port_alloc_alg_t_handler
+ (vl_api_nat_set_addr_and_port_alloc_alg_t * mp)
+{
+ snat_main_t *sm = &snat_main;
+ vl_api_nat_set_addr_and_port_alloc_alg_reply_t *rmp;
+ int rv = 0;
+ u16 port_start, port_end;
+
+ if (sm->deterministic)
+ {
+ rv = VNET_API_ERROR_UNSUPPORTED;
+ goto send_reply;
+ }
+
+ switch (mp->alg)
+ {
+ case NAT_ADDR_AND_PORT_ALLOC_ALG_DEFAULT:
+ nat_set_alloc_addr_and_port_default ();
+ break;
+ case NAT_ADDR_AND_PORT_ALLOC_ALG_MAPE:
+ nat_set_alloc_addr_and_port_mape (ntohs (mp->psid), mp->psid_offset,
+ mp->psid_length);
+ break;
+ case NAT_ADDR_AND_PORT_ALLOC_ALG_RANGE:
+ port_start = ntohs (mp->start_port);
+ port_end = ntohs (mp->end_port);
+ if (port_end <= port_start)
+ {
+ rv = VNET_API_ERROR_INVALID_VALUE;
+ goto send_reply;
+ }
+ nat_set_alloc_addr_and_port_range (port_start, port_end);
+ break;
+ default:
+ rv = VNET_API_ERROR_INVALID_VALUE;
+ break;
+ }
+
+send_reply:
+ REPLY_MACRO (VL_API_NAT_SET_ADDR_AND_PORT_ALLOC_ALG_REPLY);
+}
+
+static void *vl_api_nat_set_addr_and_port_alloc_alg_t_print
+ (vl_api_nat_set_addr_and_port_alloc_alg_t * mp, void *handle)
+{
+ u8 *s;
+
+ s = format (0, "SCRIPT: nat_set_addr_and_port_alloc_alg ");
+ s = format (s, "alg %d psid_offset %d psid_length %d psid %d start_port %d "
+ "end_port %d\n",
+ ntohl (mp->alg), ntohl (mp->psid_offset),
+ ntohl (mp->psid_length), ntohs (mp->psid),
+ ntohs (mp->start_port), ntohs (mp->end_port));
+
+ FINISH;
+}
+
+static void
+ vl_api_nat_get_addr_and_port_alloc_alg_t_handler
+ (vl_api_nat_get_addr_and_port_alloc_alg_t * mp)
+{
+ snat_main_t *sm = &snat_main;
+ vl_api_nat_get_addr_and_port_alloc_alg_reply_t *rmp;
+ int rv = 0;
+
+ /* *INDENT-OFF* */
+ REPLY_MACRO2 (VL_API_NAT_GET_ADDR_AND_PORT_ALLOC_ALG_REPLY,
+ ({
+ rmp->alg = sm->addr_and_port_alloc_alg;
+ rmp->psid_offset = sm->psid_offset;
+ rmp->psid_length = sm->psid_length;
+ rmp->psid = htons (sm->psid);
+ rmp->start_port = htons (sm->start_port);
+ rmp->end_port = htons (sm->end_port);
+ }))
+ /* *INDENT-ON* */
+}
+
+static void *vl_api_nat_get_addr_and_port_alloc_alg_t_print
+ (vl_api_nat_get_addr_and_port_alloc_alg_t * mp, void *handle)
+{
+ u8 *s;
+
+ s = format (0, "SCRIPT: nat_get_addr_and_port_alloc_alg");
+
+ FINISH;
+}
+
/*************/
/*** NAT44 ***/
/*************/
@@ -2990,8 +3079,10 @@ _(NAT_IPFIX_ENABLE_DISABLE, nat_ipfix_enable_disable) \
_(NAT_SET_REASS, nat_set_reass) \
_(NAT_GET_REASS, nat_get_reass) \
_(NAT_REASS_DUMP, nat_reass_dump) \
-_(NAT_SET_TIMEOUTS, nat_set_timeouts) \
-_(NAT_GET_TIMEOUTS, nat_get_timeouts) \
+_(NAT_SET_TIMEOUTS, nat_set_timeouts) \
+_(NAT_GET_TIMEOUTS, nat_get_timeouts) \
+_(NAT_SET_ADDR_AND_PORT_ALLOC_ALG, nat_set_addr_and_port_alloc_alg) \
+_(NAT_GET_ADDR_AND_PORT_ALLOC_ALG, nat_get_addr_and_port_alloc_alg) \
_(NAT44_ADD_DEL_ADDRESS_RANGE, nat44_add_del_address_range) \
_(NAT44_INTERFACE_ADD_DEL_FEATURE, nat44_interface_add_del_feature) \
_(NAT44_ADD_DEL_STATIC_MAPPING, nat44_add_del_static_mapping) \