summaryrefslogtreecommitdiffstats
path: root/src/plugins/cnat/cnat_snat_policy.h
blob: 987ae494e16d241ab1f995ca1931371d2b50cd6c (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
/*
 * Copyright (c) 2020 Cisco and/or its affiliates.
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at:
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

#ifndef __CNAT_SNAT_H__
#define __CNAT_SNAT_H__

#include <cnat/cnat_types.h>
#include <cnat/cnat_session.h>

/* function to use to decide whether to snat connections in the output
 * feature. Returns 1 if we should source NAT */
typedef int (*cnat_snat_policy_t) (vlib_buffer_t *b, cnat_session_t *session);

typedef struct cnat_snat_pfx_table_meta_t_
{
  u32 dst_address_length_refcounts[129];
  u16 *prefix_lengths_in_search_order;
  uword *non_empty_dst_address_length_bitmap;
} cnat_snat_pfx_table_meta_t;

typedef struct cnat_snat_exclude_pfx_table_t_
{
  /* Stores (ip family, prefix & mask) */
  clib_bihash_24_8_t ip_hash;
  /* family dependant cache */
  cnat_snat_pfx_table_meta_t meta[2];
  /* Precomputed ip masks (ip4 & ip6) */
  ip6_address_t ip_masks[129];
} cnat_snat_exclude_pfx_table_t;

typedef enum cnat_snat_interface_map_type_t_
{
  CNAT_SNAT_IF_MAP_INCLUDE_V4 = AF_IP4,
  CNAT_SNAT_IF_MAP_INCLUDE_V6 = AF_IP6,
  CNAT_SNAT_IF_MAP_INCLUDE_POD,
  CNAT_N_SNAT_IF_MAP,
} cnat_snat_interface_map_type_t;

typedef enum cnat_snat_policy_type_t_
{
  CNAT_SNAT_POLICY_NONE = 0,
  CNAT_SNAT_POLICY_IF_PFX = 1,
  CNAT_SNAT_POLICY_K8S = 2,
} cnat_snat_policy_type_t;

typedef struct cnat_snat_policy_main_t_
{
  /* Longest prefix Match table for source NATing */
  cnat_snat_exclude_pfx_table_t excluded_pfx;

  /* interface maps including or excluding sw_if_indexes  */
  clib_bitmap_t *interface_maps[CNAT_N_SNAT_IF_MAP];

  /* SNAT policy for the output feature node */
  cnat_snat_policy_t snat_policy;

  /* Ip4 Address to use for source NATing */
  cnat_endpoint_t snat_ip4;

  /* Ip6 Address to use for source NATing */
  cnat_endpoint_t snat_ip6;

} cnat_snat_policy_main_t;

extern cnat_snat_policy_main_t cnat_snat_policy_main;

extern void cnat_set_snat (ip4_address_t *ip4, ip6_address_t *ip6,
			   u32 sw_if_index);
extern int cnat_snat_policy_add_pfx (ip_prefix_t *pfx);
extern int cnat_snat_policy_del_pfx (ip_prefix_t *pfx);
extern int cnat_set_snat_policy (cnat_snat_policy_type_t policy);
extern int cnat_snat_policy_add_del_if (u32 sw_if_index, u8 is_add,
					cnat_snat_interface_map_type_t table);

int cnat_search_snat_prefix (ip46_address_t *addr, ip_address_family_t af);

/*
 * fd.io coding-style-patch-verification: ON
 *
 * Local Variables:
 * eval: (c-set-style "gnu")
 * End:
 */

#endif