summaryrefslogtreecommitdiffstats
path: root/src/plugins/nat
diff options
context:
space:
mode:
Diffstat (limited to 'src/plugins/nat')
-rw-r--r--src/plugins/nat/nat44_cli.c79
-rw-r--r--src/plugins/nat/nat_api.c139
2 files changed, 215 insertions, 3 deletions
diff --git a/src/plugins/nat/nat44_cli.c b/src/plugins/nat/nat44_cli.c
index f61f59b8d6a..da97a801b7f 100644
--- a/src/plugins/nat/nat44_cli.c
+++ b/src/plugins/nat/nat44_cli.c
@@ -22,15 +22,24 @@
#include <nat/nat_det.h>
#include <vnet/fib/fib_table.h>
+#define UNSUPPORTED_IN_DET_MODE_STR \
+ "This command is unsupported in deterministic mode"
+#define SUPPORTED_ONLY_IN_DET_MODE_STR \
+ "This command is supported only in deterministic mode"
+
static clib_error_t *
set_workers_command_fn (vlib_main_t * vm,
unformat_input_t * input, vlib_cli_command_t * cmd)
{
unformat_input_t _line_input, *line_input = &_line_input;
+ snat_main_t *sm = &snat_main;
uword *bitmap = 0;
int rv = 0;
clib_error_t *error = 0;
+ if (sm->deterministic)
+ return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
+
/* Get a line of input. */
if (!unformat_user (input, unformat_line_input, line_input))
return 0;
@@ -83,6 +92,9 @@ nat_show_workers_commnad_fn (vlib_main_t * vm, unformat_input_t * input,
snat_main_t *sm = &snat_main;
u32 *worker;
+ if (sm->deterministic)
+ return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
+
if (sm->num_workers > 1)
{
vlib_cli_output (vm, "%d workers", vec_len (sm->workers));
@@ -151,9 +163,13 @@ nat44_set_alloc_addr_and_port_alg_command_fn (vlib_main_t * vm,
vlib_cli_command_t * cmd)
{
unformat_input_t _line_input, *line_input = &_line_input;
+ snat_main_t *sm = &snat_main;
clib_error_t *error = 0;
u32 psid, psid_offset, psid_length;
+ if (sm->deterministic)
+ return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
+
/* Get a line of input. */
if (!unformat_user (input, unformat_line_input, line_input))
return 0;
@@ -197,6 +213,9 @@ add_address_command_fn (vlib_main_t * vm,
clib_error_t *error = 0;
u8 twice_nat = 0;
+ if (sm->deterministic)
+ return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
+
/* Get a line of input. */
if (!unformat_user (input, unformat_line_input, line_input))
return 0;
@@ -286,6 +305,9 @@ nat44_show_addresses_command_fn (vlib_main_t * vm, unformat_input_t * input,
snat_main_t *sm = &snat_main;
snat_address_t *ap;
+ if (sm->deterministic)
+ return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
+
vlib_cli_output (vm, "NAT44 pool addresses:");
/* *INDENT-OFF* */
vec_foreach (ap, sm->addresses)
@@ -468,6 +490,7 @@ add_static_mapping_command_fn (vlib_main_t * vm,
vlib_cli_command_t * cmd)
{
unformat_input_t _line_input, *line_input = &_line_input;
+ snat_main_t *sm = &snat_main;
clib_error_t *error = 0;
ip4_address_t l_addr, e_addr;
u32 l_port = 0, e_port = 0, vrf_id = ~0;
@@ -481,6 +504,9 @@ add_static_mapping_command_fn (vlib_main_t * vm,
u8 twice_nat = 0;
u8 out2in_only = 0;
+ if (sm->deterministic)
+ return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
+
/* Get a line of input. */
if (!unformat_user (input, unformat_line_input, line_input))
return 0;
@@ -574,6 +600,7 @@ add_identity_mapping_command_fn (vlib_main_t * vm,
vlib_cli_command_t * cmd)
{
unformat_input_t _line_input, *line_input = &_line_input;
+ snat_main_t *sm = &snat_main;
clib_error_t *error = 0;
ip4_address_t addr;
u32 port = 0, vrf_id = ~0;
@@ -584,6 +611,9 @@ add_identity_mapping_command_fn (vlib_main_t * vm,
int rv;
snat_protocol_t proto;
+ if (sm->deterministic)
+ return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
+
addr.as_u32 = 0;
/* Get a line of input. */
@@ -649,6 +679,7 @@ add_lb_static_mapping_command_fn (vlib_main_t * vm,
vlib_cli_command_t * cmd)
{
unformat_input_t _line_input, *line_input = &_line_input;
+ snat_main_t *sm = &snat_main;
clib_error_t *error = 0;
ip4_address_t l_addr, e_addr;
u32 l_port = 0, e_port = 0, vrf_id = 0, probability = 0;
@@ -660,6 +691,9 @@ add_lb_static_mapping_command_fn (vlib_main_t * vm,
u8 twice_nat = 0;
u8 out2in_only = 0;
+ if (sm->deterministic)
+ return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
+
/* Get a line of input. */
if (!unformat_user (input, unformat_line_input, line_input))
return 0;
@@ -747,6 +781,9 @@ nat44_show_static_mappings_command_fn (vlib_main_t * vm,
snat_static_mapping_t *m;
snat_static_map_resolve_t *rp;
+ if (sm->deterministic)
+ return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
+
vlib_cli_output (vm, "NAT44 static mappings:");
/* *INDENT-OFF* */
pool_foreach (m, sm->static_mappings,
@@ -773,6 +810,9 @@ snat_add_interface_address_command_fn (vlib_main_t * vm,
clib_error_t *error = 0;
u8 twice_nat = 0;
+ if (sm->deterministic)
+ return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
+
/* Get a line of input. */
if (!unformat_user (input, unformat_line_input, line_input))
return 0;
@@ -822,6 +862,9 @@ nat44_show_interface_address_command_fn (vlib_main_t * vm,
vnet_main_t *vnm = vnet_get_main ();
u32 *sw_if_index;
+ if (sm->deterministic)
+ return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
+
/* *INDENT-OFF* */
vlib_cli_output (vm, "NAT44 pool address interfaces:");
vec_foreach (sw_if_index, sm->auto_add_sw_if_indices)
@@ -850,6 +893,9 @@ nat44_show_sessions_command_fn (vlib_main_t * vm, unformat_input_t * input,
snat_user_t *u;
int i = 0;
+ if (sm->deterministic)
+ return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
+
if (unformat (input, "detail"))
verbose = 1;
@@ -884,6 +930,9 @@ nat44_del_session_command_fn (vlib_main_t * vm,
snat_protocol_t proto;
int rv;
+ if (sm->deterministic)
+ return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
+
/* Get a line of input. */
if (!unformat_user (input, unformat_line_input, line_input))
return 0;
@@ -938,6 +987,9 @@ snat_forwarding_set_command_fn (vlib_main_t * vm,
u8 forwarding_enable_set = 0;
clib_error_t *error = 0;
+ if (sm->deterministic)
+ return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
+
/* Get a line of input. */
if (!unformat_user (input, unformat_line_input, line_input))
return clib_error_return (0, "'enable' or 'disable' expected");
@@ -987,6 +1039,9 @@ snat_det_map_command_fn (vlib_main_t * vm,
int is_add = 1, rv;
clib_error_t *error = 0;
+ if (!sm->deterministic)
+ return clib_error_return (0, SUPPORTED_ONLY_IN_DET_MODE_STR);
+
/* Get a line of input. */
if (!unformat_user (input, unformat_line_input, line_input))
return 0;
@@ -1034,6 +1089,9 @@ nat44_det_show_mappings_command_fn (vlib_main_t * vm,
snat_main_t *sm = &snat_main;
snat_det_map_t *dm;
+ if (!sm->deterministic)
+ return clib_error_return (0, SUPPORTED_ONLY_IN_DET_MODE_STR);
+
vlib_cli_output (vm, "NAT44 deterministic mappings:");
/* *INDENT-OFF* */
pool_foreach (dm, sm->det_maps,
@@ -1064,6 +1122,9 @@ snat_det_forward_command_fn (vlib_main_t * vm,
snat_det_map_t *dm;
clib_error_t *error = 0;
+ if (!sm->deterministic)
+ return clib_error_return (0, SUPPORTED_ONLY_IN_DET_MODE_STR);
+
/* Get a line of input. */
if (!unformat_user (input, unformat_line_input, line_input))
return 0;
@@ -1108,6 +1169,9 @@ snat_det_reverse_command_fn (vlib_main_t * vm,
snat_det_map_t *dm;
clib_error_t *error = 0;
+ if (!sm->deterministic)
+ return clib_error_return (0, SUPPORTED_ONLY_IN_DET_MODE_STR);
+
/* Get a line of input. */
if (!unformat_user (input, unformat_line_input, line_input))
return 0;
@@ -1154,6 +1218,9 @@ set_timeout_command_fn (vlib_main_t * vm,
unformat_input_t _line_input, *line_input = &_line_input;
clib_error_t *error = 0;
+ if (!sm->deterministic)
+ return clib_error_return (0, SUPPORTED_ONLY_IN_DET_MODE_STR);
+
/* Get a line of input. */
if (!unformat_user (input, unformat_line_input, line_input))
return 0;
@@ -1198,6 +1265,9 @@ nat44_det_show_timeouts_command_fn (vlib_main_t * vm,
{
snat_main_t *sm = &snat_main;
+ if (!sm->deterministic)
+ return clib_error_return (0, SUPPORTED_ONLY_IN_DET_MODE_STR);
+
vlib_cli_output (vm, "udp timeout: %dsec", sm->udp_timeout);
vlib_cli_output (vm, "tcp-established timeout: %dsec",
sm->tcp_established_timeout);
@@ -1218,6 +1288,9 @@ nat44_det_show_sessions_command_fn (vlib_main_t * vm,
snat_det_session_t *ses;
int i;
+ if (!sm->deterministic)
+ return clib_error_return (0, SUPPORTED_ONLY_IN_DET_MODE_STR);
+
vlib_cli_output (vm, "NAT44 deterministic sessions:");
/* *INDENT-OFF* */
pool_foreach (dm, sm->det_maps,
@@ -1247,6 +1320,9 @@ snat_det_close_session_out_fn (vlib_main_t * vm,
snat_det_out_key_t key;
clib_error_t *error = 0;
+ if (!sm->deterministic)
+ return clib_error_return (0, SUPPORTED_ONLY_IN_DET_MODE_STR);
+
/* Get a line of input. */
if (!unformat_user (input, unformat_line_input, line_input))
return 0;
@@ -1303,6 +1379,9 @@ snat_det_close_session_in_fn (vlib_main_t * vm,
snat_det_out_key_t key;
clib_error_t *error = 0;
+ if (!sm->deterministic)
+ return clib_error_return (0, SUPPORTED_ONLY_IN_DET_MODE_STR);
+
/* Get a line of input. */
if (!unformat_user (input, unformat_line_input, line_input))
return 0;
diff --git a/src/plugins/nat/nat_api.c b/src/plugins/nat/nat_api.c
index d226ad6156e..56b261d1bb9 100644
--- a/src/plugins/nat/nat_api.c
+++ b/src/plugins/nat/nat_api.c
@@ -133,7 +133,15 @@ vl_api_nat_set_workers_t_handler (vl_api_nat_set_workers_t * mp)
vl_api_nat_set_workers_reply_t *rmp;
int rv = 0;
uword *bitmap = 0;
- u64 mask = clib_net_to_host_u64 (mp->worker_mask);
+ u64 mask;
+
+ if (sm->deterministic)
+ {
+ rv = VNET_API_ERROR_UNSUPPORTED;
+ goto send_reply;
+ }
+
+ mask = clib_net_to_host_u64 (mp->worker_mask);
if (sm->num_workers < 2)
{
@@ -201,6 +209,9 @@ vl_api_nat_worker_dump_t_handler (vl_api_nat_worker_dump_t * mp)
snat_main_t *sm = &snat_main;
u32 *worker_index;
+ if (sm->deterministic)
+ return;
+
reg = vl_api_client_index_to_registration (mp->client_index);
if (!reg)
return;
@@ -411,6 +422,12 @@ static void
int rv = 0;
u32 *tmp;
+ if (sm->deterministic)
+ {
+ rv = VNET_API_ERROR_UNSUPPORTED;
+ goto send_reply;
+ }
+
if (sm->static_mapping_only)
{
rv = VNET_API_ERROR_FEATURE_DISABLED;
@@ -500,6 +517,9 @@ vl_api_nat44_address_dump_t_handler (vl_api_nat44_address_dump_t * mp)
snat_main_t *sm = &snat_main;
snat_address_t *a;
+ if (sm->deterministic)
+ return;
+
reg = vl_api_client_index_to_registration (mp->client_index);
if (!reg)
return;
@@ -614,13 +634,19 @@ static void
u32 sw_if_index = ntohl (mp->sw_if_index);
int rv = 0;
+ if (sm->deterministic)
+ {
+ rv = VNET_API_ERROR_UNSUPPORTED;
+ goto send_reply;
+ }
+
VALIDATE_SW_IF_INDEX (mp);
rv = snat_interface_add_del_output_feature (sw_if_index, mp->is_inside,
is_del);
BAD_SW_IF_INDEX_LABEL;
-
+send_reply:
REPLY_MACRO (VL_API_NAT44_INTERFACE_ADD_DEL_OUTPUT_FEATURE_REPLY);
}
@@ -664,6 +690,9 @@ static void
snat_main_t *sm = &snat_main;
snat_interface_t *i;
+ if (sm->deterministic)
+ return;
+
reg = vl_api_client_index_to_registration (mp->client_index);
if (!reg)
return;
@@ -699,6 +728,12 @@ static void
snat_protocol_t proto;
u8 *tag = 0;
+ if (sm->deterministic)
+ {
+ rv = VNET_API_ERROR_UNSUPPORTED;
+ goto send_reply;
+ }
+
memcpy (&local_addr.as_u8, mp->local_ip_address, 4);
memcpy (&external_addr.as_u8, mp->external_ip_address, 4);
if (mp->addr_only == 0)
@@ -720,6 +755,7 @@ static void
vec_free (tag);
+send_reply:
REPLY_MACRO (VL_API_NAT44_ADD_DEL_STATIC_MAPPING_REPLY);
}
@@ -822,6 +858,9 @@ vl_api_nat44_static_mapping_dump_t_handler (vl_api_nat44_static_mapping_dump_t
snat_static_map_resolve_t *rp;
int j;
+ if (sm->deterministic)
+ return;
+
reg = vl_api_client_index_to_registration (mp->client_index);
if (!reg)
return;
@@ -866,6 +905,12 @@ static void
snat_protocol_t proto = ~0;
u8 *tag = 0;
+ if (sm->deterministic)
+ {
+ rv = VNET_API_ERROR_UNSUPPORTED;
+ goto send_reply;
+ }
+
if (mp->addr_only == 0)
{
port = clib_net_to_host_u16 (mp->port);
@@ -887,6 +932,7 @@ static void
vec_free (tag);
+send_reply:
REPLY_MACRO (VL_API_NAT44_ADD_DEL_IDENTITY_MAPPING_REPLY);
}
@@ -970,6 +1016,9 @@ static void
snat_static_map_resolve_t *rp;
int j;
+ if (sm->deterministic)
+ return;
+
reg = vl_api_client_index_to_registration (mp->client_index);
if (!reg)
return;
@@ -1010,12 +1059,18 @@ static void
u32 sw_if_index = ntohl (mp->sw_if_index);
int rv = 0;
+ if (sm->deterministic)
+ {
+ rv = VNET_API_ERROR_UNSUPPORTED;
+ goto send_reply;
+ }
+
VALIDATE_SW_IF_INDEX (mp);
rv = snat_add_interface_address (sm, sw_if_index, is_del, mp->twice_nat);
BAD_SW_IF_INDEX_LABEL;
-
+send_reply:
REPLY_MACRO (VL_API_NAT44_ADD_DEL_INTERFACE_ADDR_REPLY);
}
@@ -1059,6 +1114,9 @@ vl_api_nat44_interface_addr_dump_t_handler (vl_api_nat44_interface_addr_dump_t
snat_main_t *sm = &snat_main;
u32 *i;
+ if (sm->deterministic)
+ return;
+
reg = vl_api_client_index_to_registration (mp->client_index);
if (!reg)
return;
@@ -1112,6 +1170,9 @@ vl_api_nat44_user_dump_t_handler (vl_api_nat44_user_dump_t * mp)
snat_main_per_thread_data_t *tsm;
snat_user_t *u;
+ if (sm->deterministic)
+ return;
+
reg = vl_api_client_index_to_registration (mp->client_index);
if (!reg)
return;
@@ -1182,6 +1243,9 @@ vl_api_nat44_user_session_dump_t_handler (vl_api_nat44_user_session_dump_t *
dlist_elt_t *head, *elt;
ip4_header_t ip;
+ if (sm->deterministic)
+ return;
+
reg = vl_api_client_index_to_registration (mp->client_index);
if (!reg)
return;
@@ -1266,6 +1330,12 @@ static void
snat_protocol_t proto;
u8 *tag = 0;
+ if (sm->deterministic)
+ {
+ rv = VNET_API_ERROR_UNSUPPORTED;
+ goto send_reply;
+ }
+
locals = unformat_nat44_lb_addr_port (mp->locals, mp->local_num);
clib_memcpy (&e_addr, mp->external_addr, 4);
proto = ip_proto_to_snat_proto (mp->protocol);
@@ -1283,6 +1353,7 @@ static void
vec_free (locals);
vec_free (tag);
+send_reply:
REPLY_MACRO (VL_API_NAT44_ADD_DEL_LB_STATIC_MAPPING_REPLY);
}
@@ -1346,6 +1417,9 @@ static void
snat_main_t *sm = &snat_main;
snat_static_mapping_t *m;
+ if (sm->deterministic)
+ return;
+
reg = vl_api_client_index_to_registration (mp->client_index);
if (!reg)
return;
@@ -1380,6 +1454,12 @@ vl_api_nat44_del_session_t_handler (vl_api_nat44_del_session_t * mp)
int rv = 0;
snat_protocol_t proto;
+ if (sm->deterministic)
+ {
+ rv = VNET_API_ERROR_UNSUPPORTED;
+ goto send_reply;
+ }
+
memcpy (&addr.as_u8, mp->address, 4);
port = clib_net_to_host_u16 (mp->port);
vrf_id = clib_net_to_host_u32 (mp->vrf_id);
@@ -1387,6 +1467,7 @@ vl_api_nat44_del_session_t_handler (vl_api_nat44_del_session_t * mp)
rv = nat44_del_session (sm, &addr, port, proto, vrf_id, mp->is_in);
+send_reply:
REPLY_MACRO (VL_API_NAT44_DEL_SESSION_REPLY);
}
@@ -1474,6 +1555,12 @@ vl_api_nat_det_add_del_map_t_handler (vl_api_nat_det_add_del_map_t * mp)
int rv = 0;
ip4_address_t in_addr, out_addr;
+ if (!sm->deterministic)
+ {
+ rv = VNET_API_ERROR_UNSUPPORTED;
+ goto send_reply;
+ }
+
if (!mp->is_nat44)
{
rv = VNET_API_ERROR_UNIMPLEMENTED;
@@ -1513,6 +1600,13 @@ vl_api_nat_det_forward_t_handler (vl_api_nat_det_forward_t * mp)
snat_det_map_t *dm;
ip4_address_t in_addr, out_addr;
+ if (!sm->deterministic)
+ {
+ rv = VNET_API_ERROR_UNSUPPORTED;
+ REPLY_MACRO (VL_API_NAT_DET_FORWARD_REPLY);
+ return;
+ }
+
if (!mp->is_nat44)
{
out_addr.as_u32 = 0;
@@ -1563,6 +1657,13 @@ vl_api_nat_det_reverse_t_handler (vl_api_nat_det_reverse_t * mp)
ip4_address_t out_addr, in_addr;
snat_det_map_t *dm;
+ if (!sm->deterministic)
+ {
+ rv = VNET_API_ERROR_UNSUPPORTED;
+ REPLY_MACRO (VL_API_NAT_DET_REVERSE_REPLY);
+ return;
+ }
+
in_addr.as_u32 = 0;
clib_memcpy (&out_addr, mp->out_addr, 4);
dm = snat_det_map_by_out (sm, &out_addr);
@@ -1627,6 +1728,9 @@ vl_api_nat_det_map_dump_t_handler (vl_api_nat_det_map_dump_t * mp)
snat_main_t *sm = &snat_main;
snat_det_map_t *m;
+ if (!sm->deterministic)
+ return;
+
reg = vl_api_client_index_to_registration (mp->client_index);
if (!reg)
return;
@@ -1654,11 +1758,18 @@ vl_api_nat_det_set_timeouts_t_handler (vl_api_nat_det_set_timeouts_t * mp)
vl_api_nat_det_set_timeouts_reply_t *rmp;
int rv = 0;
+ if (!sm->deterministic)
+ {
+ rv = VNET_API_ERROR_UNSUPPORTED;
+ goto send_reply;
+ }
+
sm->udp_timeout = ntohl (mp->udp);
sm->tcp_established_timeout = ntohl (mp->tcp_established);
sm->tcp_transitory_timeout = ntohl (mp->tcp_transitory);
sm->icmp_timeout = ntohl (mp->icmp);
+send_reply:
REPLY_MACRO (VL_API_NAT_DET_SET_TIMEOUTS_REPLY);
}
@@ -1684,6 +1795,13 @@ vl_api_nat_det_get_timeouts_t_handler (vl_api_nat_det_get_timeouts_t * mp)
vl_api_nat_det_get_timeouts_reply_t *rmp;
int rv = 0;
+ if (!sm->deterministic)
+ {
+ rv = VNET_API_ERROR_UNSUPPORTED;
+ REPLY_MACRO (VL_API_NAT_DET_GET_TIMEOUTS_REPLY);
+ return;
+ }
+
/* *INDENT-OFF* */
REPLY_MACRO2 (VL_API_NAT_DET_GET_TIMEOUTS_REPLY,
({
@@ -1718,6 +1836,12 @@ vl_api_nat_det_close_session_out_t_handler (vl_api_nat_det_close_session_out_t
snat_det_session_t *ses;
int rv = 0;
+ if (!sm->deterministic)
+ {
+ rv = VNET_API_ERROR_UNSUPPORTED;
+ goto send_reply;
+ }
+
clib_memcpy (&out_addr, mp->out_addr, 4);
clib_memcpy (&ext_addr, mp->ext_addr, 4);
@@ -1770,6 +1894,12 @@ vl_api_nat_det_close_session_in_t_handler (vl_api_nat_det_close_session_in_t *
snat_det_session_t *ses;
int rv = 0;
+ if (!sm->deterministic)
+ {
+ rv = VNET_API_ERROR_UNSUPPORTED;
+ goto send_reply;
+ }
+
if (!mp->is_nat44)
{
rv = VNET_API_ERROR_UNIMPLEMENTED;
@@ -1843,6 +1973,9 @@ vl_api_nat_det_session_dump_t_handler (vl_api_nat_det_session_dump_t * mp)
snat_det_session_t *s, empty_ses;
u16 i;
+ if (!sm->deterministic)
+ return;
+
reg = vl_api_client_index_to_registration (mp->client_index);
if (!reg)
return;