1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
|
/*
* Copyright (c) 2020 Cisco and/or its affiliates.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at:
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef __CNAT_SNAT_H__
#define __CNAT_SNAT_H__
#include <cnat/cnat_types.h>
#include <cnat/cnat_session.h>
/* function to use to decide whether to snat connections in the output
* feature. Returns 1 if we should source NAT */
typedef int (*cnat_snat_policy_t) (vlib_buffer_t *b, cnat_session_t *session);
typedef struct cnat_snat_pfx_table_meta_t_
{
u32 dst_address_length_refcounts[129];
u16 *prefix_lengths_in_search_order;
uword *non_empty_dst_address_length_bitmap;
} cnat_snat_pfx_table_meta_t;
typedef struct cnat_snat_exclude_pfx_table_t_
{
/* Stores (ip family, prefix & mask) */
clib_bihash_24_8_t ip_hash;
/* family dependant cache */
cnat_snat_pfx_table_meta_t meta[2];
/* Precomputed ip masks (ip4 & ip6) */
ip6_address_t ip_masks[129];
} cnat_snat_exclude_pfx_table_t;
typedef enum cnat_snat_interface_map_type_t_
{
CNAT_SNAT_IF_MAP_INCLUDE_V4 = AF_IP4,
CNAT_SNAT_IF_MAP_INCLUDE_V6 = AF_IP6,
CNAT_SNAT_IF_MAP_INCLUDE_POD,
/* CNAT_SNAT_IF_MAP_INCLUDE_HOST is used for interfaces used for punt,
replicating uplink */
CNAT_SNAT_IF_MAP_INCLUDE_HOST,
CNAT_N_SNAT_IF_MAP,
} cnat_snat_interface_map_type_t;
typedef enum cnat_snat_policy_type_t_
{
CNAT_SNAT_POLICY_NONE = 0,
CNAT_SNAT_POLICY_IF_PFX = 1,
CNAT_SNAT_POLICY_K8S = 2,
} cnat_snat_policy_type_t;
typedef struct cnat_snat_policy_main_t_
{
/* Longest prefix Match table for source NATing */
cnat_snat_exclude_pfx_table_t excluded_pfx;
/* interface maps including or excluding sw_if_indexes */
clib_bitmap_t *interface_maps[CNAT_N_SNAT_IF_MAP];
/* SNAT policy for the output feature node */
cnat_snat_policy_t snat_policy;
/* Ip4 Address to use for source NATing */
cnat_endpoint_t snat_ip4;
/* Ip6 Address to use for source NATing */
cnat_endpoint_t snat_ip6;
} cnat_snat_policy_main_t;
extern cnat_snat_policy_main_t cnat_snat_policy_main;
extern void cnat_set_snat (ip4_address_t *ip4, ip6_address_t *ip6,
u32 sw_if_index);
extern int cnat_snat_policy_add_pfx (ip_prefix_t *pfx);
extern int cnat_snat_policy_del_pfx (ip_prefix_t *pfx);
extern int cnat_set_snat_policy (cnat_snat_policy_type_t policy);
extern int cnat_snat_policy_add_del_if (u32 sw_if_index, u8 is_add,
cnat_snat_interface_map_type_t table);
int cnat_search_snat_prefix (ip46_address_t *addr, ip_address_family_t af);
/*
* fd.io coding-style-patch-verification: ON
*
* Local Variables:
* eval: (c-set-style "gnu")
* End:
*/
#endif
|