diff options
Diffstat (limited to 'src/plugins/nat/lib')
| -rw-r--r-- | src/plugins/nat/lib/alloc.h | 3 | ||||
| -rw-r--r-- | src/plugins/nat/lib/inlines.h | 53 | ||||
| -rw-r--r-- | src/plugins/nat/lib/ipfix_logging.c | 295 | ||||
| -rw-r--r-- | src/plugins/nat/lib/ipfix_logging.h | 18 | ||||
| -rw-r--r-- | src/plugins/nat/lib/lib.c | 1 | ||||
| -rw-r--r-- | src/plugins/nat/lib/lib.h | 51 | ||||
| -rw-r--r-- | src/plugins/nat/lib/log.h | 15 | ||||
| -rw-r--r-- | src/plugins/nat/lib/nat_proto.h | 76 | ||||
| -rw-r--r-- | src/plugins/nat/lib/nat_syslog.c | 109 | ||||
| -rw-r--r-- | src/plugins/nat/lib/nat_syslog.h | 13 | ||||
| -rw-r--r-- | src/plugins/nat/lib/nat_syslog_constants.h | 62 |
11 files changed, 320 insertions, 376 deletions
diff --git a/src/plugins/nat/lib/alloc.h b/src/plugins/nat/lib/alloc.h index a9a2c15fedc..882809e829c 100644 --- a/src/plugins/nat/lib/alloc.h +++ b/src/plugins/nat/lib/alloc.h @@ -21,6 +21,7 @@ #define included_nat_lib_alloc_h__ #include <vnet/ip/ip.h> +#include <nat/lib/nat_proto.h> typedef struct nat_ip4_pool_addr_s nat_ip4_pool_addr_t; typedef struct nat_ip4_addr_port_s nat_ip4_addr_port_t; @@ -41,14 +42,12 @@ struct nat_ip4_pool_addr_s { ip4_address_t addr; u32 fib_index; -/* *INDENT-OFF* */ #define _(N, i, n, s) \ u16 busy_##n##_ports; \ u16 * busy_##n##_ports_per_thread; \ uword * busy_##n##_port_bitmap; foreach_nat_protocol #undef _ -/* *INDENT-ON* */ }; struct nat_ip4_addr_port_s diff --git a/src/plugins/nat/lib/inlines.h b/src/plugins/nat/lib/inlines.h index fe1f7dd27bc..24e3ba83a5b 100644 --- a/src/plugins/nat/lib/inlines.h +++ b/src/plugins/nat/lib/inlines.h @@ -20,51 +20,18 @@ #include <vnet/ip/icmp46_packet.h> -always_inline nat_protocol_t -ip_proto_to_nat_proto (u8 ip_proto) -{ - static const nat_protocol_t lookup_table[256] = { - [IP_PROTOCOL_TCP] = NAT_PROTOCOL_TCP, - [IP_PROTOCOL_UDP] = NAT_PROTOCOL_UDP, - [IP_PROTOCOL_ICMP] = NAT_PROTOCOL_ICMP, - [IP_PROTOCOL_ICMP6] = NAT_PROTOCOL_ICMP, - }; - - return lookup_table[ip_proto]; -} - -static_always_inline u8 -nat_proto_to_ip_proto (nat_protocol_t nat_proto) -{ - ASSERT (nat_proto <= NAT_PROTOCOL_ICMP); - - static const u8 lookup_table[256] = { - [NAT_PROTOCOL_OTHER] = ~0, - [NAT_PROTOCOL_TCP] = IP_PROTOCOL_TCP, - [NAT_PROTOCOL_UDP] = IP_PROTOCOL_UDP, - [NAT_PROTOCOL_ICMP] = IP_PROTOCOL_ICMP, - }; - - ASSERT (NAT_PROTOCOL_OTHER == nat_proto || NAT_PROTOCOL_TCP == nat_proto - || NAT_PROTOCOL_UDP == nat_proto || NAT_PROTOCOL_ICMP == nat_proto); - - return lookup_table[nat_proto]; -} - -static_always_inline u8 +static_always_inline u64 icmp_type_is_error_message (u8 icmp_type) { - switch (icmp_type) - { - case ICMP4_destination_unreachable: - case ICMP4_time_exceeded: - case ICMP4_parameter_problem: - case ICMP4_source_quench: - case ICMP4_redirect: - case ICMP4_alternate_host_address: - return 1; - } - return 0; + int bmp = 0; + bmp |= 1 << ICMP4_destination_unreachable; + bmp |= 1 << ICMP4_time_exceeded; + bmp |= 1 << ICMP4_parameter_problem; + bmp |= 1 << ICMP4_source_quench; + bmp |= 1 << ICMP4_redirect; + bmp |= 1 << ICMP4_alternate_host_address; + + return (1ULL << icmp_type) & bmp; } #endif /* included_nat_inlines_h__ */ diff --git a/src/plugins/nat/lib/ipfix_logging.c b/src/plugins/nat/lib/ipfix_logging.c index 6e5e4b6c750..593fa09f7e2 100644 --- a/src/plugins/nat/lib/ipfix_logging.c +++ b/src/plugins/nat/lib/ipfix_logging.c @@ -51,7 +51,7 @@ typedef struct u8 nat_event; u32 src_ip; u32 nat_src_ip; - nat_protocol_t nat_proto; + ip_protocol_t proto; u16 src_port; u16 nat_src_port; u32 vrf_id; @@ -143,12 +143,9 @@ do { \ * @returns template packet */ static inline u8 * -nat_template_rewrite (flow_report_main_t * frm, - flow_report_t * fr, - ip4_address_t * collector_address, - ip4_address_t * src_address, - u16 collector_port, - nat_event_t event, quota_exceed_event_t quota_event) +nat_template_rewrite (ipfix_exporter_t *exp, flow_report_t *fr, + u16 collector_port, nat_event_t event, + quota_exceed_event_t quota_event) { nat_ipfix_logging_main_t *silm = &nat_ipfix_logging_main; ip4_header_t *ip; @@ -164,7 +161,7 @@ nat_template_rewrite (flow_report_main_t * frm, flow_report_stream_t *stream; u32 stream_index; - stream = &frm->streams[fr->stream_index]; + stream = &exp->streams[fr->stream_index]; stream_index = clib_atomic_fetch_or(&silm->stream_index, 0); clib_atomic_cmp_and_swap (&silm->stream_index, @@ -241,8 +238,8 @@ nat_template_rewrite (flow_report_main_t * frm, ip->ip_version_and_header_length = 0x45; ip->ttl = 254; ip->protocol = IP_PROTOCOL_UDP; - ip->src_address.as_u32 = src_address->as_u32; - ip->dst_address.as_u32 = collector_address->as_u32; + ip->src_address.as_u32 = exp->src_address.ip.ip4.as_u32; + ip->dst_address.as_u32 = exp->ipfix_collector.ip.ip4.as_u32; udp->src_port = clib_host_to_net_u16 (stream->src_port); udp->dst_port = clib_host_to_net_u16 (collector_port); udp->length = clib_host_to_net_u16 (vec_len (rewrite) - sizeof (*ip)); @@ -390,97 +387,72 @@ nat_template_rewrite (flow_report_main_t * frm, } u8 * -nat_template_rewrite_addr_exhausted (flow_report_main_t * frm, - flow_report_t * fr, - ip4_address_t * collector_address, - ip4_address_t * src_address, - u16 collector_port, - ipfix_report_element_t *elts, - u32 n_elts, u32 *stream_index) +nat_template_rewrite_addr_exhausted (ipfix_exporter_t *exp, flow_report_t *fr, + u16 collector_port, + ipfix_report_element_t *elts, u32 n_elts, + u32 *stream_index) { - return nat_template_rewrite (frm, fr, collector_address, src_address, - collector_port, NAT_ADDRESSES_EXHAUTED, 0); + return nat_template_rewrite (exp, fr, collector_port, NAT_ADDRESSES_EXHAUTED, + 0); } u8 * -nat_template_rewrite_nat44_session (flow_report_main_t * frm, - flow_report_t * fr, - ip4_address_t * collector_address, - ip4_address_t * src_address, - u16 collector_port, - ipfix_report_element_t *elts, - u32 n_elts, u32 *stream_index) +nat_template_rewrite_nat44_session (ipfix_exporter_t *exp, flow_report_t *fr, + u16 collector_port, + ipfix_report_element_t *elts, u32 n_elts, + u32 *stream_index) { - return nat_template_rewrite (frm, fr, collector_address, src_address, - collector_port, NAT44_SESSION_CREATE, 0); + return nat_template_rewrite (exp, fr, collector_port, NAT44_SESSION_CREATE, + 0); } u8 * -nat_template_rewrite_max_entries_per_usr (flow_report_main_t * frm, - flow_report_t * fr, - ip4_address_t * collector_address, - ip4_address_t * src_address, - u16 collector_port, - ipfix_report_element_t *elts, - u32 n_elts, u32 *stream_index) +nat_template_rewrite_max_entries_per_usr ( + ipfix_exporter_t *exp, flow_report_t *fr, ip4_address_t *collector_address, + ip4_address_t *src_address, u16 collector_port, ipfix_report_element_t *elts, + u32 n_elts, u32 *stream_index) { - return nat_template_rewrite (frm, fr, collector_address, src_address, - collector_port, QUOTA_EXCEEDED, - MAX_ENTRIES_PER_USER); + return nat_template_rewrite (exp, fr, collector_port, QUOTA_EXCEEDED, + MAX_ENTRIES_PER_USER); } u8 * -nat_template_rewrite_max_sessions (flow_report_main_t * frm, - flow_report_t * fr, - ip4_address_t * collector_address, - ip4_address_t * src_address, +nat_template_rewrite_max_sessions (ipfix_exporter_t *exp, flow_report_t *fr, u16 collector_port, - ipfix_report_element_t *elts, - u32 n_elts, u32 *stream_index) + ipfix_report_element_t *elts, u32 n_elts, + u32 *stream_index) { - return nat_template_rewrite (frm, fr, collector_address, src_address, - collector_port, QUOTA_EXCEEDED, - MAX_SESSION_ENTRIES); + return nat_template_rewrite (exp, fr, collector_port, QUOTA_EXCEEDED, + MAX_SESSION_ENTRIES); } u8 * -nat_template_rewrite_max_bibs (flow_report_main_t * frm, - flow_report_t * fr, - ip4_address_t * collector_address, - ip4_address_t * src_address, +nat_template_rewrite_max_bibs (ipfix_exporter_t *exp, flow_report_t *fr, u16 collector_port, - ipfix_report_element_t *elts, - u32 n_elts, u32 *stream_index) + ipfix_report_element_t *elts, u32 n_elts, + u32 *stream_index) { - return nat_template_rewrite (frm, fr, collector_address, src_address, - collector_port, QUOTA_EXCEEDED, - MAX_BIB_ENTRIES); + return nat_template_rewrite (exp, fr, collector_port, QUOTA_EXCEEDED, + MAX_BIB_ENTRIES); } u8 * -nat_template_rewrite_nat64_bib (flow_report_main_t * frm, - flow_report_t * fr, - ip4_address_t * collector_address, - ip4_address_t * src_address, - u16 collector_port, - ipfix_report_element_t *elts, - u32 n_elts, u32 *stream_index) +nat_template_rewrite_nat64_bib (ipfix_exporter_t *exp, flow_report_t *fr, + u16 collector_port, + ipfix_report_element_t *elts, u32 n_elts, + u32 *stream_index) { - return nat_template_rewrite (frm, fr, collector_address, src_address, - collector_port, NAT64_BIB_CREATE, 0); + return nat_template_rewrite (exp, fr, collector_port, NAT64_BIB_CREATE, 0); } u8 * -nat_template_rewrite_nat64_session (flow_report_main_t * frm, - flow_report_t * fr, - ip4_address_t * collector_address, - ip4_address_t * src_address, - u16 collector_port, - ipfix_report_element_t *elts, - u32 n_elts, u32 *stream_index) +nat_template_rewrite_nat64_session (ipfix_exporter_t *exp, flow_report_t *fr, + u16 collector_port, + ipfix_report_element_t *elts, u32 n_elts, + u32 *stream_index) { - return nat_template_rewrite (frm, fr, collector_address, src_address, - collector_port, NAT64_SESSION_CREATE, 0); + return nat_template_rewrite (exp, fr, collector_port, NAT64_SESSION_CREATE, + 0); } static inline void @@ -497,16 +469,17 @@ nat_ipfix_header_create (flow_report_main_t * frm, ip4_header_t *ip; udp_header_t *udp; vlib_main_t *vm = vlib_get_main (); - + ipfix_exporter_t *exp = pool_elt_at_index (frm->exporters, 0); + stream_index = clib_atomic_fetch_or(&silm->stream_index, 0); - stream = &frm->streams[stream_index]; + stream = &exp->streams[stream_index]; b0->current_data = 0; b0->current_length = sizeof (*ip) + sizeof (*udp) + sizeof (*h) + sizeof (*s); b0->flags |= (VLIB_BUFFER_TOTAL_LENGTH_VALID | VNET_BUFFER_F_FLOW_REPORT); vnet_buffer (b0)->sw_if_index[VLIB_RX] = 0; - vnet_buffer (b0)->sw_if_index[VLIB_TX] = frm->fib_index; + vnet_buffer (b0)->sw_if_index[VLIB_TX] = exp->fib_index; tp = vlib_buffer_get_current (b0); ip = (ip4_header_t *) & tp->ip4; udp = (udp_header_t *) (ip + 1); @@ -517,10 +490,10 @@ nat_ipfix_header_create (flow_report_main_t * frm, ip->ttl = 254; ip->protocol = IP_PROTOCOL_UDP; ip->flags_and_fragment_offset = 0; - ip->src_address.as_u32 = frm->src_address.as_u32; - ip->dst_address.as_u32 = frm->ipfix_collector.as_u32; + ip->src_address.as_u32 = exp->src_address.ip.ip4.as_u32; + ip->dst_address.as_u32 = exp->ipfix_collector.ip.ip4.as_u32; udp->src_port = clib_host_to_net_u16 (stream->src_port); - udp->dst_port = clib_host_to_net_u16 (frm->collector_port); + udp->dst_port = clib_host_to_net_u16 (exp->collector_port); udp->checksum = 0; h->export_time = clib_host_to_net_u32 ((u32) @@ -545,6 +518,7 @@ nat_ipfix_send (flow_report_main_t *frm, vlib_frame_t *f, vlib_buffer_t *b0, ip4_header_t *ip; udp_header_t *udp; vlib_main_t *vm = vlib_get_main (); + ipfix_exporter_t *exp = pool_elt_at_index (frm->exporters, 0); tp = vlib_buffer_get_current (b0); ip = (ip4_header_t *) & tp->ip4; @@ -563,7 +537,7 @@ nat_ipfix_send (flow_report_main_t *frm, vlib_frame_t *f, vlib_buffer_t *b0, ip->checksum = ip4_header_checksum (ip); udp->length = clib_host_to_net_u16 (b0->current_length - sizeof (*ip)); - if (frm->udp_checksum) + if (exp->udp_checksum) { udp->checksum = ip4_tcp_udp_compute_checksum (vm, b0, ip); if (udp->checksum == 0) @@ -577,9 +551,8 @@ nat_ipfix_send (flow_report_main_t *frm, vlib_frame_t *f, vlib_buffer_t *b0, static void nat_ipfix_logging_nat44_ses (u32 thread_index, u8 nat_event, u32 src_ip, - u32 nat_src_ip, nat_protocol_t nat_proto, - u16 src_port, u16 nat_src_port, u32 fib_index, - int do_flush) + u32 nat_src_ip, ip_protocol_t proto, u16 src_port, + u16 nat_src_port, u32 fib_index, int do_flush) { nat_ipfix_logging_main_t *silm = &nat_ipfix_logging_main; nat_ipfix_per_thread_data_t *sitd = &silm->per_thread_data[thread_index]; @@ -590,11 +563,9 @@ nat_ipfix_logging_nat44_ses (u32 thread_index, u8 nat_event, u32 src_ip, u32 offset; vlib_main_t *vm = vlib_get_main (); u64 now; - u8 proto; u16 template_id; u32 vrf_id; - - proto = nat_proto_to_ip_proto (nat_proto); + ipfix_exporter_t *exp = pool_elt_at_index (frm->exporters, 0); now = (u64) ((vlib_time_now (vm) - silm->vlib_time_0) * 1e3); now += silm->milisecond_time_0; @@ -667,8 +638,8 @@ nat_ipfix_logging_nat44_ses (u32 thread_index, u8 nat_event, u32 src_ip, b0->current_length += NAT44_SESSION_CREATE_LEN; } - if (PREDICT_FALSE - (do_flush || (offset + NAT44_SESSION_CREATE_LEN) > frm->path_mtu)) + if (PREDICT_FALSE (do_flush || + (offset + NAT44_SESSION_CREATE_LEN) > exp->path_mtu)) { template_id = clib_atomic_fetch_or ( &silm->nat44_session_template_id, @@ -695,6 +666,7 @@ nat_ipfix_logging_addr_exhausted (u32 thread_index, u32 pool_id, int do_flush) u64 now; u8 nat_event = NAT_ADDRESSES_EXHAUTED; u16 template_id; + ipfix_exporter_t *exp = pool_elt_at_index (frm->exporters, 0); now = (u64) ((vlib_time_now (vm) - silm->vlib_time_0) * 1e3); now += silm->milisecond_time_0; @@ -750,8 +722,8 @@ nat_ipfix_logging_addr_exhausted (u32 thread_index, u32 pool_id, int do_flush) b0->current_length += NAT_ADDRESSES_EXHAUTED_LEN; } - if (PREDICT_FALSE - (do_flush || (offset + NAT_ADDRESSES_EXHAUTED_LEN) > frm->path_mtu)) + if (PREDICT_FALSE (do_flush || + (offset + NAT_ADDRESSES_EXHAUTED_LEN) > exp->path_mtu)) { template_id = clib_atomic_fetch_or ( &silm->addr_exhausted_template_id, @@ -780,6 +752,7 @@ nat_ipfix_logging_max_entries_per_usr (u32 thread_index, u8 nat_event = QUOTA_EXCEEDED; u32 quota_event = clib_host_to_net_u32 (MAX_ENTRIES_PER_USER); u16 template_id; + ipfix_exporter_t *exp = pool_elt_at_index (frm->exporters, 0); now = (u64) ((vlib_time_now (vm) - silm->vlib_time_0) * 1e3); now += silm->milisecond_time_0; @@ -842,8 +815,8 @@ nat_ipfix_logging_max_entries_per_usr (u32 thread_index, b0->current_length += MAX_ENTRIES_PER_USER_LEN; } - if (PREDICT_FALSE - (do_flush || (offset + MAX_ENTRIES_PER_USER_LEN) > frm->path_mtu)) + if (PREDICT_FALSE (do_flush || + (offset + MAX_ENTRIES_PER_USER_LEN) > exp->path_mtu)) { template_id = clib_atomic_fetch_or ( &silm->max_entries_per_user_template_id, @@ -871,6 +844,7 @@ nat_ipfix_logging_max_ses (u32 thread_index, u32 limit, int do_flush) u8 nat_event = QUOTA_EXCEEDED; u32 quota_event = clib_host_to_net_u32 (MAX_SESSION_ENTRIES); u16 template_id; + ipfix_exporter_t *exp = pool_elt_at_index (frm->exporters, 0); now = (u64) ((vlib_time_now (vm) - silm->vlib_time_0) * 1e3); now += silm->milisecond_time_0; @@ -930,8 +904,7 @@ nat_ipfix_logging_max_ses (u32 thread_index, u32 limit, int do_flush) b0->current_length += MAX_SESSIONS_LEN; } - if (PREDICT_FALSE - (do_flush || (offset + MAX_SESSIONS_LEN) > frm->path_mtu)) + if (PREDICT_FALSE (do_flush || (offset + MAX_SESSIONS_LEN) > exp->path_mtu)) { template_id = clib_atomic_fetch_or ( &silm->max_sessions_template_id, @@ -959,6 +932,7 @@ nat_ipfix_logging_max_bib (u32 thread_index, u32 limit, int do_flush) u8 nat_event = QUOTA_EXCEEDED; u32 quota_event = clib_host_to_net_u32 (MAX_BIB_ENTRIES); u16 template_id; + ipfix_exporter_t *exp = pool_elt_at_index (frm->exporters, 0); now = (u64) ((vlib_time_now (vm) - silm->vlib_time_0) * 1e3); now += silm->milisecond_time_0; @@ -1018,8 +992,7 @@ nat_ipfix_logging_max_bib (u32 thread_index, u32 limit, int do_flush) b0->current_length += MAX_BIBS_LEN; } - if (PREDICT_FALSE - (do_flush || (offset + MAX_BIBS_LEN) > frm->path_mtu)) + if (PREDICT_FALSE (do_flush || (offset + MAX_BIBS_LEN) > exp->path_mtu)) { template_id = clib_atomic_fetch_or ( &silm->max_bibs_template_id, @@ -1048,6 +1021,7 @@ nat_ipfix_logging_nat64_bibe (u32 thread_index, u8 nat_event, vlib_main_t *vm = vlib_get_main (); u64 now; u16 template_id; + ipfix_exporter_t *exp = pool_elt_at_index (frm->exporters, 0); now = (u64) ((vlib_time_now (vm) - silm->vlib_time_0) * 1e3); now += silm->milisecond_time_0; @@ -1119,8 +1093,7 @@ nat_ipfix_logging_nat64_bibe (u32 thread_index, u8 nat_event, b0->current_length += NAT64_BIB_LEN; } - if (PREDICT_FALSE - (do_flush || (offset + NAT64_BIB_LEN) > frm->path_mtu)) + if (PREDICT_FALSE (do_flush || (offset + NAT64_BIB_LEN) > exp->path_mtu)) { template_id = clib_atomic_fetch_or ( &silm->nat64_bib_template_id, @@ -1151,6 +1124,7 @@ nat_ipfix_logging_nat64_ses (u32 thread_index, u8 nat_event, vlib_main_t *vm = vlib_get_main (); u64 now; u16 template_id; + ipfix_exporter_t *exp = pool_elt_at_index (frm->exporters, 0); now = (u64) ((vlib_time_now (vm) - silm->vlib_time_0) * 1e3); now += silm->milisecond_time_0; @@ -1234,8 +1208,7 @@ nat_ipfix_logging_nat64_ses (u32 thread_index, u8 nat_event, b0->current_length += NAT64_SES_LEN; } - if (PREDICT_FALSE - (do_flush || (offset + NAT64_SES_LEN) > frm->path_mtu)) + if (PREDICT_FALSE (do_flush || (offset + NAT64_SES_LEN) > exp->path_mtu)) { template_id = clib_atomic_fetch_or ( &silm->nat64_ses_template_id, @@ -1307,54 +1280,34 @@ nat_ipfix_flush_from_main (void) /** * @brief Generate NAT44 session create event - * - * @param thread_index thread index - * @param src_ip source IPv4 address - * @param nat_src_ip transaltes source IPv4 address - * @param nat_proto NAT transport protocol - * @param src_port source port - * @param nat_src_port translated source port - * @param vrf_id VRF ID */ void -nat_ipfix_logging_nat44_ses_create (u32 thread_index, - u32 src_ip, - u32 nat_src_ip, - nat_protocol_t nat_proto, - u16 src_port, - u16 nat_src_port, u32 fib_index) +nat_ipfix_logging_nat44_ses_create (u32 thread_index, u32 src_ip, + u32 nat_src_ip, ip_protocol_t proto, + u16 src_port, u16 nat_src_port, + u32 fib_index) { skip_if_disabled (); nat_ipfix_logging_nat44_ses (thread_index, NAT44_SESSION_CREATE, src_ip, - nat_src_ip, nat_proto, src_port, nat_src_port, - fib_index, 0); + nat_src_ip, proto, src_port, nat_src_port, + fib_index, 0); } /** * @brief Generate NAT44 session delete event - * - * @param thread_index thread index - * @param src_ip source IPv4 address - * @param nat_src_ip transaltes source IPv4 address - * @param nat_proto NAT transport protocol - * @param src_port source port - * @param nat_src_port translated source port - * @param vrf_id VRF ID */ void -nat_ipfix_logging_nat44_ses_delete (u32 thread_index, - u32 src_ip, - u32 nat_src_ip, - nat_protocol_t nat_proto, - u16 src_port, - u16 nat_src_port, u32 fib_index) +nat_ipfix_logging_nat44_ses_delete (u32 thread_index, u32 src_ip, + u32 nat_src_ip, ip_protocol_t proto, + u16 src_port, u16 nat_src_port, + u32 fib_index) { skip_if_disabled (); nat_ipfix_logging_nat44_ses (thread_index, NAT44_SESSION_DELETE, src_ip, - nat_src_ip, nat_proto, src_port, nat_src_port, - fib_index, 0); + nat_src_ip, proto, src_port, nat_src_port, + fib_index, 0); } /** @@ -1366,9 +1319,23 @@ nat_ipfix_logging_nat44_ses_delete (u32 thread_index, void nat_ipfix_logging_addresses_exhausted (u32 thread_index, u32 pool_id) { - //TODO: This event SHOULD be rate limited + nat_ipfix_logging_main_t *silm = &nat_ipfix_logging_main; + static f64 *last_sent = 0; + skip_if_disabled (); + /* TODO: make rate configurable, use 1pps so far */ + clib_spinlock_lock_if_init (&silm->addr_exhausted_lock); + f64 now = vlib_time_now (vlib_get_main ()); + vec_validate (last_sent, pool_id); + if (now < last_sent[pool_id] + 1.0) + { + clib_spinlock_unlock_if_init (&silm->addr_exhausted_lock); + return; + } + last_sent[pool_id] = now; + clib_spinlock_unlock_if_init (&silm->addr_exhausted_lock); + nat_ipfix_logging_addr_exhausted (thread_index, pool_id, 0); } @@ -1409,9 +1376,22 @@ deterministic_nat_data_callback void nat_ipfix_logging_max_sessions (u32 thread_index, u32 limit) { - //TODO: This event SHOULD be rate limited + nat_ipfix_logging_main_t *silm = &nat_ipfix_logging_main; + static f64 last_sent = 0; + skip_if_disabled (); + /* TODO: make rate configurable, use 1pps so far */ + clib_spinlock_lock_if_init (&silm->max_sessions_lock); + f64 now = vlib_time_now (vlib_get_main ()); + if (now < last_sent + 1.0) + { + clib_spinlock_unlock_if_init (&silm->max_sessions_lock); + return; + } + last_sent = now; + clib_spinlock_unlock_if_init (&silm->max_sessions_lock); + nat_ipfix_logging_max_ses (thread_index, limit, 0); } @@ -1424,9 +1404,22 @@ nat_ipfix_logging_max_sessions (u32 thread_index, u32 limit) void nat_ipfix_logging_max_bibs (u32 thread_index, u32 limit) { - //TODO: This event SHOULD be rate limited + nat_ipfix_logging_main_t *silm = &nat_ipfix_logging_main; + static f64 last_sent = 0; + skip_if_disabled (); + /* TODO: make rate configurable, use 1pps so far */ + clib_spinlock_lock_if_init (&silm->max_bibs_lock); + f64 now = vlib_time_now (vlib_get_main ()); + if (now < last_sent + 1.0) + { + clib_spinlock_unlock_if_init (&silm->max_bibs_lock); + return; + } + last_sent = now; + clib_spinlock_unlock_if_init (&silm->max_bibs_lock); + nat_ipfix_logging_max_bib (thread_index, limit, 0); } @@ -1497,12 +1490,13 @@ nat_ipfix_logging_nat64_session (u32 thread_index, } vlib_frame_t * -data_callback (flow_report_main_t * frm, flow_report_t * fr, - vlib_frame_t * f, u32 * to_next, u32 node_index) +data_callback (flow_report_main_t *frm, ipfix_exporter_t *exp, + flow_report_t *fr, vlib_frame_t *f, u32 *to_next, + u32 node_index) { nat_ipfix_logging_main_t *silm = &nat_ipfix_logging_main; - if (PREDICT_FALSE (++silm->call_counter >= vec_len (frm->reports))) + if (PREDICT_FALSE (++silm->call_counter >= vec_len (exp->reports))) { nat_ipfix_flush_from_main(); silm->call_counter = 0; @@ -1524,7 +1518,7 @@ int nat_ipfix_logging_enable_disable (int enable, u32 domain_id, u16 src_port) { nat_ipfix_logging_main_t *silm = &nat_ipfix_logging_main; - flow_report_main_t *frm = &flow_report_main; + ipfix_exporter_t *exp = &flow_report_main.exporters[0]; vnet_flow_report_add_del_args_t a; int rv; u8 e = enable ? 1 : 0; @@ -1539,7 +1533,7 @@ nat_ipfix_logging_enable_disable (int enable, u32 domain_id, u16 src_port) a.flow_data_callback = data_callback; a.rewrite_callback = nat_template_rewrite_nat44_session; - rv = vnet_flow_report_add_del (frm, &a, NULL); + rv = vnet_flow_report_add_del (exp, &a, NULL); if (rv) { //nat_elog_warn_X1 ("vnet_flow_report_add_del returned %d", "i4", rv); @@ -1547,7 +1541,7 @@ nat_ipfix_logging_enable_disable (int enable, u32 domain_id, u16 src_port) } a.rewrite_callback = nat_template_rewrite_addr_exhausted; - rv = vnet_flow_report_add_del (frm, &a, NULL); + rv = vnet_flow_report_add_del (exp, &a, NULL); if (rv) { //nat_elog_warn_X1 ("vnet_flow_report_add_del returned %d", "i4", rv); @@ -1555,7 +1549,7 @@ nat_ipfix_logging_enable_disable (int enable, u32 domain_id, u16 src_port) } a.rewrite_callback = nat_template_rewrite_max_sessions; - rv = vnet_flow_report_add_del (frm, &a, NULL); + rv = vnet_flow_report_add_del (exp, &a, NULL); if (rv) { //nat_elog_warn_X1 ("vnet_flow_report_add_del returned %d", "i4", rv); @@ -1563,7 +1557,7 @@ nat_ipfix_logging_enable_disable (int enable, u32 domain_id, u16 src_port) } a.rewrite_callback = nat_template_rewrite_max_bibs; - rv = vnet_flow_report_add_del (frm, &a, NULL); + rv = vnet_flow_report_add_del (exp, &a, NULL); if (rv) { //nat_elog_warn_X1 ("vnet_flow_report_add_del returned %d", "i4", rv); @@ -1571,7 +1565,7 @@ nat_ipfix_logging_enable_disable (int enable, u32 domain_id, u16 src_port) } a.rewrite_callback = nat_template_rewrite_nat64_bib; - rv = vnet_flow_report_add_del (frm, &a, NULL); + rv = vnet_flow_report_add_del (exp, &a, NULL); if (rv) { //nat_elog_warn_X1 ("vnet_flow_report_add_del returned %d", "i4", rv); @@ -1579,7 +1573,7 @@ nat_ipfix_logging_enable_disable (int enable, u32 domain_id, u16 src_port) } a.rewrite_callback = nat_template_rewrite_nat64_session; - rv = vnet_flow_report_add_del (frm, &a, NULL); + rv = vnet_flow_report_add_del (exp, &a, NULL); if (rv) { //nat_elog_warn_X1 ("vnet_flow_report_add_del returned %d", "i4", rv); @@ -1589,7 +1583,7 @@ nat_ipfix_logging_enable_disable (int enable, u32 domain_id, u16 src_port) // if endpoint dependent per user max entries is also required /* a.rewrite_callback = nat_template_rewrite_max_entries_per_usr; - rv = vnet_flow_report_add_del (frm, &a, NULL); + rv = vnet_flow_report_add_del (exp, &a, NULL); if (rv) { //nat_elog_warn_X1 ("vnet_flow_report_add_del returned %d", "i4", rv); @@ -1620,6 +1614,11 @@ nat_ipfix_logging_init (vlib_main_t * vm) silm->milisecond_time_0 = unix_time_now_nsec () * 1e-6; vec_validate (silm->per_thread_data, tm->n_vlib_mains - 1); + + /* Set up rate-limit */ + clib_spinlock_init (&silm->addr_exhausted_lock); + clib_spinlock_init (&silm->max_sessions_lock); + clib_spinlock_init (&silm->max_bibs_lock); } static uword @@ -1631,11 +1630,9 @@ ipfix_flush_process (vlib_main_t *vm, return 0; } -/* *INDENT-OFF* */ VLIB_REGISTER_NODE (nat_ipfix_flush_node) = { .function = ipfix_flush_process, .name = "nat-ipfix-flush", .type = VLIB_NODE_TYPE_INPUT, .state = VLIB_NODE_STATE_INTERRUPT, }; -/* *INDENT-ON* */ diff --git a/src/plugins/nat/lib/ipfix_logging.h b/src/plugins/nat/lib/ipfix_logging.h index 0b2357a2604..dc7927a160c 100644 --- a/src/plugins/nat/lib/ipfix_logging.h +++ b/src/plugins/nat/lib/ipfix_logging.h @@ -108,6 +108,10 @@ typedef struct { /** nat data callbacks call counter */ u16 call_counter; + /** rate-limit locks */ + clib_spinlock_t addr_exhausted_lock; + clib_spinlock_t max_sessions_lock; + clib_spinlock_t max_bibs_lock; } nat_ipfix_logging_main_t; extern nat_ipfix_logging_main_t nat_ipfix_logging_main; @@ -117,15 +121,13 @@ int nat_ipfix_logging_enabled (); void nat_ipfix_logging_init (vlib_main_t * vm); int nat_ipfix_logging_enable_disable (int enable, u32 domain_id, u16 src_port); void nat_ipfix_logging_nat44_ses_create (u32 thread_index, u32 src_ip, - u32 nat_src_ip, - nat_protocol_t nat_proto, - u16 src_port, u16 nat_src_port, - u32 fib_index); + u32 nat_src_ip, ip_protocol_t proto, + u16 src_port, u16 nat_src_port, + u32 fib_index); void nat_ipfix_logging_nat44_ses_delete (u32 thread_index, u32 src_ip, - u32 nat_src_ip, - nat_protocol_t nat_proto, - u16 src_port, u16 nat_src_port, - u32 fib_index); + u32 nat_src_ip, ip_protocol_t proto, + u16 src_port, u16 nat_src_port, + u32 fib_index); void nat_ipfix_logging_addresses_exhausted(u32 thread_index, u32 pool_id); void nat_ipfix_logging_max_entries_per_user(u32 thread_index, u32 limit, u32 src_ip); diff --git a/src/plugins/nat/lib/lib.c b/src/plugins/nat/lib/lib.c index d2def2cc480..30bafac73c0 100644 --- a/src/plugins/nat/lib/lib.c +++ b/src/plugins/nat/lib/lib.c @@ -14,6 +14,7 @@ */ #include <nat/lib/lib.h> +#include <nat/lib/nat_proto.h> uword unformat_nat_protocol (unformat_input_t *input, va_list *args) diff --git a/src/plugins/nat/lib/lib.h b/src/plugins/nat/lib/lib.h index b0b5229b337..dc2c43beaaf 100644 --- a/src/plugins/nat/lib/lib.h +++ b/src/plugins/nat/lib/lib.h @@ -21,6 +21,17 @@ #include <vlibapi/api.h> +typedef struct +{ + u16 identifier; + u16 sequence; +} nat_icmp_echo_header_t; + +typedef struct +{ + u16 src_port, dst_port; +} nat_tcp_udp_header_t; + /* NAT API Configuration flags */ #define foreach_nat_config_flag \ _(0x01, IS_TWICE_NAT) \ @@ -54,19 +65,6 @@ typedef enum #undef _ } nat_error_t; -#define foreach_nat_protocol \ - _ (OTHER, 0, other, "other") \ - _ (UDP, 1, udp, "udp") \ - _ (TCP, 2, tcp, "tcp") \ - _ (ICMP, 3, icmp, "icmp") - -typedef enum -{ -#define _(N, i, n, s) NAT_PROTOCOL_##N = i, - foreach_nat_protocol -#undef _ -} nat_protocol_t; - /* default protocol timeouts */ #define NAT_UDP_TIMEOUT 300 #define NAT_TCP_TRANSITORY_TIMEOUT 240 @@ -96,29 +94,6 @@ nat_reset_timeouts (nat_timeouts_t * timeouts) } static_always_inline u32 -nat_session_get_timeout (nat_timeouts_t *timeouts, nat_protocol_t proto, - u8 state) -{ - switch (proto) - { - case NAT_PROTOCOL_ICMP: - return timeouts->icmp; - case NAT_PROTOCOL_UDP: - return timeouts->udp; - case NAT_PROTOCOL_TCP: - { - if (state) - return timeouts->tcp.transitory; - else - return timeouts->tcp.established; - } - default: - return timeouts->udp; - } - return 0; -} - -static_always_inline u32 nat_calc_bihash_buckets (u32 n_elts) { n_elts = n_elts / 2.5; @@ -138,10 +113,6 @@ nat_calc_bihash_buckets (u32 n_elts) return lower_pow2; } -u8 *format_nat_protocol (u8 *s, va_list *args); - -uword unformat_nat_protocol (unformat_input_t *input, va_list *args); - #endif /* included_nat_lib_h__ */ /* * fd.io coding-style-patch-verification: ON diff --git a/src/plugins/nat/lib/log.h b/src/plugins/nat/lib/log.h index 26bd93f2589..a82028ed8bf 100644 --- a/src/plugins/nat/lib/log.h +++ b/src/plugins/nat/lib/log.h @@ -21,20 +21,7 @@ #include <vppinfra/elog.h> -#define foreach_nat_log_level \ - _ (0x00, LOG_NONE) \ - _ (0x01, LOG_ERROR) \ - _ (0x02, LOG_WARNING) \ - _ (0x03, LOG_NOTICE) \ - _ (0x04, LOG_INFO) \ - _ (0x05, LOG_DEBUG) - -typedef enum nat_log_level_t_ -{ -#define _(n, f) NAT_##f = n, - foreach_nat_log_level -#undef _ -} nat_log_level_t; +#include <nat/lib/nat_types.api_types.h> #define nat_elog(_pm, _level, _str) \ do \ diff --git a/src/plugins/nat/lib/nat_proto.h b/src/plugins/nat/lib/nat_proto.h new file mode 100644 index 00000000000..4b57b994e22 --- /dev/null +++ b/src/plugins/nat/lib/nat_proto.h @@ -0,0 +1,76 @@ +/* + * Copyright (c) 2021 Cisco and/or its affiliates. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#ifndef included_nat_proto_h__ +#define included_nat_proto_h__ + +#include <vnet/ip/ip.h> + +#define foreach_nat_protocol \ + _ (OTHER, 0, other, "other") \ + _ (UDP, 1, udp, "udp") \ + _ (TCP, 2, tcp, "tcp") \ + _ (ICMP, 3, icmp, "icmp") + +typedef enum +{ +#define _(N, i, n, s) NAT_PROTOCOL_##N = i, + foreach_nat_protocol +#undef _ + NAT_N_PROTOCOLS +} nat_protocol_t; + +always_inline nat_protocol_t +ip_proto_to_nat_proto (ip_protocol_t ip_proto) +{ + static const nat_protocol_t lookup_table[256] = { + [IP_PROTOCOL_TCP] = NAT_PROTOCOL_TCP, + [IP_PROTOCOL_UDP] = NAT_PROTOCOL_UDP, + [IP_PROTOCOL_ICMP] = NAT_PROTOCOL_ICMP, + [IP_PROTOCOL_ICMP6] = NAT_PROTOCOL_ICMP, + }; + + return lookup_table[ip_proto]; +} + +static_always_inline ip_protocol_t +nat_proto_to_ip_proto (nat_protocol_t nat_proto) +{ + ASSERT (nat_proto <= NAT_PROTOCOL_ICMP); + + static const u8 lookup_table[256] = { + [NAT_PROTOCOL_OTHER] = ~0, + [NAT_PROTOCOL_TCP] = IP_PROTOCOL_TCP, + [NAT_PROTOCOL_UDP] = IP_PROTOCOL_UDP, + [NAT_PROTOCOL_ICMP] = IP_PROTOCOL_ICMP, + }; + + ASSERT (NAT_PROTOCOL_OTHER == nat_proto || NAT_PROTOCOL_TCP == nat_proto || + NAT_PROTOCOL_UDP == nat_proto || NAT_PROTOCOL_ICMP == nat_proto); + + return lookup_table[nat_proto]; +} + +u8 *format_nat_protocol (u8 *s, va_list *args); + +uword unformat_nat_protocol (unformat_input_t *input, va_list *args); + +#endif /* included_nat_proto_h__ */ +/* + * fd.io coding-style-patch-verification: ON + * + * Local Variables: + * eval: (c-set-style "gnu") + * End: + */ diff --git a/src/plugins/nat/lib/nat_syslog.c b/src/plugins/nat/lib/nat_syslog.c index 2c395bf7fd8..98777ebf280 100644 --- a/src/plugins/nat/lib/nat_syslog.c +++ b/src/plugins/nat/lib/nat_syslog.c @@ -23,38 +23,7 @@ #include <nat/lib/nat_syslog.h> #include <nat/lib/inlines.h> -#define NAT_FACILITY SYSLOG_FACILITY_LOCAL0 - -#define NAT_APPNAME "NAT" - -#define SADD_SDEL_SEVERITY SYSLOG_SEVERITY_INFORMATIONAL -#define APMADD_APMDEL_SEVERITY SYSLOG_SEVERITY_INFORMATIONAL - -#define SADD_MSGID "SADD" -#define SDEL_MSGID "SDEL" -#define APMADD_MSGID "APMADD" -#define APMDEL_MSGID "APMDEL" - -#define NSESS_SDID "nsess" -#define NAPMAP_SDID "napmap" - -#define SSUBIX_SDPARAM_NAME "SSUBIX" -#define SVLAN_SDPARAM_NAME "SVLAN" -#define IATYP_SDPARAM_NAME "IATYP" -#define ISADDR_SDPARAM_NAME "ISADDR" -#define ISPORT_SDPARAM_NAME "ISPORT" -#define IDADDR_SDPARAM_NAME "IDADDR" -#define IDPORT_SDPARAM_NAME "IDPORT" -#define XATYP_SDPARAM_NAME "XATYP" -#define XSADDR_SDPARAM_NAME "XSADDR" -#define XSPORT_SDPARAM_NAME "XSPORT" -#define XDADDR_SDPARAM_NAME "XDADDR" -#define XDPORT_SDPARAM_NAME "XDPORT" -#define PROTO_SDPARAM_NAME "PROTO" -#define SV6ENC_SDPARAM_NAME "SV6ENC" - -#define IATYP_IPV4 "IPv4" -#define IATYP_IPV6 "IPv6" +#include <nat/lib/nat_syslog_constants.h> static inline void nat_syslog_nat44_apmap (u32 ssubix, u32 sfibix, ip4_address_t * isaddr, @@ -142,82 +111,6 @@ nat_syslog_dslite_apmdel (u32 ssubix, ip6_address_t * sv6enc, } static inline void -nat_syslog_nat44_sess (u32 ssubix, u32 sfibix, ip4_address_t * isaddr, - u16 isport, ip4_address_t * xsaddr, u16 xsport, - ip4_address_t * idaddr, u16 idport, - ip4_address_t * xdaddr, u16 xdport, - nat_protocol_t proto, u8 is_add, u8 is_twicenat) -{ - syslog_msg_t syslog_msg; - fib_table_t *fib; - - if (!syslog_is_enabled ()) - return; - - if (syslog_severity_filter_block (SADD_SDEL_SEVERITY)) - return; - - fib = fib_table_get (sfibix, FIB_PROTOCOL_IP4); - - syslog_msg_init (&syslog_msg, NAT_FACILITY, SADD_SDEL_SEVERITY, NAT_APPNAME, - is_add ? SADD_MSGID : SDEL_MSGID); - - syslog_msg_sd_init (&syslog_msg, NSESS_SDID); - syslog_msg_add_sd_param (&syslog_msg, SSUBIX_SDPARAM_NAME, "%d", ssubix); - syslog_msg_add_sd_param (&syslog_msg, SVLAN_SDPARAM_NAME, "%d", - fib->ft_table_id); - syslog_msg_add_sd_param (&syslog_msg, IATYP_SDPARAM_NAME, IATYP_IPV4); - syslog_msg_add_sd_param (&syslog_msg, ISADDR_SDPARAM_NAME, "%U", - format_ip4_address, isaddr); - syslog_msg_add_sd_param (&syslog_msg, ISPORT_SDPARAM_NAME, "%d", - clib_net_to_host_u16 (isport)); - syslog_msg_add_sd_param (&syslog_msg, XATYP_SDPARAM_NAME, IATYP_IPV4); - syslog_msg_add_sd_param (&syslog_msg, XSADDR_SDPARAM_NAME, "%U", - format_ip4_address, xsaddr); - syslog_msg_add_sd_param (&syslog_msg, XSPORT_SDPARAM_NAME, "%d", - clib_net_to_host_u16 (xsport)); - syslog_msg_add_sd_param (&syslog_msg, PROTO_SDPARAM_NAME, "%d", - nat_proto_to_ip_proto (proto)); - syslog_msg_add_sd_param (&syslog_msg, XDADDR_SDPARAM_NAME, "%U", - format_ip4_address, xdaddr); - syslog_msg_add_sd_param (&syslog_msg, XDPORT_SDPARAM_NAME, "%d", - clib_net_to_host_u16 (xdport)); - if (is_twicenat) - { - syslog_msg_add_sd_param (&syslog_msg, IDADDR_SDPARAM_NAME, "%U", - format_ip4_address, idaddr); - syslog_msg_add_sd_param (&syslog_msg, IDPORT_SDPARAM_NAME, "%d", - clib_net_to_host_u16 (idport)); - } - - syslog_msg_send (&syslog_msg); -} - -void -nat_syslog_nat44_sadd (u32 ssubix, u32 sfibix, ip4_address_t * isaddr, - u16 isport, ip4_address_t * idaddr, u16 idport, - ip4_address_t * xsaddr, u16 xsport, - ip4_address_t * xdaddr, u16 xdport, - nat_protocol_t proto, u8 is_twicenat) -{ - nat_syslog_nat44_sess (ssubix, sfibix, isaddr, isport, xsaddr, xsport, - idaddr, idport, xdaddr, xdport, proto, 1, - is_twicenat); -} - -void -nat_syslog_nat44_sdel (u32 ssubix, u32 sfibix, ip4_address_t * isaddr, - u16 isport, ip4_address_t * idaddr, u16 idport, - ip4_address_t * xsaddr, u16 xsport, - ip4_address_t * xdaddr, u16 xdport, - nat_protocol_t proto, u8 is_twicenat) -{ - nat_syslog_nat44_sess (ssubix, sfibix, isaddr, isport, xsaddr, xsport, - idaddr, idport, xdaddr, xdport, proto, 0, - is_twicenat); -} - -static inline void nat_syslog_nat64_sess (u32 sfibix, ip6_address_t * isaddr, u16 isport, ip4_address_t * xsaddr, u16 xsport, ip4_address_t * xdaddr, u16 xdport, diff --git a/src/plugins/nat/lib/nat_syslog.h b/src/plugins/nat/lib/nat_syslog.h index 9721664cf54..f929bf310b4 100644 --- a/src/plugins/nat/lib/nat_syslog.h +++ b/src/plugins/nat/lib/nat_syslog.h @@ -20,6 +20,7 @@ #define __included_nat_syslog_h__ #include <nat/lib/lib.h> +#include <nat/lib/nat_proto.h> void nat_syslog_nat44_apmadd (u32 ssubix, u32 sfibix, ip4_address_t * isaddr, u16 isport, ip4_address_t * xsaddr, u16 xsport, @@ -41,18 +42,6 @@ nat_syslog_dslite_apmdel (u32 ssubix, ip6_address_t * sv6enc, ip4_address_t * xsaddr, u16 xsport, nat_protocol_t proto); -void nat_syslog_nat44_sadd (u32 ssubix, u32 sfibix, ip4_address_t * isaddr, - u16 isport, ip4_address_t * idaddr, u16 idport, - ip4_address_t * xsaddr, u16 xsport, - ip4_address_t * xdaddr, u16 xdport, - nat_protocol_t proto, u8 is_twicenat); - -void nat_syslog_nat44_sdel (u32 ssubix, u32 sfibix, ip4_address_t * isaddr, - u16 isport, ip4_address_t * idaddr, u16 idport, - ip4_address_t * xsaddr, u16 xsport, - ip4_address_t * xdaddr, u16 xdport, - nat_protocol_t proto, u8 is_twicenat); - void nat_syslog_nat64_sadd (u32 sfibix, ip6_address_t * isaddr, u16 isport, ip4_address_t * xsaddr, u16 xsport, ip4_address_t * xdaddr, u16 xdport, diff --git a/src/plugins/nat/lib/nat_syslog_constants.h b/src/plugins/nat/lib/nat_syslog_constants.h new file mode 100644 index 00000000000..eeea7d2654e --- /dev/null +++ b/src/plugins/nat/lib/nat_syslog_constants.h @@ -0,0 +1,62 @@ +/* + * Copyright (c) 2021 Cisco and/or its affiliates. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at: + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +/** + * @file + * @brief NAT syslog logging constants + */ +#ifndef __included_nat_syslog_constants_h__ +#define __included_nat_syslog_constants_h__ + +#define NAT_FACILITY SYSLOG_FACILITY_LOCAL0 + +#define NAT_APPNAME "NAT" + +#define SADD_SDEL_SEVERITY SYSLOG_SEVERITY_INFORMATIONAL +#define APMADD_APMDEL_SEVERITY SYSLOG_SEVERITY_INFORMATIONAL + +#define SADD_MSGID "SADD" +#define SDEL_MSGID "SDEL" +#define APMADD_MSGID "APMADD" +#define APMDEL_MSGID "APMDEL" + +#define NSESS_SDID "nsess" +#define NAPMAP_SDID "napmap" + +#define SSUBIX_SDPARAM_NAME "SSUBIX" +#define SVLAN_SDPARAM_NAME "SVLAN" +#define IATYP_SDPARAM_NAME "IATYP" +#define ISADDR_SDPARAM_NAME "ISADDR" +#define ISPORT_SDPARAM_NAME "ISPORT" +#define IDADDR_SDPARAM_NAME "IDADDR" +#define IDPORT_SDPARAM_NAME "IDPORT" +#define XATYP_SDPARAM_NAME "XATYP" +#define XSADDR_SDPARAM_NAME "XSADDR" +#define XSPORT_SDPARAM_NAME "XSPORT" +#define XDADDR_SDPARAM_NAME "XDADDR" +#define XDPORT_SDPARAM_NAME "XDPORT" +#define PROTO_SDPARAM_NAME "PROTO" +#define SV6ENC_SDPARAM_NAME "SV6ENC" + +#define IATYP_IPV4 "IPv4" +#define IATYP_IPV6 "IPv6" + +#endif /* __included_nat_syslog_constants_h__ */ +/* + * fd.io coding-style-patch-verification: ON + * + * Local Variables: + * eval: (c-set-style "gnu") + * End: + */ |