18 #ifndef __included_nat_h__ 19 #define __included_nat_h__ 34 #define SNAT_UDP_TIMEOUT 300 35 #define SNAT_UDP_TIMEOUT_MIN 120 36 #define SNAT_TCP_TRANSITORY_TIMEOUT 240 37 #define SNAT_TCP_ESTABLISHED_TIMEOUT 7440 38 #define SNAT_TCP_INCOMING_SYN 6 39 #define SNAT_ICMP_TIMEOUT 60 41 #define NAT_FQ_NELTS 64 43 #define SNAT_FLAG_HAIRPINNING (1 << 0) 102 #define foreach_snat_protocol \ 103 _(UDP, 0, udp, "udp") \ 104 _(TCP, 1, tcp, "tcp") \ 105 _(ICMP, 2, icmp, "icmp") 108 #define _(N, i, n, s) SNAT_PROTOCOL_##N = i, 114 #define foreach_snat_session_state \ 115 _(0, UNKNOWN, "unknown") \ 116 _(1, UDP_ACTIVE, "udp-active") \ 117 _(2, TCP_SYN_SENT, "tcp-syn-sent") \ 118 _(3, TCP_ESTABLISHED, "tcp-established") \ 119 _(4, TCP_FIN_WAIT, "tcp-fin-wait") \ 120 _(5, TCP_CLOSE_WAIT, "tcp-close-wait") \ 121 _(6, TCP_CLOSING, "tcp-closing") \ 122 _(7, TCP_LAST_ACK, "tcp-last-ack") \ 123 _(8, TCP_CLOSED, "tcp-closed") \ 124 _(9, ICMP_ACTIVE, "icmp-active") 127 #define _(v, N, s) SNAT_SESSION_##N = v, 132 #define NAT44_SES_I2O_FIN 1 133 #define NAT44_SES_O2I_FIN 2 134 #define NAT44_SES_I2O_FIN_ACK 4 135 #define NAT44_SES_O2I_FIN_ACK 8 137 #define nat44_is_ses_closed(s) s->state == 0xf 139 #define SNAT_SESSION_FLAG_STATIC_MAPPING 1 140 #define SNAT_SESSION_FLAG_UNKNOWN_PROTO 2 141 #define SNAT_SESSION_FLAG_LOAD_BALANCING 4 142 #define SNAT_SESSION_FLAG_TWICE_NAT 8 143 #define SNAT_SESSION_FLAG_ENDPOINT_DEPENDENT 16 144 #define SNAT_SESSION_FLAG_FWD_BYPASS 32 146 #define NAT_INTERFACE_FLAG_IS_INSIDE 1 147 #define NAT_INTERFACE_FLAG_IS_OUTSIDE 2 159 u32 per_user_list_head_index;
169 u32 outside_address_index;
177 u16 ext_host_nat_port;
197 #define _(N, i, n, s) \ 198 u16 busy_##n##_ports; \ 199 u16 * busy_##n##_ports_per_thread; \ 200 uword * busy_##n##_port_bitmap; 304 u8 *p_dont_translate,
314 u32 * address_indexp,
316 u32 snat_thread_index);
451 u32 * address_indexp,
453 u32 snat_thread_index);
460 twice_nat_type_t *twice_nat,
483 #define snat_is_session_static(s) (s->flags & SNAT_SESSION_FLAG_STATIC_MAPPING) 489 #define snat_is_unk_proto_session(s) (s->flags & SNAT_SESSION_FLAG_UNKNOWN_PROTO) 495 #define is_twice_nat_session(s) (s->flags & SNAT_SESSION_FLAG_TWICE_NAT) 501 #define is_lb_session(s) (s->flags & SNAT_SESSION_FLAG_LOAD_BALANCING) 507 #define is_fwd_bypass_session(s) (s->flags & SNAT_SESSION_FLAG_FWD_BYPASS) 513 #define is_ed_session(s) (s->flags & SNAT_SESSION_FLAG_ENDPOINT_DEPENDENT) 515 #define nat_interface_is_inside(i) i->flags & NAT_INTERFACE_FLAG_IS_INSIDE 516 #define nat_interface_is_outside(i) i->flags & NAT_INTERFACE_FLAG_IS_OUTSIDE 518 #define nat_log_err(...) \ 519 vlib_log(VLIB_LOG_LEVEL_ERR, snat_main.log_class, __VA_ARGS__) 520 #define nat_log_warn(...) \ 521 vlib_log(VLIB_LOG_LEVEL_WARNING, snat_main.log_class, __VA_ARGS__) 522 #define nat_log_notice(...) \ 523 vlib_log(VLIB_LOG_LEVEL_NOTICE, snat_main.log_class, __VA_ARGS__) 524 #define nat_log_info(...) \ 525 vlib_log(VLIB_LOG_LEVEL_INFO, snat_main.log_class, __VA_ARGS__) 526 #define nat_log_debug(...)\ 527 vlib_log(VLIB_LOG_LEVEL_DEBUG, snat_main.log_class, __VA_ARGS__) 548 u8 *p_dont_translate,
void *d,
void *e);
553 u8 *p_dont_translate,
void *d,
void *e);
558 u8 *p_dont_translate,
void *d,
void *e);
563 u8 *p_dont_translate,
void *d,
void *e);
568 u8 *p_dont_translate,
void *d,
void *e);
573 u8 *p_dont_translate,
void *d,
void *e);
578 u8 *p_dont_translate,
void *d,
void *e);
583 u8 *p_dont_translate,
void *d,
void *e);
591 u16 l_port,
u16 e_port,
u32 vrf_id,
int addr_only,
592 u32 sw_if_index, snat_protocol_t proto,
int is_add,
593 twice_nat_type_t twice_nat,
u8 out2in_only,
605 snat_protocol_t proto,
u32 vrf_id,
607 twice_nat_type_t twice_nat,
u8 out2in_only,
610 snat_protocol_t proto,
u32 vrf_id,
int is_in);
613 u32 vrf_id,
int is_in);
617 u32 fib_index,
u32 thread_index);
ip4_address_t external_addr
int snat_del_address(snat_main_t *sm, ip4_address_t addr, u8 delete_sm, u8 twice_nat)
clib_error_t * snat_api_init(vlib_main_t *vm, snat_main_t *sm)
vlib_node_registration_t snat_hairpin_src_node
(constructor) VLIB_REGISTER_NODE (snat_hairpin_src_node)
void nat_free_session_data(snat_main_t *sm, snat_session_t *s, u32 thread_index)
u32 sessions_per_user_list_head_index
int snat_interface_add_del(u32 sw_if_index, u8 is_inside, int is_del)
u32 fq_in2out_output_index
u32 icmp_match_in2out_det(snat_main_t *sm, vlib_node_runtime_t *node, u32 thread_index, vlib_buffer_t *b0, ip4_header_t *ip0, u8 *p_proto, snat_session_key_t *p_value, u8 *p_dont_translate, void *d, void *e)
Get address and port values to be used for ICMP packet translation and create session if needed...
#define foreach_snat_session_state
int snat_add_interface_address(snat_main_t *sm, u32 sw_if_index, int is_del, u8 twice_nat)
u32 icmp_match_out2in_slow(snat_main_t *sm, vlib_node_runtime_t *node, u32 thread_index, vlib_buffer_t *b0, ip4_header_t *ip0, u8 *p_proto, snat_session_key_t *p_value, u8 *p_dont_translate, void *d, void *e)
Get address and port values to be used for ICMP packet translation and create session if needed...
vlib_node_registration_t nat44_ed_in2out_node
(constructor) VLIB_REGISTER_NODE (nat44_ed_in2out_node)
format_function_t format_det_map_ses
vlib_node_registration_t snat_det_out2in_node
(constructor) VLIB_REGISTER_NODE (snat_det_out2in_node)
vlib_node_registration_t nat44_ed_hairpin_src_node
(constructor) VLIB_REGISTER_NODE (nat44_ed_hairpin_src_node)
format_function_t format_snat_static_mapping
snat_det_map_t * det_maps
int nat44_add_del_lb_static_mapping(ip4_address_t e_addr, u16 e_port, snat_protocol_t proto, u32 vrf_id, nat44_lb_addr_port_t *locals, u8 is_add, twice_nat_type_t twice_nat, u8 out2in_only, u8 *tag)
nat_alloc_out_addr_and_port_function_t * alloc_addr_and_port
#define foreach_snat_protocol
u32 icmp_match_out2in_ed(snat_main_t *sm, vlib_node_runtime_t *node, u32 thread_index, vlib_buffer_t *b0, ip4_header_t *ip0, u8 *p_proto, snat_session_key_t *p_value, u8 *p_dont_translate, void *d, void *e)
nat44_lb_addr_port_t * locals
int snat_set_workers(uword *bitmap)
clib_bihash_8_8_t user_hash
u32 snat_icmp_match_function_t(struct snat_main_s *sm, vlib_node_runtime_t *node, u32 thread_index, vlib_buffer_t *b0, ip4_header_t *ip0, u8 *p_proto, snat_session_key_t *p_value, u8 *p_dont_translate, void *d, void *e)
void nat_set_alloc_addr_and_port_mape(u16 psid, u16 psid_offset, u16 psid_length)
u32 max_translations_per_user
u32( snat_get_worker_function_t)(ip4_header_t *ip, u32 rx_fib_index)
u32 in2out_output_node_index
vlib_node_registration_t snat_out2in_node
(constructor) VLIB_REGISTER_NODE (snat_out2in_node)
ip4_address_t ext_host_addr
int nat_alloc_out_addr_and_port_function_t(snat_address_t *addresses, u32 fib_index, u32 thread_index, snat_session_key_t *k, u32 *address_indexp, u16 port_per_thread, u32 snat_thread_index)
int snat_static_mapping_match(snat_main_t *sm, snat_session_key_t match, snat_session_key_t *mapping, u8 by_external, u8 *is_addr_only, twice_nat_type_t *twice_nat, u8 *lb)
Match NAT44 static mapping.
int snat_add_address(snat_main_t *sm, ip4_address_t *addr, u32 vrf_id, u8 twice_nat)
vlib_node_registration_t snat_in2out_output_node
(constructor) VLIB_REGISTER_NODE (snat_in2out_output_node)
vlib_node_registration_t snat_in2out_output_worker_handoff_node
(constructor) VLIB_REGISTER_NODE (snat_in2out_output_worker_handoff_node)
uword unformat_snat_protocol(unformat_input_t *input, va_list *args)
u32 icmp_match_out2in_det(snat_main_t *sm, vlib_node_runtime_t *node, u32 thread_index, vlib_buffer_t *b0, ip4_header_t *ip0, u8 *p_proto, snat_session_key_t *p_value, u8 *p_dont_translate, void *d, void *e)
Get address and port values to be used for ICMP packet translation and create session if needed...
vlib_node_registration_t snat_out2in_fast_node
(constructor) VLIB_REGISTER_NODE (snat_out2in_fast_node)
twice_nat_type_t twice_nat
u32 * auto_add_sw_if_indices_twice_nat
vlib_node_registration_t nat44_ed_out2in_node
(constructor) VLIB_REGISTER_NODE (nat44_ed_out2in_node)
vlib_node_registration_t snat_hairpin_dst_node
(constructor) VLIB_REGISTER_NODE (snat_hairpin_dst_node)
void snat_free_outside_address_and_port(snat_address_t *addresses, u32 thread_index, snat_session_key_t *k, u32 address_index)
clib_bihash_16_8_t out2in_ed
snat_det_session_t * sessions
int snat_alloc_outside_address_and_port(snat_address_t *addresses, u32 fib_index, u32 thread_index, snat_session_key_t *k, u32 *address_indexp, u16 port_per_thread, u32 snat_thread_index)
snat_static_mapping_t * static_mappings
int nat44_del_ed_session(snat_main_t *sm, ip4_address_t *addr, u16 port, ip4_address_t *eh_addr, u16 eh_port, u8 proto, u32 vrf_id, int is_in)
vlib_node_registration_t nat44_ed_out2in_worker_handoff_node
void nat_set_alloc_addr_and_port_default(void)
void snat_add_del_addr_to_fib(ip4_address_t *addr, u8 p_len, u32 sw_if_index, int is_add)
Add/del NAT address to FIB.
clib_bihash_8_8_t static_mapping_by_external
int snat_add_static_mapping(ip4_address_t l_addr, ip4_address_t e_addr, u16 l_port, u16 e_port, u32 vrf_id, int addr_only, u32 sw_if_index, snat_protocol_t proto, int is_add, twice_nat_type_t twice_nat, u8 out2in_only, u8 *tag)
Add static mapping.
struct snat_main_s snat_main_t
snat_session_t * nat_session_alloc_or_recycle(snat_main_t *sm, snat_user_t *u, u32 thread_index)
vlib_node_registration_t nat44_ed_in2out_worker_handoff_node
API main structure, used by both vpp and binary API clients.
snat_interface_t * output_feature_interfaces
vlib_node_registration_t snat_det_in2out_node
(constructor) VLIB_REGISTER_NODE (snat_det_in2out_node)
u8 static_mapping_connection_tracking
snat_get_worker_function_t * worker_in2out_cb
format_function_t format_snat_static_map_to_resolve
typedef CLIB_PACKED(struct{snat_session_key_t out2in;snat_session_key_t in2out;u32 flags;u32 per_user_index;u32 per_user_list_head_index;f64 last_heard;u64 total_bytes;u32 total_pkts;u32 outside_address_index;ip4_address_t ext_host_addr;u16 ext_host_port;ip4_address_t ext_host_nat_addr;u16 ext_host_nat_port;u8 state;u32 i2o_fin_seq;u32 o2i_fin_seq;}) snat_session_t
snat_user_t * nat_user_get_or_create(snat_main_t *sm, ip4_address_t *addr, u32 fib_index, u32 thread_index)
void increment_v4_address(ip4_address_t *a)
u32 tcp_transitory_timeout
u32 * auto_add_sw_if_indices
void nat44_add_del_address_dpo(ip4_address_t addr, u8 is_add)
u32 icmp_match_in2out_slow(snat_main_t *sm, vlib_node_runtime_t *node, u32 thread_index, vlib_buffer_t *b0, ip4_header_t *ip0, u8 *p_proto, snat_session_key_t *p_value, u8 *p_dont_translate, void *d, void *e)
Get address and port values to be used for ICMP packet translation and create session if needed...
snat_get_worker_function_t * worker_out2in_cb
snat_icmp_match_function_t * icmp_match_out2in_cb
vlib_log_class_t log_class
vhost_vring_state_t state
vlib_node_registration_t snat_out2in_worker_handoff_node
(constructor) VLIB_REGISTER_NODE (snat_out2in_worker_handoff_node)
snat_address_t * twice_nat_addresses
u32 icmp_match_out2in_fast(snat_main_t *sm, vlib_node_runtime_t *node, u32 thread_index, vlib_buffer_t *b0, ip4_header_t *ip0, u8 *p_proto, snat_session_key_t *p_value, u8 *p_dont_translate, void *d, void *e)
Get address and port values to be used for ICMP packet translation.
format_function_t format_snat_session
struct _vlib_node_registration vlib_node_registration_t
vlib_node_registration_t nat44_ed_hairpin_dst_node
(constructor) VLIB_REGISTER_NODE (nat44_ed_hairpin_dst_node)
snat_main_per_thread_data_t * per_thread_data
u32 icmp_match_in2out_ed(snat_main_t *sm, vlib_node_runtime_t *node, u32 thread_index, vlib_buffer_t *b0, ip4_header_t *ip0, u8 *p_proto, snat_session_key_t *p_value, u8 *p_dont_translate, void *d, void *e)
snat_address_t * addresses
format_function_t format_snat_user
snat_static_map_resolve_t * to_resolve
vlib_node_registration_t snat_in2out_worker_handoff_node
(constructor) VLIB_REGISTER_NODE (snat_in2out_worker_handoff_node)
vlib_node_registration_t snat_in2out_fast_node
(constructor) VLIB_REGISTER_NODE (snat_in2out_fast_node)
u32 translation_memory_size
int snat_interface_add_del_output_feature(u32 sw_if_index, u8 is_inside, int is_del)
vlib_node_registration_t nat44_ed_in2out_output_worker_handoff_node
clib_bihash_16_8_t in2out_ed
vlib_node_registration_t snat_in2out_node
(constructor) VLIB_REGISTER_NODE (snat_in2out_node)
u8 * format_snat_protocol(u8 *s, va_list *args)
vlib_node_registration_t nat44_ed_in2out_output_node
(constructor) VLIB_REGISTER_NODE (nat44_ed_in2out_output_node)
ip_lookup_main_t * ip4_lookup_main
u32 icmp_match_in2out_fast(snat_main_t *sm, vlib_node_runtime_t *node, u32 thread_index, vlib_buffer_t *b0, ip4_header_t *ip0, u8 *p_proto, snat_session_key_t *p_value, u8 *p_dont_translate, void *d, void *e)
Get address and port values to be used for ICMP packet translation.
snat_session_t * sessions
snat_icmp_match_function_t * icmp_match_in2out_cb
clib_bihash_8_8_t static_mapping_by_local
int nat44_del_session(snat_main_t *sm, ip4_address_t *addr, u16 port, snat_protocol_t proto, u32 vrf_id, int is_in)
snat_interface_t * interfaces
u32 tcp_established_timeout