26 #define UNSUPPORTED_IN_DET_MODE_STR \ 27 "This command is unsupported in deterministic mode" 28 #define SUPPORTED_ONLY_IN_DET_MODE_STR \ 29 "This command is supported only in deterministic mode" 72 case VNET_API_ERROR_INVALID_WORKER:
75 case VNET_API_ERROR_FEATURE_DISABLED:
77 "Supported only if 2 or more workes available.");
133 if (
unformat (line_input,
"domain %d", &domain_id))
135 else if (
unformat (line_input,
"src-port %d", &src_port))
137 else if (
unformat (line_input,
"disable"))
172 else if (
unformat (input,
"verbose"))
211 u32 psid, psid_offset, psid_length;
222 if (
unformat (line_input,
"default"))
226 (line_input,
"map-e psid %d psid-offset %d psid-len %d", &psid,
227 &psid_offset, &psid_length))
251 u32 start_host_order, end_host_order;
268 if (
unformat (line_input,
"%U - %U",
272 else if (
unformat (line_input,
"tenant-vrf %u", &vrf_id))
275 end_addr = start_addr;
276 else if (
unformat (line_input,
"twice-nat"))
278 else if (
unformat (line_input,
"del"))
294 start_host_order = clib_host_to_net_u32 (start_addr.
as_u32);
295 end_host_order = clib_host_to_net_u32 (end_addr.
as_u32);
297 if (end_host_order < start_host_order)
303 count = (end_host_order - start_host_order) + 1;
310 this_addr = start_addr;
312 for (i = 0; i <
count; i++)
321 case VNET_API_ERROR_VALUE_EXIST:
324 case VNET_API_ERROR_NO_SUCH_ENTRY:
327 case VNET_API_ERROR_UNSPECIFIED:
331 case VNET_API_ERROR_FEATURE_DISABLED:
334 "twice NAT available only for endpoint-dependent mode.");
372 #define _(N, i, n, s) \ 373 vlib_cli_output (vm, " %d busy %s ports", ap->busy_##n##_ports, s); 386 #define _(N, i, n, s) \ 387 vlib_cli_output (vm, " %d busy %s ports", ap->busy_##n##_ports, s); 403 u32 *inside_sw_if_indices = 0;
404 u32 *outside_sw_if_indices = 0;
405 u8 is_output_feature = 0;
419 vec_add1 (inside_sw_if_indices, sw_if_index);
422 vec_add1 (outside_sw_if_indices, sw_if_index);
423 else if (
unformat (line_input,
"output-feature"))
424 is_output_feature = 1;
425 else if (
unformat (line_input,
"del"))
435 if (
vec_len (inside_sw_if_indices))
437 for (i = 0; i <
vec_len (inside_sw_if_indices); i++)
439 sw_if_index = inside_sw_if_indices[
i];
440 if (is_output_feature)
443 (sw_if_index, 1, is_del))
446 is_del ?
"del" :
"add",
457 is_del ?
"del" :
"add",
466 if (
vec_len (outside_sw_if_indices))
468 for (i = 0; i <
vec_len (outside_sw_if_indices); i++)
470 sw_if_index = outside_sw_if_indices[
i];
471 if (is_output_feature)
474 (sw_if_index, 0, is_del))
477 is_del ?
"del" :
"add",
488 is_del ?
"del" :
"add",
517 vlib_cli_output (vm,
" %U %s", format_vnet_sw_if_index_name, vnm,
519 (nat_interface_is_inside(i) &&
520 nat_interface_is_outside(i)) ?
"in out" :
521 (nat_interface_is_inside(i) ?
"in" :
"out"));
526 vlib_cli_output (vm,
" %U output-feature %s",
527 format_vnet_sw_if_index_name, vnm,
529 (nat_interface_is_inside(i) &&
530 nat_interface_is_outside(i)) ?
"in out" :
531 (nat_interface_is_inside(i) ?
"in" :
"out"));
547 u32 l_port = 0, e_port = 0, vrf_id = ~0;
550 u32 sw_if_index = ~0;
579 else if (
unformat (line_input,
"external %U %u",
584 else if (
unformat (line_input,
"external %U",
587 else if (
unformat (line_input,
"vrf %u", &vrf_id))
591 else if (
unformat (line_input,
"twice-nat"))
593 else if (
unformat (line_input,
"self-twice-nat"))
595 else if (
unformat (line_input,
"out2in-only"))
597 else if (
unformat (line_input,
"del"))
607 if (twice_nat && addr_only)
613 if (!addr_only && !proto_set)
620 vrf_id, addr_only, sw_if_index, proto, is_add,
621 twice_nat, out2in_only, 0);
625 case VNET_API_ERROR_INVALID_VALUE:
628 case VNET_API_ERROR_NO_SUCH_ENTRY:
634 case VNET_API_ERROR_NO_SUCH_FIB:
637 case VNET_API_ERROR_VALUE_EXIST:
640 case VNET_API_ERROR_FEATURE_DISABLED:
643 "twice-nat/out2in-only available only for endpoint-dependent mode.");
664 u32 port = 0, vrf_id = ~0;
667 u32 sw_if_index = ~0;
685 else if (
unformat (line_input,
"external %U",
688 else if (
unformat (line_input,
"vrf %u", &vrf_id))
693 else if (
unformat (line_input,
"del"))
704 vrf_id, addr_only, sw_if_index, proto, is_add,
709 case VNET_API_ERROR_INVALID_VALUE:
712 case VNET_API_ERROR_NO_SUCH_ENTRY:
718 case VNET_API_ERROR_NO_SUCH_FIB:
721 case VNET_API_ERROR_VALUE_EXIST:
743 u32 l_port = 0, e_port = 0, vrf_id = 0, probability = 0;
761 if (
unformat (line_input,
"local %U:%u probability %u",
764 memset (&local, 0,
sizeof (local));
766 local.port = (
u16) l_port;
767 local.probability = (
u8) probability;
773 else if (
unformat (line_input,
"vrf %u", &vrf_id))
778 else if (
unformat (line_input,
"twice-nat"))
780 else if (
unformat (line_input,
"self-twice-nat"))
782 else if (
unformat (line_input,
"out2in-only"))
784 else if (
unformat (line_input,
"del"))
807 locals, is_add, twice_nat,
812 case VNET_API_ERROR_INVALID_VALUE:
815 case VNET_API_ERROR_NO_SUCH_ENTRY:
821 case VNET_API_ERROR_VALUE_EXIST:
824 case VNET_API_ERROR_FEATURE_DISABLED:
855 vlib_cli_output (vm,
" %U", format_snat_static_mapping, m);
889 else if (
unformat (line_input,
"twice-nat"))
891 else if (
unformat (line_input,
"del"))
977 vlib_cli_output (vm,
" %U", format_snat_user, tsm, u, verbose);
992 int is_in = 0, is_ed = 0;
1012 else if (
unformat (line_input,
"in"))
1017 else if (
unformat (line_input,
"out"))
1022 else if (
unformat (line_input,
"vrf %u", &vrf_id))
1027 &eh_addr, &eh_port))
1067 u8 forwarding_enable;
1068 u8 forwarding_enable_set = 0;
1080 if (!forwarding_enable_set &&
unformat (line_input,
"enable"))
1082 forwarding_enable = 1;
1083 forwarding_enable_set = 1;
1085 else if (!forwarding_enable_set &&
unformat (line_input,
"disable"))
1087 forwarding_enable = 0;
1088 forwarding_enable_set = 1;
1098 if (!forwarding_enable_set)
1119 u32 in_plen, out_plen;
1140 else if (
unformat (line_input,
"del"))
1180 vlib_cli_output (vm,
" in %U/%d out %U/%d\n",
1181 format_ip4_address, &dm->in_addr, dm->in_plen,
1182 format_ip4_address, &dm->out_addr, dm->out_plen);
1183 vlib_cli_output (vm,
" outside address sharing ratio: %d\n",
1185 vlib_cli_output (vm,
" number of ports per inside host: %d\n",
1186 dm->ports_per_host);
1187 vlib_cli_output (vm,
" sessions number: %d\n", dm->ses_num);
1273 if (out_port < 1024 || out_port > 65535)
1313 else if (
unformat (line_input,
"tcp-established %u",
1316 else if (
unformat (line_input,
"tcp-transitory %u",
1321 else if (
unformat (line_input,
"reset"))
1379 vec_foreach_index (i, dm->sessions)
1381 ses = vec_elt_at_index (dm->sessions, i);
1383 vlib_cli_output (vm,
" %U", format_det_map_ses, dm, ses, &i);
1398 u32 out_port, ext_port;
1413 if (
unformat (line_input,
"%U:%d %U:%d",
1457 u32 in_port, ext_port;
1472 if (
unformat (line_input,
"%U:%d %U:%d",
1516 .path =
"set nat workers",
1518 .short_help =
"set nat workers <workers-list>",
1532 .path =
"show nat workers",
1533 .short_help =
"show nat workers",
1547 .path =
"nat ipfix logging",
1549 .short_help =
"nat ipfix logging [domain <domain-id>] [src-port <port>] [disable]",
1563 .path =
"nat addr-port-assignment-alg",
1564 .short_help =
"nat addr-port-assignment-alg <alg-name> [<alg-params>]",
1575 .path =
"show nat44 hash tables",
1576 .short_help =
"show nat44 hash tables [detail|verbose]",
1592 .path =
"nat44 add address",
1593 .short_help =
"nat44 add address <ip4-range-start> [- <ip4-range-end>] " 1594 "[tenant-vrf <vrf-id>] [twice-nat] [del]",
1623 .path =
"show nat44 addresses",
1624 .short_help =
"show nat44 addresses",
1639 .path =
"set interface nat44",
1641 .short_help =
"set interface nat44 in <intfc> out <intfc> [output-feature] " 1656 .path =
"show nat44 interfaces",
1657 .short_help =
"show nat44 interfaces",
1676 .path =
"nat44 add static mapping",
1679 "nat44 add static mapping tcp|udp|icmp local <addr> [<port>] " 1680 "external <addr> [<port>] [vrf <table-id>] [twice-nat|self-twice-nat] " 1681 "[out2in-only] [del]",
1698 .path =
"nat44 add identity mapping",
1700 .short_help =
"nat44 add identity mapping <interface>|<ip4-addr> " 1701 "[<protocol> <port>] [vrf <table-id>] [del]",
1715 .path =
"nat44 add load-balancing static mapping",
1718 "nat44 add load-balancing static mapping protocol tcp|udp " 1719 "external <addr>:<port> local <addr>:<port> probability <n> " 1720 "[twice-nat|self-twice-nat] [vrf <table-id>] [out2in-only] [del]",
1739 .path =
"show nat44 static mappings",
1740 .short_help =
"show nat44 static mappings",
1753 .path =
"nat44 add interface address",
1754 .short_help =
"nat44 add interface address <interface> [twice-nat] [del]",
1770 .path =
"show nat44 interface address",
1771 .short_help =
"show nat44 interface address",
1782 .path =
"show nat44 sessions",
1783 .short_help =
"show nat44 sessions [detail]",
1797 .path =
"nat44 del session",
1798 .short_help =
"nat44 del session in|out <addr>:<port> tcp|udp|icmp [vrf <id>] [external-host <addr>:<port>]",
1815 .path =
"nat44 forwarding",
1816 .short_help =
"nat44 forwarding enable|disable",
1832 .path =
"nat44 deterministic add",
1833 .short_help =
"nat44 deterministic add in <addr>/<plen> out <addr>/<plen> [del]",
1850 .path =
"show nat44 deterministic mappings",
1851 .short_help =
"show nat44 deterministic mappings",
1866 .path =
"nat44 deterministic forward",
1867 .short_help =
"nat44 deterministic forward <addr>",
1881 .path =
"nat44 deterministic reverse",
1882 .short_help =
"nat44 deterministic reverse <addr>:<port>",
1897 .path =
"set nat44 deterministic timeout",
1900 "set nat44 deterministic timeout [udp <sec> | tcp-established <sec> " 1901 "tcp-transitory <sec> | icmp <sec> | reset]",
1916 .path =
"show nat44 deterministic timeouts",
1917 .short_help =
"show nat44 deterministic timeouts",
1933 .path =
"show nat44 deterministic sessions",
1934 .short_help =
"show nat44 deterministic sessions",
1947 .path =
"nat44 deterministic close session out",
1948 .short_help =
"nat44 deterministic close session out " 1949 "<out_addr>:<out_port> <ext_addr>:<ext_port>",
1962 .path =
"nat44 deterministic close session in",
1963 .short_help =
"nat44 deterministic close session in " 1964 "<in_addr>:<in_port> <ext_addr>:<ext_port>",
static clib_error_t * add_address_command_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
static clib_error_t * snat_det_reverse_command_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
#define nat_log_info(...)
#define vec_foreach_index(var, v)
Iterate over vector indices.
static clib_error_t * nat44_show_sessions_command_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
int snat_del_address(snat_main_t *sm, ip4_address_t addr, u8 delete_sm, u8 twice_nat)
int snat_add_static_mapping(ip4_address_t l_addr, ip4_address_t e_addr, u16 l_port, u16 e_port, u32 vrf_id, int addr_only, u32 sw_if_index, snat_protocol_t proto, int is_add, twice_nat_type_t twice_nat, u8 out2in_only, u8 *tag)
Add static mapping.
vnet_main_t * vnet_get_main(void)
#define SNAT_TCP_ESTABLISHED_TIMEOUT
int nat44_add_del_lb_static_mapping(ip4_address_t e_addr, u16 e_port, snat_protocol_t proto, u32 vrf_id, nat44_lb_addr_port_t *locals, u8 is_add, twice_nat_type_t twice_nat, u8 out2in_only, u8 *tag)
#define vec_add1(V, E)
Add 1 element to end of vector (unspecified alignment).
static void snat_det_ses_close(snat_det_map_t *dm, snat_det_session_t *ses)
static snat_det_session_t * snat_det_find_ses_by_in(snat_det_map_t *dm, ip4_address_t *in_addr, u16 in_port, snat_det_out_key_t out_key)
static void snat_det_forward(snat_det_map_t *dm, ip4_address_t *in_addr, ip4_address_t *out_addr, u16 *lo_port)
int nat44_del_ed_session(snat_main_t *sm, ip4_address_t *addr, u16 port, ip4_address_t *eh_addr, u16 eh_port, u8 proto, u32 vrf_id, int is_in)
unformat_function_t unformat_vnet_sw_interface
snat_det_map_t * det_maps
static clib_error_t * add_identity_mapping_command_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
static void snat_det_reverse(snat_det_map_t *dm, ip4_address_t *out_addr, u16 out_port, ip4_address_t *in_addr)
static clib_error_t * snat_det_close_session_out_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
format_function_t format_vnet_sw_if_index_name
int snat_interface_add_del(u32 sw_if_index, u8 is_inside, int is_del)
clib_bihash_8_8_t user_hash
static clib_error_t * nat44_show_hash_commnad_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
#define pool_foreach(VAR, POOL, BODY)
Iterate through pool.
static clib_error_t * snat_det_map_command_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
ip4_address_t ext_host_addr
int snat_add_address(snat_main_t *sm, ip4_address_t *addr, u32 vrf_id, u8 twice_nat)
static clib_error_t * snat_det_close_session_in_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
static clib_error_t * snat_det_forward_command_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
#define vec_elt_at_index(v, i)
Get vector value at index i checking that i is in bounds.
#define clib_error_return(e, args...)
int snat_ipfix_logging_enable_disable(int enable, u32 domain_id, u16 src_port)
Enable/disable NAT plugin IPFIX logging.
static clib_error_t * nat44_set_alloc_addr_and_port_alg_command_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
u32 * auto_add_sw_if_indices_twice_nat
vlib_worker_thread_t * vlib_worker_threads
static clib_error_t * nat44_show_addresses_command_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
clib_bihash_16_8_t out2in_ed
static snat_det_map_t * snat_det_map_by_out(snat_main_t *sm, ip4_address_t *out_addr)
static clib_error_t * snat_forwarding_set_command_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
static clib_error_t * nat44_det_show_sessions_command_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
snat_static_mapping_t * static_mappings
clib_bihash_8_8_t static_mapping_by_external
static clib_error_t * snat_feature_command_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
void nat_set_alloc_addr_and_port_default(void)
static clib_error_t * nat44_det_show_timeouts_command_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
snat_interface_t * output_feature_interfaces
static clib_error_t * add_lb_static_mapping_command_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
static u8 snat_proto_to_ip_proto(snat_protocol_t snat_proto)
static clib_error_t * snat_ipfix_logging_enable_disable_command_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
u32 ft_table_id
Table ID (hash key) for this FIB.
static clib_error_t * nat_show_workers_commnad_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
static clib_error_t * nat44_show_interfaces_command_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
void nat44_add_del_address_dpo(ip4_address_t addr, u8 is_add)
#define vec_free(V)
Free vector's memory (no header).
deterministic NAT definitions
format_function_t format_snat_static_map_to_resolve
int snat_interface_add_del_output_feature(u32 sw_if_index, u8 is_inside, int is_del)
static clib_error_t * set_timeout_command_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
u32 tcp_transitory_timeout
int snat_det_add_map(snat_main_t *sm, ip4_address_t *in_addr, u8 in_plen, ip4_address_t *out_addr, u8 out_plen, int is_add)
Add/delete deterministic NAT mapping.
#define VLIB_CLI_COMMAND(x,...)
u32 * auto_add_sw_if_indices
static snat_det_map_t * snat_det_map_by_user(snat_main_t *sm, ip4_address_t *user_addr)
static clib_error_t * add_static_mapping_command_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
#define clib_bitmap_free(v)
Free a bitmap.
int nat44_del_session(snat_main_t *sm, ip4_address_t *addr, u16 port, snat_protocol_t proto, u32 vrf_id, int is_in)
snat_address_t * twice_nat_addresses
static clib_error_t * nat44_del_session_command_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
void increment_v4_address(ip4_address_t *a)
#define vec_len(v)
Number of elements in vector (rvalue-only, NULL tolerant)
#define UNSUPPORTED_IN_DET_MODE_STR
static uword unformat_bitmap_list(unformat_input_t *input, va_list *va)
unformat a list of bit ranges into a bitmap (eg "0-3,5-7,11" )
static clib_error_t * snat_add_interface_address_command_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
snat_main_per_thread_data_t * per_thread_data
fib_table_t * fib_table_get(fib_node_index_t index, fib_protocol_t proto)
Get a pointer to a FIB table.
snat_address_t * addresses
int snat_add_interface_address(snat_main_t *sm, u32 sw_if_index, int is_del, u8 twice_nat)
static clib_error_t * nat44_show_interface_address_command_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
static clib_error_t * nat44_show_static_mappings_command_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
#define SNAT_ICMP_TIMEOUT
uword unformat_snat_protocol(unformat_input_t *input, va_list *args)
static snat_det_session_t * snat_det_get_ses_by_out(snat_det_map_t *dm, ip4_address_t *in_addr, u64 out_key)
snat_static_map_resolve_t * to_resolve
#define SUPPORTED_ONLY_IN_DET_MODE_STR
#define vec_foreach(var, vec)
Vector iterator.
int snat_set_workers(uword *bitmap)
clib_bihash_16_8_t in2out_ed
void nat_set_alloc_addr_and_port_mape(u16 psid, u16 psid_offset, u16 psid_length)
#define SNAT_TCP_TRANSITORY_TIMEOUT
void vlib_cli_output(vlib_main_t *vm, char *fmt,...)
clib_bihash_8_8_t static_mapping_by_local
static clib_error_t * nat44_det_show_mappings_command_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
static clib_error_t * set_workers_command_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
snat_interface_t * interfaces
u32 tcp_established_timeout