diff options
Diffstat (limited to 'src/plugins/nat/nat64')
| -rw-r--r-- | src/plugins/nat/nat64/nat64.c | 56 | ||||
| -rw-r--r-- | src/plugins/nat/nat64/nat64.h | 2 | ||||
| -rw-r--r-- | src/plugins/nat/nat64/nat64_api.c | 6 | ||||
| -rw-r--r-- | src/plugins/nat/nat64/nat64_cli.c | 6 | ||||
| -rw-r--r-- | src/plugins/nat/nat64/nat64_db.c | 40 | ||||
| -rw-r--r-- | src/plugins/nat/nat64/nat64_db.h | 9 | ||||
| -rw-r--r-- | src/plugins/nat/nat64/nat64_doc.md | 73 | ||||
| -rw-r--r-- | src/plugins/nat/nat64/nat64_doc.rst | 91 | ||||
| -rw-r--r-- | src/plugins/nat/nat64/nat64_in2out.c | 14 | ||||
| -rw-r--r-- | src/plugins/nat/nat64/nat64_out2in.c | 4 |
10 files changed, 110 insertions, 191 deletions
diff --git a/src/plugins/nat/nat64/nat64.c b/src/plugins/nat/nat64/nat64.c index 1c1cdfba3fb..950eea60e5e 100644 --- a/src/plugins/nat/nat64/nat64.c +++ b/src/plugins/nat/nat64/nat64.c @@ -26,7 +26,6 @@ nat64_main_t nat64_main; -/* *INDENT-OFF* */ /* Hook up input features */ VNET_FEATURE_INIT (nat64_in2out, static) = { .arc_name = "ip6-unicast", @@ -62,7 +61,6 @@ static u8 well_known_prefix[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; -/* *INDENT-ON* */ #define nat_elog_str(_str) \ do \ @@ -135,6 +133,20 @@ nat64_get_worker_in2out (ip6_address_t * addr) return next_worker_index; } +static u32 +get_thread_idx_by_port (u16 e_port) +{ + nat64_main_t *nm = &nat64_main; + u32 thread_idx = nm->num_workers; + if (nm->num_workers > 1) + { + thread_idx = nm->first_worker_index + + nm->workers[(e_port - 1024) / nm->port_per_thread % + _vec_len (nm->workers)]; + } + return thread_idx; +} + u32 nat64_get_worker_out2in (vlib_buffer_t * b, ip4_header_t * ip) { @@ -157,14 +169,12 @@ nat64_get_worker_out2in (vlib_buffer_t * b, ip4_header_t * ip) clib_memset (&daddr, 0, sizeof (daddr)); daddr.ip4.as_u32 = ip->dst_address.as_u32; - /* *INDENT-OFF* */ vec_foreach (db, nm->db) { bibe = nat64_db_bib_entry_find (db, &daddr, 0, ip->protocol, 0, 0); if (bibe) return (u32) (db - nm->db); } - /* *INDENT-ON* */ return vlib_get_thread_index (); } @@ -202,7 +212,7 @@ nat64_get_worker_out2in (vlib_buffer_t * b, ip4_header_t * ip) /* worker by outside port (TCP/UDP) */ port = clib_net_to_host_u16 (port); if (port > 1024) - return nm->first_worker_index + ((port - 1024) / nm->port_per_thread); + return get_thread_idx_by_port (port); return vlib_get_thread_index (); } @@ -282,12 +292,10 @@ nat64_init (vlib_main_t * vm) for (i = 0; i < nm->num_workers; i++) bitmap = clib_bitmap_set (bitmap, i, 1); - /* *INDENT-OFF* */ clib_bitmap_foreach (i, bitmap) { vec_add1(nm->workers, i); } - /* *INDENT-ON* */ clib_bitmap_free (bitmap); @@ -323,7 +331,6 @@ nat64_init_hash (nat64_config_t c) vec_validate (nm->db, tm->n_vlib_mains - 1); - /* *INDENT-OFF* */ vec_foreach (db, nm->db) { if (nat64_db_init (db, c, nat64_free_out_addr_and_port)) @@ -332,7 +339,6 @@ nat64_init_hash (nat64_config_t c) rv = 1; } } - /* *INDENT-ON* */ return rv; } @@ -344,7 +350,6 @@ nat64_free_hash () nat64_db_t *db; int rv = 0; - /* *INDENT-OFF* */ vec_foreach (db, nm->db) { if (nat64_db_free (db)) @@ -353,7 +358,6 @@ nat64_free_hash () rv = 1; } } - /* *INDENT-ON* */ vec_free (nm->db); @@ -408,7 +412,6 @@ nat64_add_del_pool_addr (u32 thread_index, if (a->fib_index != ~0) fib_table_unlock (a->fib_index, FIB_PROTOCOL_IP6, nm->fib_src_hi); /* Delete sessions using address */ - /* *INDENT-OFF* */ vec_foreach (db, nm->db) { nat64_db_free_out_addr (thread_index, db, &a->addr); @@ -417,12 +420,10 @@ nat64_add_del_pool_addr (u32 thread_index, vlib_set_simple_counter (&nm->total_sessions, db - nm->db, 0, db->st.st_entries_num); } - /* *INDENT-ON* */ vec_del1 (nm->addr_pool, i); } /* Add/del external address to FIB */ - /* *INDENT-OFF* */ pool_foreach (interface, nm->interfaces) { if (nat64_interface_is_inside(interface)) @@ -431,7 +432,6 @@ nat64_add_del_pool_addr (u32 thread_index, nat64_add_del_addr_to_fib (addr, 32, interface->sw_if_index, is_add); break; } - /* *INDENT-ON* */ return 0; } @@ -442,13 +442,11 @@ nat64_pool_addr_walk (nat64_pool_addr_walk_fn_t fn, void *ctx) nat64_main_t *nm = &nat64_main; nat64_address_t *a = 0; - /* *INDENT-OFF* */ vec_foreach (a, nm->addr_pool) { if (fn (a, ctx)) break; }; - /* *INDENT-ON* */ } int @@ -546,7 +544,6 @@ nat64_interface_add_del (u32 sw_if_index, u8 is_inside, u8 is_add) // TODO: is enabled ? we can't signal if it is not /* Check if interface already exists */ - /* *INDENT-OFF* */ pool_foreach (i, nm->interfaces) { if (i->sw_if_index == sw_if_index) @@ -555,7 +552,6 @@ nat64_interface_add_del (u32 sw_if_index, u8 is_inside, u8 is_add) break; } } - /* *INDENT-ON* */ if (is_add) { @@ -596,10 +592,8 @@ nat64_interface_add_del (u32 sw_if_index, u8 is_inside, u8 is_add) if (!is_inside) { - /* *INDENT-OFF* */ vec_foreach (ap, nm->addr_pool) nat64_add_del_addr_to_fib (&ap->addr, 32, sw_if_index, is_add); - /* *INDENT-ON* */ } if (nm->num_workers > 1) @@ -641,13 +635,11 @@ nat64_interfaces_walk (nat64_interface_walk_fn_t fn, void *ctx) nat64_main_t *nm = &nat64_main; nat64_interface_t *i = 0; - /* *INDENT-OFF* */ pool_foreach (i, nm->interfaces) { if (fn (i, ctx)) break; } - /* *INDENT-ON* */ } // TODO: plugin independent @@ -822,7 +814,6 @@ nat64_static_bib_worker_fn (vlib_main_t * vm, vlib_node_runtime_t * rt, nat64_db_bib_entry_t *bibe; ip46_address_t addr; - /* *INDENT-OFF* */ pool_foreach (static_bib, nm->static_bibs) { if ((static_bib->thread_index != thread_index) || (static_bib->done)) @@ -859,21 +850,18 @@ nat64_static_bib_worker_fn (vlib_main_t * vm, vlib_node_runtime_t * rt, static_bib->done = 1; } - /* *INDENT-ON* */ return 0; } static vlib_node_registration_t nat64_static_bib_worker_node; -/* *INDENT-OFF* */ VLIB_REGISTER_NODE (nat64_static_bib_worker_node, static) = { .function = nat64_static_bib_worker_fn, .type = VLIB_NODE_TYPE_INPUT, .state = VLIB_NODE_STATE_INTERRUPT, .name = "nat64-static-bib-worker", }; -/* *INDENT-ON* */ int nat64_add_del_static_bib_entry (ip6_address_t * in_addr, @@ -916,7 +904,7 @@ nat64_add_del_static_bib_entry (ip6_address_t * in_addr, /* outside port must be assigned to same thread as internall address */ if ((out_port > 1024) && (nm->num_workers > 1)) { - if (thread_index != ((out_port - 1024) / nm->port_per_thread)) + if (thread_index != get_thread_idx_by_port (out_port)) return VNET_API_ERROR_INVALID_VALUE_2; } @@ -977,7 +965,6 @@ nat64_add_del_static_bib_entry (ip6_address_t * in_addr, if (nm->num_workers) { - /* *INDENT-OFF* */ pool_foreach (static_bib, nm->static_bibs) { if (static_bib->done) @@ -985,7 +972,6 @@ nat64_add_del_static_bib_entry (ip6_address_t * in_addr, } vec_foreach (index, to_be_free) pool_put_index (nm->static_bibs, index[0]); - /* *INDENT-ON* */ vec_free (to_be_free); pool_get (nm->static_bibs, static_bib); static_bib->in_addr.as_u64[0] = in_addr->as_u64[0]; @@ -1258,13 +1244,11 @@ nat64_prefix_walk (nat64_prefix_walk_fn_t fn, void *ctx) nat64_main_t *nm = &nat64_main; nat64_prefix_t *p = 0; - /* *INDENT-OFF* */ vec_foreach (p, nm->pref64) { if (fn (p, ctx)) break; }; - /* *INDENT-ON* */ } void @@ -1273,7 +1257,6 @@ nat64_compose_ip6 (ip6_address_t * ip6, ip4_address_t * ip4, u32 fib_index) nat64_main_t *nm = &nat64_main; nat64_prefix_t *p, *gp = 0, *prefix = 0; - /* *INDENT-OFF* */ vec_foreach (p, nm->pref64) { if (p->fib_index == fib_index) @@ -1285,7 +1268,6 @@ nat64_compose_ip6 (ip6_address_t * ip6, ip4_address_t * ip4, u32 fib_index) if (p->fib_index == 0) gp = p; }; - /* *INDENT-ON* */ if (!prefix) prefix = gp; @@ -1344,7 +1326,6 @@ nat64_extract_ip4 (ip6_address_t * ip6, ip4_address_t * ip4, u32 fib_index) nat64_prefix_t *p, *gp = 0; u8 plen = 0; - /* *INDENT-OFF* */ vec_foreach (p, nm->pref64) { if (p->fib_index == fib_index) @@ -1356,7 +1337,6 @@ nat64_extract_ip4 (ip6_address_t * ip6, ip4_address_t * ip4, u32 fib_index) if (p->vrf_id == 0) gp = p; }; - /* *INDENT-ON* */ if (!plen) { @@ -1431,14 +1411,12 @@ nat64_expire_worker_walk_fn (vlib_main_t * vm, vlib_node_runtime_t * rt, return 0; } -/* *INDENT-OFF* */ VLIB_REGISTER_NODE (nat64_expire_worker_walk_node, static) = { .function = nat64_expire_worker_walk_fn, .type = VLIB_NODE_TYPE_INPUT, .state = VLIB_NODE_STATE_INTERRUPT, .name = "nat64-expire-worker-walk", }; -/* *INDENT-ON* */ /** * @brief Centralized process to drive per worker expire walk. @@ -1566,12 +1544,10 @@ nat64_plugin_disable () } nm->enabled = 0; - /* *INDENT-OFF* */ pool_foreach (i, nm->interfaces) { vec_add1 (interfaces, *i); } - /* *INDENT-ON* */ vec_foreach (i, interfaces) { rv = nat64_interface_add_del (i->sw_if_index, i->flags, 0); diff --git a/src/plugins/nat/nat64/nat64.h b/src/plugins/nat/nat64/nat64.h index 1180f9df778..9eb8d915390 100644 --- a/src/plugins/nat/nat64/nat64.h +++ b/src/plugins/nat/nat64/nat64.h @@ -93,14 +93,12 @@ typedef struct { ip4_address_t addr; u32 fib_index; -/* *INDENT-OFF* */ #define _(N, i, n, s) \ u16 busy_##n##_ports; \ u16 * busy_##n##_ports_per_thread; \ u32 busy_##n##_port_refcounts[65535]; foreach_nat_protocol #undef _ -/* *INDENT-ON* */ } nat64_address_t; typedef struct diff --git a/src/plugins/nat/nat64/nat64_api.c b/src/plugins/nat/nat64/nat64_api.c index e64b6434fd2..87cca01b59b 100644 --- a/src/plugins/nat/nat64/nat64_api.c +++ b/src/plugins/nat/nat64/nat64_api.c @@ -69,7 +69,6 @@ vl_api_nat64_get_timeouts_t_handler (vl_api_nat64_get_timeouts_t * mp) vl_api_nat64_get_timeouts_reply_t *rmp; int rv = 0; - /* *INDENT-OFF* */ REPLY_MACRO2 (VL_API_NAT64_GET_TIMEOUTS_REPLY, ({ rmp->udp = htonl (nm->udp_timeout); @@ -77,7 +76,6 @@ vl_api_nat64_get_timeouts_t_handler (vl_api_nat64_get_timeouts_t * mp) rmp->tcp_transitory = htonl (nm->tcp_trans_timeout); rmp->icmp = htonl (nm->icmp_timeout); })) - /* *INDENT-ON* */ } static void @@ -298,10 +296,8 @@ vl_api_nat64_bib_dump_t_handler (vl_api_nat64_bib_dump_t * mp) .context = mp->context, }; - /* *INDENT-OFF* */ vec_foreach (db, nm->db) nat64_db_bib_walk (db, mp->proto, nat64_api_bib_walk, &ctx); - /* *INDENT-ON* */ } static int @@ -356,13 +352,11 @@ vl_api_nat64_st_dump_t_handler (vl_api_nat64_st_dump_t * mp) .context = mp->context, }; - /* *INDENT-OFF* */ vec_foreach (db, nm->db) { ctx.db = db; nat64_db_st_walk (db, mp->proto, nat64_api_st_walk, &ctx); } - /* *INDENT-ON* */ } static void diff --git a/src/plugins/nat/nat64/nat64_cli.c b/src/plugins/nat/nat64/nat64_cli.c index 3af715c2457..2cef71080f9 100644 --- a/src/plugins/nat/nat64/nat64_cli.c +++ b/src/plugins/nat/nat64/nat64_cli.c @@ -484,10 +484,8 @@ nat64_show_bib_command_fn (vlib_main_t * vm, else vlib_cli_output (vm, "NAT64 %U BIB entries:", format_nat_protocol, proto); - /* *INDENT-OFF* */ vec_foreach (db, nm->db) nat64_db_bib_walk (db, p, nat64_cli_bib_walk, vm); - /* *INDENT-ON* */ done: unformat_free (line_input); @@ -586,13 +584,11 @@ nat64_show_st_command_fn (vlib_main_t * vm, vlib_cli_output (vm, "NAT64 sessions:"); else vlib_cli_output (vm, "NAT64 %U sessions:", format_nat_protocol, proto); - /* *INDENT-OFF* */ vec_foreach (db, nm->db) { ctx.db = db; nat64_db_st_walk (db, p, nat64_cli_st_walk, &ctx); } - /* *INDENT-ON* */ done: unformat_free (line_input); @@ -775,7 +771,6 @@ done: return error; } -/* *INDENT-OFF* */ /*? * @cliexpar * @cliexstart{nat64 plugin} @@ -983,7 +978,6 @@ VLIB_CLI_COMMAND (nat64_add_interface_address_command, static) = { .short_help = "nat64 add interface address <interface> [del]", .function = nat64_add_interface_address_command_fn, }; -/* *INDENT-ON* */ /* * fd.io coding-style-patch-verification: ON diff --git a/src/plugins/nat/nat64/nat64_db.c b/src/plugins/nat/nat64/nat64_db.c index 82ef70de5cf..e4e9febcb12 100644 --- a/src/plugins/nat/nat64/nat64_db.c +++ b/src/plugins/nat/nat64/nat64_db.c @@ -54,13 +54,11 @@ nat64_db_free (nat64_db_t * db) clib_bihash_free_48_8 (&db->st.in2out); clib_bihash_free_48_8 (&db->st.out2in); -/* *INDENT-OFF* */ #define _(N, i, n, s) \ pool_free (db->bib._##n##_bib); \ pool_free (db->st._##n##_st); foreach_nat_protocol #undef _ -/* *INDENT-ON* */ pool_free (db->bib._unk_proto_bib); pool_free (db->st._unk_proto_st); @@ -82,14 +80,13 @@ nat64_db_bib_entry_create (u32 thread_index, nat64_db_t * db, if (db->bib.bib_entries_num >= db->bib.limit) { db->free_addr_port_cb (db, out_addr, out_port, proto); - //nat_ipfix_logging_max_bibs (thread_index, db->bib.limit); + nat_ipfix_logging_max_bibs (thread_index, db->bib.limit); return 0; } /* create pool entry */ switch (ip_proto_to_nat_proto (proto)) { -/* *INDENT-OFF* */ #define _(N, i, n, s) \ case NAT_PROTOCOL_##N: \ pool_get (db->bib._##n##_bib, bibe); \ @@ -97,7 +94,6 @@ nat64_db_bib_entry_create (u32 thread_index, nat64_db_t * db, break; foreach_nat_protocol #undef _ -/* *INDENT-ON* */ default: pool_get (db->bib._unk_proto_bib, bibe); kv.value = bibe - db->bib._unk_proto_bib; @@ -155,7 +151,6 @@ nat64_db_bib_entry_free (u32 thread_index, nat64_db_t * db, switch (ip_proto_to_nat_proto (bibe->proto)) { -/* *INDENT-OFF* */ #define _(N, i, n, s) \ case NAT_PROTOCOL_##N: \ bib = db->bib._##n##_bib; \ @@ -163,7 +158,6 @@ nat64_db_bib_entry_free (u32 thread_index, nat64_db_t * db, break; foreach_nat_protocol #undef _ -/* *INDENT-ON* */ default: bib = db->bib._unk_proto_bib; st = db->st._unk_proto_st; @@ -232,14 +226,12 @@ nat64_db_bib_entry_find (nat64_db_t * db, ip46_address_t * addr, u16 port, switch (ip_proto_to_nat_proto (proto)) { -/* *INDENT-OFF* */ #define _(N, i, n, s) \ case NAT_PROTOCOL_##N: \ bib = db->bib._##n##_bib; \ break; foreach_nat_protocol #undef _ -/* *INDENT-ON* */ default: bib = db->bib._unk_proto_bib; break; @@ -271,7 +263,6 @@ nat64_db_bib_walk (nat64_db_t * db, u8 proto, if (proto == 255) { - /* *INDENT-OFF* */ #define _(N, i, n, s) \ bib = db->bib._##n##_bib; \ pool_foreach (bibe, bib) { \ @@ -285,32 +276,27 @@ nat64_db_bib_walk (nat64_db_t * db, u8 proto, if (fn (bibe, ctx)) return; } - /* *INDENT-ON* */ } else { switch (ip_proto_to_nat_proto (proto)) { - /* *INDENT-OFF* */ #define _(N, i, n, s) \ case NAT_PROTOCOL_##N: \ bib = db->bib._##n##_bib; \ break; foreach_nat_protocol #undef _ - /* *INDENT-ON* */ default: bib = db->bib._unk_proto_bib; break; } - /* *INDENT-OFF* */ pool_foreach (bibe, bib) { if (fn (bibe, ctx)) return; } - /* *INDENT-ON* */ } } @@ -321,14 +307,12 @@ nat64_db_bib_entry_by_index (nat64_db_t * db, u8 proto, u32 bibe_index) switch (ip_proto_to_nat_proto (proto)) { -/* *INDENT-OFF* */ #define _(N, i, n, s) \ case NAT_PROTOCOL_##N: \ bib = db->bib._##n##_bib; \ break; foreach_nat_protocol #undef _ -/* *INDENT-ON* */ default: bib = db->bib._unk_proto_bib; break; @@ -345,7 +329,6 @@ nat64_db_st_walk (nat64_db_t * db, u8 proto, if (proto == 255) { - /* *INDENT-OFF* */ #define _(N, i, n, s) \ st = db->st._##n##_st; \ pool_foreach (ste, st) { \ @@ -359,32 +342,27 @@ nat64_db_st_walk (nat64_db_t * db, u8 proto, if (fn (ste, ctx)) return; } - /* *INDENT-ON* */ } else { switch (ip_proto_to_nat_proto (proto)) { - /* *INDENT-OFF* */ #define _(N, i, n, s) \ case NAT_PROTOCOL_##N: \ st = db->st._##n##_st; \ break; foreach_nat_protocol #undef _ - /* *INDENT-ON* */ default: st = db->st._unk_proto_st; break; } - /* *INDENT-OFF* */ pool_foreach (ste, st) { if (fn (ste, ctx)) return; } - /* *INDENT-ON* */ } } @@ -401,14 +379,13 @@ nat64_db_st_entry_create (u32 thread_index, nat64_db_t * db, if (db->st.st_entries_num >= db->st.limit) { - //nat_ipfix_logging_max_sessions (thread_index, db->st.limit); + nat_ipfix_logging_max_sessions (thread_index, db->st.limit); return 0; } /* create pool entry */ switch (ip_proto_to_nat_proto (bibe->proto)) { -/* *INDENT-OFF* */ #define _(N, i, n, s) \ case NAT_PROTOCOL_##N: \ pool_get (db->st._##n##_st, ste); \ @@ -417,7 +394,6 @@ nat64_db_st_entry_create (u32 thread_index, nat64_db_t * db, break; foreach_nat_protocol #undef _ -/* *INDENT-ON* */ default: pool_get (db->st._unk_proto_st, ste); kv.value = ste - db->st._unk_proto_st; @@ -494,7 +470,6 @@ nat64_db_st_entry_free (u32 thread_index, switch (ip_proto_to_nat_proto (ste->proto)) { -/* *INDENT-OFF* */ #define _(N, i, n, s) \ case NAT_PROTOCOL_##N: \ st = db->st._##n##_st; \ @@ -502,7 +477,6 @@ nat64_db_st_entry_free (u32 thread_index, break; foreach_nat_protocol #undef _ -/* *INDENT-ON* */ default: st = db->st._unk_proto_st; bib = db->bib._unk_proto_bib; @@ -579,14 +553,12 @@ nat64_db_st_entry_find (nat64_db_t * db, ip46_address_t * l_addr, switch (ip_proto_to_nat_proto (proto)) { -/* *INDENT-OFF* */ #define _(N, i, n, s) \ case NAT_PROTOCOL_##N: \ st = db->st._##n##_st; \ break; foreach_nat_protocol #undef _ -/* *INDENT-ON* */ default: st = db->st._unk_proto_st; break; @@ -622,14 +594,12 @@ nat64_db_st_entry_get_index (nat64_db_t * db, nat64_db_st_entry_t * ste) switch (ip_proto_to_nat_proto (ste->proto)) { -/* *INDENT-OFF* */ #define _(N, i, n, s) \ case NAT_PROTOCOL_##N: \ st = db->st._##n##_st; \ break; foreach_nat_protocol #undef _ -/* *INDENT-ON* */ default: st = db->st._unk_proto_st; return (u32) ~ 0; @@ -645,14 +615,12 @@ nat64_db_st_entry_by_index (nat64_db_t * db, u8 proto, u32 ste_index) switch (ip_proto_to_nat_proto (proto)) { -/* *INDENT-OFF* */ #define _(N, i, n, s) \ case NAT_PROTOCOL_##N: \ st = db->st._##n##_st; \ break; foreach_nat_protocol #undef _ -/* *INDENT-ON* */ default: st = db->st._unk_proto_st; break; @@ -667,7 +635,6 @@ nad64_db_st_free_expired (u32 thread_index, nat64_db_t * db, u32 now) u32 *ste_to_be_free = 0, *ste_index; nat64_db_st_entry_t *st, *ste; -/* *INDENT-OFF* */ #define _(N, i, n, s) \ st = db->st._##n##_st; \ pool_foreach (ste, st) {\ @@ -692,7 +659,6 @@ nad64_db_st_free_expired (u32 thread_index, nat64_db_t * db, u32 now) nat64_db_st_entry_free (thread_index, db, pool_elt_at_index(st, ste_index[0])); vec_free (ste_to_be_free); -/* *INDENT-ON* */ } void @@ -704,7 +670,6 @@ nat64_db_free_out_addr (u32 thread_index, nat64_db_bib_entry_t *bibe; db->addr_free = 1; -/* *INDENT-OFF* */ #define _(N, i, n, s) \ st = db->st._##n##_st; \ pool_foreach (ste, st) { \ @@ -730,7 +695,6 @@ nat64_db_free_out_addr (u32 thread_index, pool_elt_at_index(st, ste_index[0])); vec_free (ste_to_be_free); db->addr_free = 0; -/* *INDENT-ON* */ } /* diff --git a/src/plugins/nat/nat64/nat64_db.h b/src/plugins/nat/nat64/nat64_db.h index 711b6bf6b03..a7d433fb8ea 100644 --- a/src/plugins/nat/nat64/nat64_db.h +++ b/src/plugins/nat/nat64/nat64_db.h @@ -18,6 +18,7 @@ #include <vnet/vnet.h> #include <vnet/ip/ip.h> #include <vnet/fib/fib_source.h> +#include <nat/lib/nat_proto.h> #include <vppinfra/bihash_24_8.h> #include <vppinfra/bihash_48_8.h> @@ -46,7 +47,6 @@ typedef struct }; } nat64_db_bib_entry_key_t; -/* *INDENT-OFF* */ typedef CLIB_PACKED(struct { ip6_address_t in_addr; @@ -58,17 +58,14 @@ typedef CLIB_PACKED(struct u8 proto; u8 is_static; }) nat64_db_bib_entry_t; -/* *INDENT-ON* */ typedef struct { /* BIBs */ -/* *INDENT-OFF* */ #define _(N, i, n, s) \ nat64_db_bib_entry_t *_##n##_bib; foreach_nat_protocol #undef _ -/* *INDENT-ON* */ nat64_db_bib_entry_t *_unk_proto_bib; /* BIB lookup */ @@ -97,7 +94,6 @@ typedef struct }; } nat64_db_st_entry_key_t; -/* *INDENT-OFF* */ typedef CLIB_PACKED(struct { ip6_address_t in_r_addr; @@ -108,17 +104,14 @@ typedef CLIB_PACKED(struct u8 proto; u8 tcp_state; }) nat64_db_st_entry_t; -/* *INDENT-ON* */ typedef struct { /* session tables */ -/* *INDENT-OFF* */ #define _(N, i, n, s) \ nat64_db_st_entry_t *_##n##_st; foreach_nat_protocol #undef _ -/* *INDENT-ON* */ nat64_db_st_entry_t *_unk_proto_st; /* session lookup */ diff --git a/src/plugins/nat/nat64/nat64_doc.md b/src/plugins/nat/nat64/nat64_doc.md deleted file mode 100644 index f65b46338b0..00000000000 --- a/src/plugins/nat/nat64/nat64_doc.md +++ /dev/null @@ -1,73 +0,0 @@ -# Stateful NAT64: Network Address and Protocol Translation from IPv6 Clients to IPv4 Servers {#nat64_doc} - -## Introduction - -Stateful NAT64 in VPP allows IPv6-only clients to contact IPv4 servers using unicast UDP, TCP, or ICMP based on RFC 6146. - -## Configuration - -### Enable/disable NAT64 feature on the interface - -> set interface nat64 in|out <intfc> [del] - -in: inside/local/IPv6 network -out: outside/external/IPv4 network -intfc: interface name - -### Add/delete NAT64 pool address - -One or more public IPv4 addresses assigned to a NAT64 are shared among several IPv6-only clients. - -> nat64 add pool address <ip4-range-start> [- <ip4-range-end>] [tenant-vrf <tenant-vrf-id>] [del] - -ip4-range-start: First IPv4 address of the range -ip4-range-end: Last IPv4 address of the range (optional, not used for single address) -tenant-vrf-id: VRF id of the tenant associated with the pool address (optional, if not set pool address is global) - -### Add/delete static BIB entry - -Stateful NAT64 also supports IPv4-initiated communications to a subset of the IPv6 hosts through staticaly configured bindings. - -> nat64 add static bib <ip6-addr> <in-port> <ip4-addr> <out-port> tcp|udp|icmp [vfr <table-id>] [del] - -ip6-addr: inside IPv6 address of the host -in-port: inside port or ICMPv6 identifier -ip4-addr: outside IPv4 address of the host -out-port: outside port or ICMPv4 identifier -table-id: VRF id of the tenant associated with the BIB entry (optional, default use global VRF) - -### Set NAT64 session timeouts - -Session is deleted when timer expires. If all sessions corresponding to a dynamically create BIB entry are deleted, then the BIB entry is also deleted. When packets are flowing sessiom timer is refreshed to keep the session alive. - -> set nat64 timeouts udp <sec> icmp <sec> tcp-trans <sec> tcp-est <sec> tcp-incoming-syn <sec> | reset - -udp: UDP session timeout value (default 300sec) -icmp: ICMP session timeout value (default 60sec) -tcp-trans: transitory TCP session timeout value (default 240sec) -tcp-est: established TCP session timeout value (default 7440sec) -tcp-incoming-syn: incoming SYN TCP session timeout value (default 6sec) -reset: reset timers to default values - -### Set NAT64 prefix - -Stateful NAT64 support the algorithm for generating IPv6 representations of IPv4 addresses defined in RFC 6052. If no prefix is configured, Well-Known Prefix (64:ff9b::/96) is used. - -> nat64 add prefix <ip6-prefix>/<plen> [tenant-vrf <vrf-id>] [del] - -ip6-prefix: IPv6 prefix -plen: prefix length (valid values: 32, 40, 48, 56, 64, or 96) -tenant-vrf: VRF id of the tenant associated with the prefix - -### Show commands - -> show nat64 pool -> show nat64 interfaces -> show nat64 bib tcp|udp|icmp -> show nat64 session table tcp|udp|icmp -> show nat64 timeouts -> show nat64 prefix - -## Notes - -Multi thread is not supported yet (CLI/API commands are disabled when VPP runs with multiple threads). diff --git a/src/plugins/nat/nat64/nat64_doc.rst b/src/plugins/nat/nat64/nat64_doc.rst new file mode 100644 index 00000000000..f375fba68bd --- /dev/null +++ b/src/plugins/nat/nat64/nat64_doc.rst @@ -0,0 +1,91 @@ +Stateful NAT64 +============== + +This document describes stateful NAT64 Network Address and Protocol +Translation + +Introduction +------------ + +Stateful NAT64 in VPP allows IPv6-only clients to contact IPv4 servers +using unicast UDP, TCP, or ICMP based on RFC 6146. + +Configuration +------------- + +Enable/disable NAT64 feature on the interface +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + + set interface nat64 in|out [del] + +in: inside/local/IPv6 network out: outside/external/IPv4 network intfc: +interface name + +Add/delete NAT64 pool address +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +One or more public IPv4 addresses assigned to a NAT64 are shared among +several IPv6-only clients. + + nat64 add pool address [- ] [tenant-vrf ] [del] + +ip4-range-start: First IPv4 address of the range ip4-range-end: Last +IPv4 address of the range (optional, not used for single address) +tenant-vrf-id: VRF id of the tenant associated with the pool address +(optional, if not set pool address is global) + +Add/delete static BIB entry +~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Stateful NAT64 also supports IPv4-initiated communications to a subset +of the IPv6 hosts through statically configured bindings. + + nat64 add static bib tcp|udp|icmp [vfr ] [del] + +ip6-addr: inside IPv6 address of the host in-port: inside port or ICMPv6 +identifier ip4-addr: outside IPv4 address of the host out-port: outside +port or ICMPv4 identifier table-id: VRF id of the tenant associated with +the BIB entry (optional, default use global VRF) + +Set NAT64 session timeouts +~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Session is deleted when timer expires. If all sessions corresponding to +a dynamically create BIB entry are deleted, then the BIB entry is also +deleted. When packets are flowing session timer is refreshed to keep the +session alive. + + set nat64 timeouts udp icmp tcp-trans tcp-est tcp-incoming-syn \| + reset + +udp: UDP session timeout value (default 300sec) icmp: ICMP session +timeout value (default 60sec) tcp-trans: transitory TCP session timeout +value (default 240sec) tcp-est: established TCP session timeout value +(default 7440sec) tcp-incoming-syn: incoming SYN TCP session timeout +value (default 6sec) reset: reset timers to default values + +Set NAT64 prefix +~~~~~~~~~~~~~~~~ + +Stateful NAT64 support the algorithm for generating IPv6 representations +of IPv4 addresses defined in RFC 6052. If no prefix is configured, +Well-Known Prefix (64:ff9b::/96) is used. + + nat64 add prefix / [tenant-vrf ] [del] + +ip6-prefix: IPv6 prefix plen: prefix length (valid values: 32, 40, 48, +56, 64, or 96) tenant-vrf: VRF id of the tenant associated with the +prefix + +Show commands +~~~~~~~~~~~~~ + + show nat64 pool show nat64 interfaces show nat64 bib tcp|udp|icmp + show nat64 session table tcp|udp|icmp show nat64 timeouts show nat64 + prefix + +Notes +----- + +Multi thread is not supported yet (CLI/API commands are disabled when +VPP runs with multiple threads). diff --git a/src/plugins/nat/nat64/nat64_in2out.c b/src/plugins/nat/nat64/nat64_in2out.c index 52d3c7f0a3b..63eab72a7fb 100644 --- a/src/plugins/nat/nat64/nat64_in2out.c +++ b/src/plugins/nat/nat64/nat64_in2out.c @@ -86,14 +86,12 @@ nat64_not_translate (u32 sw_if_index, ip6_address_t ip6_addr) ip_lookup_main_t *lm6 = &im6->lookup_main; ip_interface_address_t *ia = 0; - /* *INDENT-OFF* */ foreach_ip_interface_address (lm6, ia, sw_if_index, 0, ({ addr = ip_interface_address_get_address (lm6, ia); if (0 == ip6_address_compare (addr, &ip6_addr)) return 1; })); - /* *INDENT-ON* */ return 0; } @@ -744,7 +742,6 @@ nat64_in2out_tcp_udp_hairpinning (vlib_main_t * vm, vlib_buffer_t * b, daddr.ip4.as_u32 = ste->out_r_addr.as_u32; bibe = 0; - /* *INDENT-OFF* */ vec_foreach (db, nm->db) { bibe = nat64_db_bib_entry_find (db, &daddr, dport, proto, 0, 0); @@ -752,7 +749,6 @@ nat64_in2out_tcp_udp_hairpinning (vlib_main_t * vm, vlib_buffer_t * b, if (bibe) break; } - /* *INDENT-ON* */ if (!bibe) return -1; @@ -851,7 +847,6 @@ nat64_in2out_icmp_hairpinning (vlib_main_t * vm, vlib_buffer_t * b, daddr.ip4.as_u32 = bibe->out_addr.as_u32; ste = 0; - /* *INDENT-OFF* */ vec_foreach (db, nm->db) { ste = nat64_db_st_entry_find (db, &saddr, &daddr, sport, dport, proto, @@ -860,7 +855,6 @@ nat64_in2out_icmp_hairpinning (vlib_main_t * vm, vlib_buffer_t * b, if (ste) break; } - /* *INDENT-ON* */ if (!ste) return -1; @@ -1006,7 +1000,6 @@ nat64_in2out_unk_proto_hairpinning (vlib_main_t * vm, vlib_buffer_t * b, daddr.ip4.as_u32 = ste->out_r_addr.as_u32; bibe = 0; - /* *INDENT-OFF* */ vec_foreach (db, nm->db) { bibe = nat64_db_bib_entry_find (db, &daddr, 0, proto, 0, 0); @@ -1014,7 +1007,6 @@ nat64_in2out_unk_proto_hairpinning (vlib_main_t * vm, vlib_buffer_t * b, if (bibe) break; } - /* *INDENT-ON* */ if (!bibe) return -1; @@ -1226,7 +1218,6 @@ VLIB_NODE_FN (nat64_in2out_node) (vlib_main_t * vm, return nat64_in2out_node_fn_inline (vm, node, frame, 0); } -/* *INDENT-OFF* */ VLIB_REGISTER_NODE (nat64_in2out_node) = { .name = "nat64-in2out", .vector_size = sizeof (u32), @@ -1243,7 +1234,6 @@ VLIB_REGISTER_NODE (nat64_in2out_node) = { [NAT64_IN2OUT_NEXT_SLOWPATH] = "nat64-in2out-slowpath", }, }; -/* *INDENT-ON* */ VLIB_NODE_FN (nat64_in2out_slowpath_node) (vlib_main_t * vm, vlib_node_runtime_t * node, @@ -1252,7 +1242,6 @@ VLIB_NODE_FN (nat64_in2out_slowpath_node) (vlib_main_t * vm, return nat64_in2out_node_fn_inline (vm, node, frame, 1); } -/* *INDENT-OFF* */ VLIB_REGISTER_NODE (nat64_in2out_slowpath_node) = { .name = "nat64-in2out-slowpath", .vector_size = sizeof (u32), @@ -1269,7 +1258,6 @@ VLIB_REGISTER_NODE (nat64_in2out_slowpath_node) = { [NAT64_IN2OUT_NEXT_SLOWPATH] = "nat64-in2out-slowpath", }, }; -/* *INDENT-ON* */ typedef struct nat64_in2out_frag_set_ctx_t_ { @@ -1384,7 +1372,6 @@ VLIB_NODE_FN (nat64_in2out_handoff_node) (vlib_main_t * vm, return frame->n_vectors; } -/* *INDENT-OFF* */ VLIB_REGISTER_NODE (nat64_in2out_handoff_node) = { .name = "nat64-in2out-handoff", .vector_size = sizeof (u32), @@ -1399,7 +1386,6 @@ VLIB_REGISTER_NODE (nat64_in2out_handoff_node) = { [0] = "error-drop", }, }; -/* *INDENT-ON* */ /* * fd.io coding-style-patch-verification: ON diff --git a/src/plugins/nat/nat64/nat64_out2in.c b/src/plugins/nat/nat64/nat64_out2in.c index 7cc2d3d3b70..a8faead4470 100644 --- a/src/plugins/nat/nat64/nat64_out2in.c +++ b/src/plugins/nat/nat64/nat64_out2in.c @@ -639,7 +639,6 @@ VLIB_NODE_FN (nat64_out2in_node) (vlib_main_t * vm, return frame->n_vectors; } -/* *INDENT-OFF* */ VLIB_REGISTER_NODE (nat64_out2in_node) = { .name = "nat64-out2in", .vector_size = sizeof (u32), @@ -655,7 +654,6 @@ VLIB_REGISTER_NODE (nat64_out2in_node) = { [NAT64_OUT2IN_NEXT_IP4_LOOKUP] = "ip4-lookup", }, }; -/* *INDENT-ON* */ typedef struct nat64_out2in_frag_set_ctx_t_ { @@ -769,7 +767,6 @@ VLIB_NODE_FN (nat64_out2in_handoff_node) (vlib_main_t * vm, return frame->n_vectors; } -/* *INDENT-OFF* */ VLIB_REGISTER_NODE (nat64_out2in_handoff_node) = { .name = "nat64-out2in-handoff", .vector_size = sizeof (u32), @@ -784,7 +781,6 @@ VLIB_REGISTER_NODE (nat64_out2in_handoff_node) = { [0] = "error-drop", }, }; -/* *INDENT-ON* */ /* * fd.io coding-style-patch-verification: ON |