FD.io VPP  v19.01.3-6-g70449b9b9
Vector Packet Processing
nat.h File Reference
+ Include dependency graph for nat.h:
+ This graph shows which files directly or indirectly include this file:

Go to the source code of this file.

Data Structures

struct  snat_session_key_t
 
struct  nat_ed_ses_key_t
 
struct  snat_det_out_key_t
 
struct  snat_user_key_t
 
struct  nat44_reass_trace_t
 
struct  snat_user_t
 
struct  snat_address_t
 
struct  nat_outside_fib_t
 
struct  snat_det_session_t
 
struct  snat_det_map_t
 
struct  nat44_lb_addr_port_t
 
struct  snat_static_mapping_t
 
struct  snat_interface_t
 
struct  snat_static_map_resolve_t
 
struct  snat_main_per_thread_data_t
 
struct  snat_main_s
 
struct  nat44_is_idle_session_ctx_t
 
struct  snat_runtime_t
 
struct  icmp_echo_header_t
 
struct  tcp_udp_header_t
 

Macros

#define SNAT_UDP_TIMEOUT   300
 
#define SNAT_TCP_TRANSITORY_TIMEOUT   240
 
#define SNAT_TCP_ESTABLISHED_TIMEOUT   7440
 
#define SNAT_ICMP_TIMEOUT   60
 
#define NAT_FQ_NELTS   64
 
#define SNAT_FLAG_HAIRPINNING   (1 << 0)
 
#define foreach_nat_addr_and_port_alloc_alg
 
#define foreach_snat_protocol
 
#define foreach_snat_session_state
 
#define NAT44_SES_I2O_FIN   1
 
#define NAT44_SES_O2I_FIN   2
 
#define NAT44_SES_I2O_FIN_ACK   4
 
#define NAT44_SES_O2I_FIN_ACK   8
 
#define NAT44_SES_I2O_SYN   16
 
#define NAT44_SES_O2I_SYN   32
 
#define NAT44_SES_RST   64
 
#define SNAT_SESSION_FLAG_STATIC_MAPPING   1
 
#define SNAT_SESSION_FLAG_UNKNOWN_PROTO   2
 
#define SNAT_SESSION_FLAG_LOAD_BALANCING   4
 
#define SNAT_SESSION_FLAG_TWICE_NAT   8
 
#define SNAT_SESSION_FLAG_ENDPOINT_DEPENDENT   16
 
#define SNAT_SESSION_FLAG_FWD_BYPASS   32
 
#define SNAT_SESSION_FLAG_AFFINITY   64
 
#define SNAT_SESSION_FLAG_OUTPUT_FEATURE   128
 
#define NAT_INTERFACE_FLAG_IS_INSIDE   1
 
#define NAT_INTERFACE_FLAG_IS_OUTSIDE   2
 
#define NAT_STATIC_MAPPING_FLAG_ADDR_ONLY   1
 
#define NAT_STATIC_MAPPING_FLAG_OUT2IN_ONLY   2
 
#define NAT_STATIC_MAPPING_FLAG_IDENTITY_NAT   4
 
#define NAT_STATIC_MAPPING_FLAG_LB   8
 
#define snat_is_session_static(s)   (s->flags & SNAT_SESSION_FLAG_STATIC_MAPPING)
 Check if SNAT session is created from static mapping. More...
 
#define snat_is_unk_proto_session(s)   (s->flags & SNAT_SESSION_FLAG_UNKNOWN_PROTO)
 Check if SNAT session for unknown protocol. More...
 
#define is_twice_nat_session(s)   (s->flags & SNAT_SESSION_FLAG_TWICE_NAT)
 Check if NAT session is twice NAT. More...
 
#define is_lb_session(s)   (s->flags & SNAT_SESSION_FLAG_LOAD_BALANCING)
 Check if NAT session is load-balancing. More...
 
#define is_fwd_bypass_session(s)   (s->flags & SNAT_SESSION_FLAG_FWD_BYPASS)
 Check if NAT session is forwarding bypass. More...
 
#define is_ed_session(s)   (s->flags & SNAT_SESSION_FLAG_ENDPOINT_DEPENDENT)
 Check if NAT session is endpoint dependent. More...
 
#define is_affinity_sessions(s)   (s->flags & SNAT_SESSION_FLAG_AFFINITY)
 Check if NAT session has affinity record. More...
 
#define nat_interface_is_inside(i)   i->flags & NAT_INTERFACE_FLAG_IS_INSIDE
 Check if NAT interface is inside. More...
 
#define nat_interface_is_outside(i)   i->flags & NAT_INTERFACE_FLAG_IS_OUTSIDE
 Check if NAT interface is outside. More...
 
#define nat44_is_ses_closed(s)   s->state == 0xf
 Check if NAT44 endpoint-dependent TCP session is closed. More...
 
#define is_addr_only_static_mapping(sm)   (sm->flags & NAT_STATIC_MAPPING_FLAG_ADDR_ONLY)
 Check if NAT static mapping is address only (1:1NAT). More...
 
#define is_out2in_only_static_mapping(sm)   (sm->flags & NAT_STATIC_MAPPING_FLAG_OUT2IN_ONLY)
 Check if NAT static mapping match only out2in direction. More...
 
#define is_identity_static_mapping(sm)   (sm->flags & NAT_STATIC_MAPPING_FLAG_IDENTITY_NAT)
 Check if NAT static mapping is identity NAT. More...
 
#define is_lb_static_mapping(sm)   (sm->flags & NAT_STATIC_MAPPING_FLAG_LB)
 Check if NAT static mapping is load-balancing. More...
 
#define tcp_is_init(t)   ((t->flags & TCP_FLAG_SYN) && !(t->flags & TCP_FLAG_ACK))
 Check if client initiating TCP connection (received SYN from client) More...
 
#define nat_log_err(...)   vlib_log(VLIB_LOG_LEVEL_ERR, snat_main.log_class, __VA_ARGS__)
 
#define nat_log_warn(...)   vlib_log(VLIB_LOG_LEVEL_WARNING, snat_main.log_class, __VA_ARGS__)
 
#define nat_log_notice(...)   vlib_log(VLIB_LOG_LEVEL_NOTICE, snat_main.log_class, __VA_ARGS__)
 
#define nat_log_info(...)   vlib_log(VLIB_LOG_LEVEL_INFO, snat_main.log_class, __VA_ARGS__)
 
#define nat_log_debug(...)   vlib_log(VLIB_LOG_LEVEL_DEBUG, snat_main.log_class, __VA_ARGS__)
 

Typedefs

typedef u32() snat_icmp_match_function_t(struct snat_main_s *sm, vlib_node_runtime_t *node, u32 thread_index, vlib_buffer_t *b0, ip4_header_t *ip0, u8 *p_proto, snat_session_key_t *p_value, u8 *p_dont_translate, void *d, void *e)
 
typedef u32() snat_get_worker_function_t(ip4_header_t *ip, u32 rx_fib_index)
 
typedef int() nat_alloc_out_addr_and_port_function_t(snat_address_t *addresses, u32 fib_index, u32 thread_index, snat_session_key_t *k, u16 port_per_thread, u32 snat_thread_index)
 
typedef struct snat_main_s snat_main_t
 

Enumerations

enum  nat_addr_and_port_alloc_alg_t { foreach_nat_addr_and_port_alloc_alg }
 
enum  snat_protocol_t { foreach_snat_protocol }
 
enum  snat_session_state_t { foreach_snat_session_state }
 
enum  twice_nat_type_t { TWICE_NAT_DISABLED, TWICE_NAT, TWICE_NAT_SELF }
 
enum  lb_nat_type_t { NO_LB_NAT, LB_NAT, AFFINITY_LB_NAT }
 

Functions

typedef CLIB_PACKED (struct { snat_session_key_t out2in;snat_session_key_t in2out;u32 flags;u32 per_user_index;u32 per_user_list_head_index;f64 last_heard;u64 total_bytes;u32 total_pkts;ip4_address_t ext_host_addr;u16 ext_host_port;ip4_address_t ext_host_nat_addr;u16 ext_host_nat_port;u8 state;u32 i2o_fin_seq;u32 o2i_fin_seq;u32 user_index;}) snat_session_t
 
u32 icmp_match_in2out_fast (snat_main_t *sm, vlib_node_runtime_t *node, u32 thread_index, vlib_buffer_t *b0, ip4_header_t *ip0, u8 *p_proto, snat_session_key_t *p_value, u8 *p_dont_translate, void *d, void *e)
 Get address and port values to be used for ICMP packet translation. More...
 
u32 icmp_match_in2out_slow (snat_main_t *sm, vlib_node_runtime_t *node, u32 thread_index, vlib_buffer_t *b0, ip4_header_t *ip0, u8 *p_proto, snat_session_key_t *p_value, u8 *p_dont_translate, void *d, void *e)
 Get address and port values to be used for ICMP packet translation and create session if needed. More...
 
u32 icmp_match_out2in_fast (snat_main_t *sm, vlib_node_runtime_t *node, u32 thread_index, vlib_buffer_t *b0, ip4_header_t *ip0, u8 *p_proto, snat_session_key_t *p_value, u8 *p_dont_translate, void *d, void *e)
 Get address and port values to be used for ICMP packet translation. More...
 
u32 icmp_match_out2in_slow (snat_main_t *sm, vlib_node_runtime_t *node, u32 thread_index, vlib_buffer_t *b0, ip4_header_t *ip0, u8 *p_proto, snat_session_key_t *p_value, u8 *p_dont_translate, void *d, void *e)
 Get address and port values to be used for ICMP packet translation and create session if needed. More...
 
u32 icmp_match_out2in_det (snat_main_t *sm, vlib_node_runtime_t *node, u32 thread_index, vlib_buffer_t *b0, ip4_header_t *ip0, u8 *p_proto, snat_session_key_t *p_value, u8 *p_dont_translate, void *d, void *e)
 Get address and port values to be used for ICMP packet translation and create session if needed. More...
 
u32 icmp_match_in2out_det (snat_main_t *sm, vlib_node_runtime_t *node, u32 thread_index, vlib_buffer_t *b0, ip4_header_t *ip0, u8 *p_proto, snat_session_key_t *p_value, u8 *p_dont_translate, void *d, void *e)
 Get address and port values to be used for ICMP packet translation and create session if needed. More...
 
u32 icmp_match_out2in_ed (snat_main_t *sm, vlib_node_runtime_t *node, u32 thread_index, vlib_buffer_t *b0, ip4_header_t *ip0, u8 *p_proto, snat_session_key_t *p_value, u8 *p_dont_translate, void *d, void *e)
 
u32 icmp_match_in2out_ed (snat_main_t *sm, vlib_node_runtime_t *node, u32 thread_index, vlib_buffer_t *b0, ip4_header_t *ip0, u8 *p_proto, snat_session_key_t *p_value, u8 *p_dont_translate, void *d, void *e)
 
u32 icmp_in2out (snat_main_t *sm, vlib_buffer_t *b0, ip4_header_t *ip0, icmp46_header_t *icmp0, u32 sw_if_index0, u32 rx_fib_index0, vlib_node_runtime_t *node, u32 next0, u32 thread_index, void *d, void *e)
 
u32 icmp_out2in (snat_main_t *sm, vlib_buffer_t *b0, ip4_header_t *ip0, icmp46_header_t *icmp0, u32 sw_if_index0, u32 rx_fib_index0, vlib_node_runtime_t *node, u32 next0, u32 thread_index, void *d, void *e)
 
u32 snat_icmp_hairpinning (snat_main_t *sm, vlib_buffer_t *b0, ip4_header_t *ip0, icmp46_header_t *icmp0, int is_ed)
 
void nat_hairpinning_sm_unknown_proto (snat_main_t *sm, vlib_buffer_t *b, ip4_header_t *ip)
 
void nat44_ed_hairpinning_unknown_proto (snat_main_t *sm, vlib_buffer_t *b, ip4_header_t *ip)
 
int snat_hairpinning (snat_main_t *sm, vlib_buffer_t *b0, ip4_header_t *ip0, udp_header_t *udp0, tcp_header_t *tcp0, u32 proto0, int is_ed)
 
void nat44_reass_hairpinning (snat_main_t *sm, vlib_buffer_t *b0, ip4_header_t *ip0, u16 sport, u16 dport, u32 proto0, int is_ed)
 
int nat44_i2o_ed_is_idle_session_cb (clib_bihash_kv_16_8_t *kv, void *arg)
 
int nat44_o2i_ed_is_idle_session_cb (clib_bihash_kv_16_8_t *kv, void *arg)
 
int nat44_i2o_is_idle_session_cb (clib_bihash_kv_8_8_t *kv, void *arg)
 
int nat44_o2i_is_idle_session_cb (clib_bihash_kv_8_8_t *kv, void *arg)
 
void increment_v4_address (ip4_address_t *a)
 Increment IPv4 address. More...
 
int snat_add_address (snat_main_t *sm, ip4_address_t *addr, u32 vrf_id, u8 twice_nat)
 Add external address to NAT44 pool. More...
 
int snat_del_address (snat_main_t *sm, ip4_address_t addr, u8 delete_sm, u8 twice_nat)
 Delete external address from NAT44 pool. More...
 
void nat44_add_del_address_dpo (ip4_address_t addr, u8 is_add)
 Add/delete external address to FIB DPO (out2in DPO mode) More...
 
int snat_add_static_mapping (ip4_address_t l_addr, ip4_address_t e_addr, u16 l_port, u16 e_port, u32 vrf_id, int addr_only, u32 sw_if_index, snat_protocol_t proto, int is_add, twice_nat_type_t twice_nat, u8 out2in_only, u8 *tag, u8 identity_nat)
 Add/delete NAT44 static mapping. More...
 
int nat44_add_del_lb_static_mapping (ip4_address_t e_addr, u16 e_port, snat_protocol_t proto, nat44_lb_addr_port_t *locals, u8 is_add, twice_nat_type_t twice_nat, u8 out2in_only, u8 *tag, u32 affinity)
 Add/delete static mapping with load-balancing (multiple backends) More...
 
int nat44_lb_static_mapping_add_del_local (ip4_address_t e_addr, u16 e_port, ip4_address_t l_addr, u16 l_port, snat_protocol_t proto, u32 vrf_id, u8 probability, u8 is_add)
 
clib_error_tsnat_api_init (vlib_main_t *vm, snat_main_t *sm)
 
int snat_set_workers (uword *bitmap)
 Set NAT plugin workers. More...
 
int snat_interface_add_del (u32 sw_if_index, u8 is_inside, int is_del)
 Enable/disable NAT44 feature on the interface. More...
 
int snat_interface_add_del_output_feature (u32 sw_if_index, u8 is_inside, int is_del)
 Enable/disable NAT44 output feature on the interface (postrouting NAT) More...
 
int snat_add_interface_address (snat_main_t *sm, u32 sw_if_index, int is_del, u8 twice_nat)
 Add/delete NAT44 pool address from specific interfce. More...
 
int nat44_del_session (snat_main_t *sm, ip4_address_t *addr, u16 port, snat_protocol_t proto, u32 vrf_id, int is_in)
 Delete NAT44 session. More...
 
int nat44_del_ed_session (snat_main_t *sm, ip4_address_t *addr, u16 port, ip4_address_t *eh_addr, u16 eh_port, u8 proto, u32 vrf_id, int is_in)
 Delete NAT44 endpoint-dependent session. More...
 
void nat_free_session_data (snat_main_t *sm, snat_session_t *s, u32 thread_index)
 Free NAT44 session data (lookup keys, external addrres port) More...
 
snat_user_tnat_user_get_or_create (snat_main_t *sm, ip4_address_t *addr, u32 fib_index, u32 thread_index)
 Find or create NAT user. More...
 
snat_session_t * nat_session_alloc_or_recycle (snat_main_t *sm, snat_user_t *u, u32 thread_index)
 Allocate new NAT session or recycle last used. More...
 
snat_session_t * nat_ed_session_alloc (snat_main_t *sm, snat_user_t *u, u32 thread_index, f64 now)
 Allocate NAT endpoint-dependent session. More...
 
void nat_set_alloc_addr_and_port_mape (u16 psid, u16 psid_offset, u16 psid_length)
 Set address and port assignment algorithm for MAP-E CE. More...
 
void nat_set_alloc_addr_and_port_range (u16 start_port, u16 end_port)
 Set address and port assignment algorithm for port range. More...
 
void nat_set_alloc_addr_and_port_default (void)
 Set address and port assignment algorithm to default/standard. More...
 
void snat_free_outside_address_and_port (snat_address_t *addresses, u32 thread_index, snat_session_key_t *k)
 Free outside address and port pair. More...
 
int snat_alloc_outside_address_and_port (snat_address_t *addresses, u32 fib_index, u32 thread_index, snat_session_key_t *k, u16 port_per_thread, u32 snat_thread_index)
 Alloc outside address and port. More...
 
int snat_static_mapping_match (snat_main_t *sm, snat_session_key_t match, snat_session_key_t *mapping, u8 by_external, u8 *is_addr_only, twice_nat_type_t *twice_nat, lb_nat_type_t *lb, ip4_address_t *ext_host_addr, u8 *is_identity_nat)
 Match NAT44 static mapping. More...
 
void snat_add_del_addr_to_fib (ip4_address_t *addr, u8 p_len, u32 sw_if_index, int is_add)
 Add/del NAT address to FIB. More...
 

Variables

snat_main_t snat_main
 
vlib_node_registration_t snat_in2out_node
 (constructor) VLIB_REGISTER_NODE (snat_in2out_node) More...
 
vlib_node_registration_t snat_in2out_output_node
 (constructor) VLIB_REGISTER_NODE (snat_in2out_output_node) More...
 
vlib_node_registration_t snat_out2in_node
 (constructor) VLIB_REGISTER_NODE (snat_out2in_node) More...
 
vlib_node_registration_t snat_in2out_fast_node
 (constructor) VLIB_REGISTER_NODE (snat_in2out_fast_node) More...
 
vlib_node_registration_t snat_out2in_fast_node
 (constructor) VLIB_REGISTER_NODE (snat_out2in_fast_node) More...
 
vlib_node_registration_t snat_in2out_worker_handoff_node
 (constructor) VLIB_REGISTER_NODE (snat_in2out_worker_handoff_node) More...
 
vlib_node_registration_t snat_in2out_output_worker_handoff_node
 (constructor) VLIB_REGISTER_NODE (snat_in2out_output_worker_handoff_node) More...
 
vlib_node_registration_t snat_out2in_worker_handoff_node
 (constructor) VLIB_REGISTER_NODE (snat_out2in_worker_handoff_node) More...
 
vlib_node_registration_t snat_det_in2out_node
 (constructor) VLIB_REGISTER_NODE (snat_det_in2out_node) More...
 
vlib_node_registration_t snat_det_out2in_node
 (constructor) VLIB_REGISTER_NODE (snat_det_out2in_node) More...
 
vlib_node_registration_t snat_hairpin_dst_node
 (constructor) VLIB_REGISTER_NODE (snat_hairpin_dst_node) More...
 
vlib_node_registration_t snat_hairpin_src_node
 (constructor) VLIB_REGISTER_NODE (snat_hairpin_src_node) More...
 
vlib_node_registration_t nat44_ed_in2out_node
 (constructor) VLIB_REGISTER_NODE (nat44_ed_in2out_node) More...
 
vlib_node_registration_t nat44_ed_in2out_output_node
 (constructor) VLIB_REGISTER_NODE (nat44_ed_in2out_output_node) More...
 
vlib_node_registration_t nat44_ed_out2in_node
 (constructor) VLIB_REGISTER_NODE (nat44_ed_out2in_node) More...
 
vlib_node_registration_t nat44_ed_hairpin_dst_node
 (constructor) VLIB_REGISTER_NODE (nat44_ed_hairpin_dst_node) More...
 
vlib_node_registration_t nat44_ed_hairpin_src_node
 (constructor) VLIB_REGISTER_NODE (nat44_ed_hairpin_src_node) More...
 
vlib_node_registration_t nat44_ed_in2out_worker_handoff_node
 
vlib_node_registration_t nat44_ed_in2out_output_worker_handoff_node
 
vlib_node_registration_t nat44_ed_out2in_worker_handoff_node
 
format_function_t format_snat_user
 
format_function_t format_snat_static_mapping
 
format_function_t format_snat_static_map_to_resolve
 
format_function_t format_snat_session
 
format_function_t format_det_map_ses
 
format_function_t format_snat_key
 
format_function_t format_static_mapping_key
 
format_function_t format_snat_protocol
 
format_function_t format_nat_addr_and_port_alloc_alg
 
format_function_t format_nat44_reass_trace
 
unformat_function_t unformat_snat_protocol
 

Macro Definition Documentation

◆ foreach_nat_addr_and_port_alloc_alg

#define foreach_nat_addr_and_port_alloc_alg
Value:
_(0, DEFAULT, "default") \
_(1, MAPE, "map-e") \
_(2, RANGE, "port-range")

Definition at line 114 of file nat.h.

◆ foreach_snat_protocol

#define foreach_snat_protocol
Value:
_(UDP, 0, udp, "udp") \
_(TCP, 1, tcp, "tcp") \
_(ICMP, 2, icmp, "icmp")

Definition at line 128 of file nat.h.

◆ foreach_snat_session_state

#define foreach_snat_session_state
Value:
_(0, UNKNOWN, "unknown") \
_(1, UDP_ACTIVE, "udp-active") \
_(2, TCP_SYN_SENT, "tcp-syn-sent") \
_(3, TCP_ESTABLISHED, "tcp-established") \
_(4, TCP_FIN_WAIT, "tcp-fin-wait") \
_(5, TCP_CLOSE_WAIT, "tcp-close-wait") \
_(6, TCP_CLOSING, "tcp-closing") \
_(7, TCP_LAST_ACK, "tcp-last-ack") \
_(8, TCP_CLOSED, "tcp-closed") \
_(9, ICMP_ACTIVE, "icmp-active")

Definition at line 142 of file nat.h.

◆ is_addr_only_static_mapping

#define is_addr_only_static_mapping (   sm)    (sm->flags & NAT_STATIC_MAPPING_FLAG_ADDR_ONLY)

Check if NAT static mapping is address only (1:1NAT).

Parameters
smNAT static mapping
Returns
1 if 1:1NAT, 0 if 1:1NAPT

Definition at line 665 of file nat.h.

◆ is_affinity_sessions

#define is_affinity_sessions (   s)    (s->flags & SNAT_SESSION_FLAG_AFFINITY)

Check if NAT session has affinity record.

Parameters
sNAT session
Returns
1 if NAT session has affinity record

Definition at line 641 of file nat.h.

◆ is_ed_session

#define is_ed_session (   s)    (s->flags & SNAT_SESSION_FLAG_ENDPOINT_DEPENDENT)

Check if NAT session is endpoint dependent.

Parameters
sNAT session
Returns
1 if NAT session is endpoint dependent

Definition at line 635 of file nat.h.

◆ is_fwd_bypass_session

#define is_fwd_bypass_session (   s)    (s->flags & SNAT_SESSION_FLAG_FWD_BYPASS)

Check if NAT session is forwarding bypass.

Parameters
sNAT session
Returns
1 if NAT session is load-balancing

Definition at line 629 of file nat.h.

◆ is_identity_static_mapping

#define is_identity_static_mapping (   sm)    (sm->flags & NAT_STATIC_MAPPING_FLAG_IDENTITY_NAT)

Check if NAT static mapping is identity NAT.

Parameters
smNAT static mapping
Returns
1 if identity NAT

Definition at line 677 of file nat.h.

◆ is_lb_session

#define is_lb_session (   s)    (s->flags & SNAT_SESSION_FLAG_LOAD_BALANCING)

Check if NAT session is load-balancing.

Parameters
sNAT session
Returns
1 if NAT session is load-balancing

Definition at line 623 of file nat.h.

◆ is_lb_static_mapping

#define is_lb_static_mapping (   sm)    (sm->flags & NAT_STATIC_MAPPING_FLAG_LB)

Check if NAT static mapping is load-balancing.

Parameters
smNAT static mapping
Returns
1 if load-balancing

Definition at line 683 of file nat.h.

◆ is_out2in_only_static_mapping

#define is_out2in_only_static_mapping (   sm)    (sm->flags & NAT_STATIC_MAPPING_FLAG_OUT2IN_ONLY)

Check if NAT static mapping match only out2in direction.

Parameters
smNAT static mapping
Returns
1 if rule match only out2in direction

Definition at line 671 of file nat.h.

◆ is_twice_nat_session

#define is_twice_nat_session (   s)    (s->flags & SNAT_SESSION_FLAG_TWICE_NAT)

Check if NAT session is twice NAT.

Parameters
sNAT session
Returns
1 if NAT session is twice NAT

Definition at line 617 of file nat.h.

◆ nat44_is_ses_closed

#define nat44_is_ses_closed (   s)    s->state == 0xf

Check if NAT44 endpoint-dependent TCP session is closed.

Parameters
sNAT session
Returns
1 if session is closed

Definition at line 659 of file nat.h.

◆ NAT44_SES_I2O_FIN

#define NAT44_SES_I2O_FIN   1

Definition at line 162 of file nat.h.

◆ NAT44_SES_I2O_FIN_ACK

#define NAT44_SES_I2O_FIN_ACK   4

Definition at line 164 of file nat.h.

◆ NAT44_SES_I2O_SYN

#define NAT44_SES_I2O_SYN   16

Definition at line 166 of file nat.h.

◆ NAT44_SES_O2I_FIN

#define NAT44_SES_O2I_FIN   2

Definition at line 163 of file nat.h.

◆ NAT44_SES_O2I_FIN_ACK

#define NAT44_SES_O2I_FIN_ACK   8

Definition at line 165 of file nat.h.

◆ NAT44_SES_O2I_SYN

#define NAT44_SES_O2I_SYN   32

Definition at line 167 of file nat.h.

◆ NAT44_SES_RST

#define NAT44_SES_RST   64

Definition at line 168 of file nat.h.

◆ NAT_FQ_NELTS

#define NAT_FQ_NELTS   64

Definition at line 40 of file nat.h.

◆ NAT_INTERFACE_FLAG_IS_INSIDE

#define NAT_INTERFACE_FLAG_IS_INSIDE   1

Definition at line 181 of file nat.h.

◆ NAT_INTERFACE_FLAG_IS_OUTSIDE

#define NAT_INTERFACE_FLAG_IS_OUTSIDE   2

Definition at line 182 of file nat.h.

◆ nat_interface_is_inside

#define nat_interface_is_inside (   i)    i->flags & NAT_INTERFACE_FLAG_IS_INSIDE

Check if NAT interface is inside.

Parameters
iNAT interfce
Returns
1 if inside interface

Definition at line 647 of file nat.h.

◆ nat_interface_is_outside

#define nat_interface_is_outside (   i)    i->flags & NAT_INTERFACE_FLAG_IS_OUTSIDE

Check if NAT interface is outside.

Parameters
iNAT interfce
Returns
1 if outside interface

Definition at line 653 of file nat.h.

◆ nat_log_debug

#define nat_log_debug (   ...)    vlib_log(VLIB_LOG_LEVEL_DEBUG, snat_main.log_class, __VA_ARGS__)

Definition at line 700 of file nat.h.

◆ nat_log_err

#define nat_log_err (   ...)    vlib_log(VLIB_LOG_LEVEL_ERR, snat_main.log_class, __VA_ARGS__)

Definition at line 692 of file nat.h.

◆ nat_log_info

#define nat_log_info (   ...)    vlib_log(VLIB_LOG_LEVEL_INFO, snat_main.log_class, __VA_ARGS__)

Definition at line 698 of file nat.h.

◆ nat_log_notice

#define nat_log_notice (   ...)    vlib_log(VLIB_LOG_LEVEL_NOTICE, snat_main.log_class, __VA_ARGS__)

Definition at line 696 of file nat.h.

◆ nat_log_warn

#define nat_log_warn (   ...)    vlib_log(VLIB_LOG_LEVEL_WARNING, snat_main.log_class, __VA_ARGS__)

Definition at line 694 of file nat.h.

◆ NAT_STATIC_MAPPING_FLAG_ADDR_ONLY

#define NAT_STATIC_MAPPING_FLAG_ADDR_ONLY   1

Definition at line 185 of file nat.h.

◆ NAT_STATIC_MAPPING_FLAG_IDENTITY_NAT

#define NAT_STATIC_MAPPING_FLAG_IDENTITY_NAT   4

Definition at line 187 of file nat.h.

◆ NAT_STATIC_MAPPING_FLAG_LB

#define NAT_STATIC_MAPPING_FLAG_LB   8

Definition at line 188 of file nat.h.

◆ NAT_STATIC_MAPPING_FLAG_OUT2IN_ONLY

#define NAT_STATIC_MAPPING_FLAG_OUT2IN_ONLY   2

Definition at line 186 of file nat.h.

◆ SNAT_FLAG_HAIRPINNING

#define SNAT_FLAG_HAIRPINNING   (1 << 0)

Definition at line 43 of file nat.h.

◆ SNAT_ICMP_TIMEOUT

#define SNAT_ICMP_TIMEOUT   60

Definition at line 37 of file nat.h.

◆ snat_is_session_static

#define snat_is_session_static (   s)    (s->flags & SNAT_SESSION_FLAG_STATIC_MAPPING)

Check if SNAT session is created from static mapping.

Parameters
sSNAT session
Returns
1 if SNAT session is created from static mapping otherwise 0

Definition at line 605 of file nat.h.

◆ snat_is_unk_proto_session

#define snat_is_unk_proto_session (   s)    (s->flags & SNAT_SESSION_FLAG_UNKNOWN_PROTO)

Check if SNAT session for unknown protocol.

Parameters
sSNAT session
Returns
1 if SNAT session for unknown protocol otherwise 0

Definition at line 611 of file nat.h.

◆ SNAT_SESSION_FLAG_AFFINITY

#define SNAT_SESSION_FLAG_AFFINITY   64

Definition at line 177 of file nat.h.

◆ SNAT_SESSION_FLAG_ENDPOINT_DEPENDENT

#define SNAT_SESSION_FLAG_ENDPOINT_DEPENDENT   16

Definition at line 175 of file nat.h.

◆ SNAT_SESSION_FLAG_FWD_BYPASS

#define SNAT_SESSION_FLAG_FWD_BYPASS   32

Definition at line 176 of file nat.h.

◆ SNAT_SESSION_FLAG_LOAD_BALANCING

#define SNAT_SESSION_FLAG_LOAD_BALANCING   4

Definition at line 173 of file nat.h.

◆ SNAT_SESSION_FLAG_OUTPUT_FEATURE

#define SNAT_SESSION_FLAG_OUTPUT_FEATURE   128

Definition at line 178 of file nat.h.

◆ SNAT_SESSION_FLAG_STATIC_MAPPING

#define SNAT_SESSION_FLAG_STATIC_MAPPING   1

Definition at line 171 of file nat.h.

◆ SNAT_SESSION_FLAG_TWICE_NAT

#define SNAT_SESSION_FLAG_TWICE_NAT   8

Definition at line 174 of file nat.h.

◆ SNAT_SESSION_FLAG_UNKNOWN_PROTO

#define SNAT_SESSION_FLAG_UNKNOWN_PROTO   2

Definition at line 172 of file nat.h.

◆ SNAT_TCP_ESTABLISHED_TIMEOUT

#define SNAT_TCP_ESTABLISHED_TIMEOUT   7440

Definition at line 36 of file nat.h.

◆ SNAT_TCP_TRANSITORY_TIMEOUT

#define SNAT_TCP_TRANSITORY_TIMEOUT   240

Definition at line 35 of file nat.h.

◆ SNAT_UDP_TIMEOUT

#define SNAT_UDP_TIMEOUT   300

Definition at line 34 of file nat.h.

◆ tcp_is_init

#define tcp_is_init (   t)    ((t->flags & TCP_FLAG_SYN) && !(t->flags & TCP_FLAG_ACK))

Check if client initiating TCP connection (received SYN from client)

Parameters
tTCP header
Returns
1 if client initiating TCP connection

Definition at line 689 of file nat.h.

Typedef Documentation

◆ nat_alloc_out_addr_and_port_function_t

typedef int() nat_alloc_out_addr_and_port_function_t(snat_address_t *addresses, u32 fib_index, u32 thread_index, snat_session_key_t *k, u16 port_per_thread, u32 snat_thread_index)

Definition at line 422 of file nat.h.

◆ snat_get_worker_function_t

typedef u32() snat_get_worker_function_t(ip4_header_t *ip, u32 rx_fib_index)

Definition at line 418 of file nat.h.

◆ snat_icmp_match_function_t

typedef u32() snat_icmp_match_function_t(struct snat_main_s *sm, vlib_node_runtime_t *node, u32 thread_index, vlib_buffer_t *b0, ip4_header_t *ip0, u8 *p_proto, snat_session_key_t *p_value, u8 *p_dont_translate, void *d, void *e)

Definition at line 408 of file nat.h.

◆ snat_main_t

typedef struct snat_main_s snat_main_t

Enumeration Type Documentation

◆ lb_nat_type_t

Enumerator
NO_LB_NAT 
LB_NAT 
AFFINITY_LB_NAT 

Definition at line 315 of file nat.h.

◆ nat_addr_and_port_alloc_alg_t

Enumerator
foreach_nat_addr_and_port_alloc_alg 

Definition at line 119 of file nat.h.

◆ snat_protocol_t

Enumerator
foreach_snat_protocol 

Definition at line 133 of file nat.h.

◆ snat_session_state_t

Enumerator
foreach_snat_session_state 

Definition at line 154 of file nat.h.

◆ twice_nat_type_t

Enumerator
TWICE_NAT_DISABLED 
TWICE_NAT 
TWICE_NAT_SELF 

Definition at line 305 of file nat.h.

Function Documentation

◆ CLIB_PACKED()

typedef CLIB_PACKED ( struct { snat_session_key_t out2in;snat_session_key_t in2out;u32 flags;u32 per_user_index;u32 per_user_list_head_index;f64 last_heard;u64 total_bytes;u32 total_pkts;ip4_address_t ext_host_addr;u16 ext_host_port;ip4_address_t ext_host_nat_addr;u16 ext_host_nat_port;u8 state;u32 i2o_fin_seq;u32 o2i_fin_seq;u32 user_index;}  )

◆ icmp_in2out()

u32 icmp_in2out ( snat_main_t sm,
vlib_buffer_t b0,
ip4_header_t ip0,
icmp46_header_t *  icmp0,
u32  sw_if_index0,
u32  rx_fib_index0,
vlib_node_runtime_t node,
u32  next0,
u32  thread_index,
void *  d,
void *  e 
)

Definition at line 635 of file in2out.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ icmp_match_in2out_det()

u32 icmp_match_in2out_det ( snat_main_t sm,
vlib_node_runtime_t node,
u32  thread_index,
vlib_buffer_t b0,
ip4_header_t ip0,
u8 p_proto,
snat_session_key_t p_value,
u8 p_dont_translate,
void *  d,
void *  e 
)

Get address and port values to be used for ICMP packet translation and create session if needed.

Parameters
[in,out]smNAT main
[in,out]nodeNAT node runtime
[in]thread_indexthread index
[in,out]b0buffer containing packet to be translated
[out]p_protoprotocol used for matching
[out]p_valueaddress and port after NAT translation
[out]p_dont_translateif packet should not be translated
doptional parameter
eoptional parameter

Definition at line 96 of file nat_det_in2out.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ icmp_match_in2out_ed()

u32 icmp_match_in2out_ed ( snat_main_t sm,
vlib_node_runtime_t node,
u32  thread_index,
vlib_buffer_t b0,
ip4_header_t ip0,
u8 p_proto,
snat_session_key_t p_value,
u8 p_dont_translate,
void *  d,
void *  e 
)

Definition at line 589 of file in2out_ed.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ icmp_match_in2out_fast()

u32 icmp_match_in2out_fast ( snat_main_t sm,
vlib_node_runtime_t node,
u32  thread_index,
vlib_buffer_t b0,
ip4_header_t ip0,
u8 p_proto,
snat_session_key_t p_value,
u8 p_dont_translate,
void *  d,
void *  e 
)

Get address and port values to be used for ICMP packet translation.

Parameters
[in]smNAT main
[in,out]nodeNAT node runtime
[in]thread_indexthread index
[in,out]b0buffer containing packet to be translated
[out]p_protoprotocol used for matching
[out]p_valueaddress and port after NAT translation
[out]p_dont_translateif packet should not be translated
doptional parameter
eoptional parameter

Definition at line 566 of file in2out.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ icmp_match_in2out_slow()

u32 icmp_match_in2out_slow ( snat_main_t sm,
vlib_node_runtime_t node,
u32  thread_index,
vlib_buffer_t b0,
ip4_header_t ip0,
u8 p_proto,
snat_session_key_t p_value,
u8 p_dont_translate,
void *  d,
void *  e 
)

Get address and port values to be used for ICMP packet translation and create session if needed.

Parameters
[in,out]smNAT main
[in,out]nodeNAT node runtime
[in]thread_indexthread index
[in,out]b0buffer containing packet to be translated
[out]p_protoprotocol used for matching
[out]p_valueaddress and port after NAT translation
[out]p_dont_translateif packet should not be translated
doptional parameter
eoptional parameter

Definition at line 449 of file in2out.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ icmp_match_out2in_det()

u32 icmp_match_out2in_det ( snat_main_t sm,
vlib_node_runtime_t node,
u32  thread_index,
vlib_buffer_t b0,
ip4_header_t ip0,
u8 p_proto,
snat_session_key_t p_value,
u8 p_dont_translate,
void *  d,
void *  e 
)

Get address and port values to be used for ICMP packet translation and create session if needed.

Parameters
[in,out]smNAT main
[in,out]nodeNAT node runtime
[in]thread_indexthread index
[in,out]b0buffer containing packet to be translated
[out]p_protoprotocol used for matching
[out]p_valueaddress and port after NAT translation
[out]p_dont_translateif packet should not be translated
doptional parameter
eoptional parameter

Definition at line 96 of file nat_det_out2in.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ icmp_match_out2in_ed()

u32 icmp_match_out2in_ed ( snat_main_t sm,
vlib_node_runtime_t node,
u32  thread_index,
vlib_buffer_t b0,
ip4_header_t ip0,
u8 p_proto,
snat_session_key_t p_value,
u8 p_dont_translate,
void *  d,
void *  e 
)

Definition at line 492 of file out2in_ed.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ icmp_match_out2in_fast()

u32 icmp_match_out2in_fast ( snat_main_t sm,
vlib_node_runtime_t node,
u32  thread_index,
vlib_buffer_t b0,
ip4_header_t ip0,
u8 p_proto,
snat_session_key_t p_value,
u8 p_dont_translate,
void *  d,
void *  e 
)

Get address and port values to be used for ICMP packet translation.

Parameters
[in]smNAT main
[in,out]nodeNAT node runtime
[in]thread_indexthread index
[in,out]b0buffer containing packet to be translated
[out]p_protoprotocol used for matching
[out]p_valueaddress and port after NAT translation
[out]p_dont_translateif packet should not be translated
doptional parameter
eoptional parameter

Definition at line 441 of file out2in.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ icmp_match_out2in_slow()

u32 icmp_match_out2in_slow ( snat_main_t sm,
vlib_node_runtime_t node,
u32  thread_index,
vlib_buffer_t b0,
ip4_header_t ip0,
u8 p_proto,
snat_session_key_t p_value,
u8 p_dont_translate,
void *  d,
void *  e 
)

Get address and port values to be used for ICMP packet translation and create session if needed.

Parameters
[in,out]smNAT main
[in,out]nodeNAT node runtime
[in]thread_indexthread index
[in,out]b0buffer containing packet to be translated
[out]p_protoprotocol used for matching
[out]p_valueaddress and port after NAT translation
[out]p_dont_translateif packet should not be translated
doptional parameter
eoptional parameter

Definition at line 313 of file out2in.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ icmp_out2in()

u32 icmp_out2in ( snat_main_t sm,
vlib_buffer_t b0,
ip4_header_t ip0,
icmp46_header_t *  icmp0,
u32  sw_if_index0,
u32  rx_fib_index0,
vlib_node_runtime_t node,
u32  next0,
u32  thread_index,
void *  d,
void *  e 
)

Definition at line 502 of file out2in.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ increment_v4_address()

void increment_v4_address ( ip4_address_t a)

Increment IPv4 address.

Definition at line 600 of file nat.c.

+ Here is the caller graph for this function:

◆ nat44_add_del_address_dpo()

void nat44_add_del_address_dpo ( ip4_address_t  addr,
u8  is_add 
)

Add/delete external address to FIB DPO (out2in DPO mode)

Parameters
addrIPv4 address
is_add1 = add, 0 = delete
Returns
0 on success, non-zero value otherwise

Definition at line 2631 of file nat.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ nat44_add_del_lb_static_mapping()

int nat44_add_del_lb_static_mapping ( ip4_address_t  e_addr,
u16  e_port,
snat_protocol_t  proto,
nat44_lb_addr_port_t locals,
u8  is_add,
twice_nat_type_t  twice_nat,
u8  out2in_only,
u8 tag,
u32  affinity 
)

Add/delete static mapping with load-balancing (multiple backends)

Parameters
e_addrexternal IPv4 address
e_portexternal port number
protoL4 protocol
localslist of local backends
is_add1 = add, 0 = delete
twice_nattwice-nat mode
out2in_onlyif 1 rule match only out2in direction
tagopaque string tag
affinity0 = disabled, otherwise client IP affinity sticky time
Returns
0 on success, non-zero value otherwise

Definition at line 1142 of file nat.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ nat44_del_ed_session()

int nat44_del_ed_session ( snat_main_t sm,
ip4_address_t addr,
u16  port,
ip4_address_t eh_addr,
u16  eh_port,
u8  proto,
u32  vrf_id,
int  is_in 
)

Delete NAT44 endpoint-dependent session.

Parameters
addrIPv4 address
portL4 port number
protoL4 protocol
vrf_idVRF ID
is_in1 = inside network addres and por pair, 0 = outside
Returns
0 on success, non-zero value otherwise

Definition at line 3409 of file nat.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ nat44_del_session()

int nat44_del_session ( snat_main_t sm,
ip4_address_t addr,
u16  port,
snat_protocol_t  proto,
u32  vrf_id,
int  is_in 
)

Delete NAT44 session.

Parameters
addrIPv4 address
portL4 port number
protoL4 protocol
vrf_idVRF ID
is_in1 = inside network addres and por pair, 0 = outside
Returns
0 on success, non-zero value otherwise

Definition at line 3366 of file nat.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ nat44_ed_hairpinning_unknown_proto()

void nat44_ed_hairpinning_unknown_proto ( snat_main_t sm,
vlib_buffer_t b,
ip4_header_t ip 
)

Definition at line 382 of file nat44_hairpinning.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ nat44_i2o_ed_is_idle_session_cb()

int nat44_i2o_ed_is_idle_session_cb ( clib_bihash_kv_16_8_t kv,
void *  arg 
)

Definition at line 158 of file in2out_ed.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ nat44_i2o_is_idle_session_cb()

int nat44_i2o_is_idle_session_cb ( clib_bihash_kv_8_8_t kv,
void *  arg 
)

Definition at line 202 of file in2out.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ nat44_lb_static_mapping_add_del_local()

int nat44_lb_static_mapping_add_del_local ( ip4_address_t  e_addr,
u16  e_port,
ip4_address_t  l_addr,
u16  l_port,
snat_protocol_t  proto,
u32  vrf_id,
u8  probability,
u8  is_add 
)

Definition at line 1418 of file nat.c.

+ Here is the caller graph for this function:

◆ nat44_o2i_ed_is_idle_session_cb()

int nat44_o2i_ed_is_idle_session_cb ( clib_bihash_kv_16_8_t kv,
void *  arg 
)

Definition at line 131 of file out2in_ed.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ nat44_o2i_is_idle_session_cb()

int nat44_o2i_is_idle_session_cb ( clib_bihash_kv_8_8_t kv,
void *  arg 
)

Definition at line 118 of file out2in.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ nat44_reass_hairpinning()

void nat44_reass_hairpinning ( snat_main_t sm,
vlib_buffer_t b0,
ip4_header_t ip0,
u16  sport,
u16  dport,
u32  proto0,
int  is_ed 
)

Definition at line 427 of file nat44_hairpinning.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ nat_ed_session_alloc()

snat_session_t* nat_ed_session_alloc ( snat_main_t sm,
snat_user_t u,
u32  thread_index,
f64  now 
)

Allocate NAT endpoint-dependent session.

Parameters
uNAT user
thread_indexthread index
Returns
session data structure on success otherwise zero value

Definition at line 411 of file nat.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ nat_free_session_data()

void nat_free_session_data ( snat_main_t sm,
snat_session_t *  s,
u32  thread_index 
)

Free NAT44 session data (lookup keys, external addrres port)

Parameters
sNAT session
thread_indexthread index

Definition at line 178 of file nat.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ nat_hairpinning_sm_unknown_proto()

void nat_hairpinning_sm_unknown_proto ( snat_main_t sm,
vlib_buffer_t b,
ip4_header_t ip 
)

Definition at line 357 of file nat44_hairpinning.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ nat_session_alloc_or_recycle()

snat_session_t* nat_session_alloc_or_recycle ( snat_main_t sm,
snat_user_t u,
u32  thread_index 
)

Allocate new NAT session or recycle last used.

Parameters
uNAT user
thread_indexthread index
Returns
session data structure on success otherwise zero value

Definition at line 338 of file nat.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ nat_set_alloc_addr_and_port_default()

void nat_set_alloc_addr_and_port_default ( void  )

Set address and port assignment algorithm to default/standard.

Definition at line 3476 of file nat.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ nat_set_alloc_addr_and_port_mape()

void nat_set_alloc_addr_and_port_mape ( u16  psid,
u16  psid_offset,
u16  psid_length 
)

Set address and port assignment algorithm for MAP-E CE.

Parameters
psidPort Set Identifier value
psid_offsetnumber of offset bits
psid_lengthlength of PSID

Definition at line 3453 of file nat.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ nat_set_alloc_addr_and_port_range()

void nat_set_alloc_addr_and_port_range ( u16  start_port,
u16  end_port 
)

Set address and port assignment algorithm for port range.

Parameters
start_portbeginning of the port range
end_portend of the port range

Definition at line 3465 of file nat.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ nat_user_get_or_create()

snat_user_t* nat_user_get_or_create ( snat_main_t sm,
ip4_address_t addr,
u32  fib_index,
u32  thread_index 
)

Find or create NAT user.

Parameters
addrIPv4 address
fib_indexFIB table index
thread_indexthread index
Returns
NAT user data structure on success otherwise zero value

Definition at line 291 of file nat.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ snat_add_address()

int snat_add_address ( snat_main_t sm,
ip4_address_t addr,
u32  vrf_id,
u8  twice_nat 
)

Add external address to NAT44 pool.

Parameters
addrIPv4 address
vrf_idVRF id of tenant, ~0 means independent of VRF
twice_nat1 if twice NAT address
Returns
0 on success, non-zero value otherwise

Definition at line 516 of file nat.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ snat_add_del_addr_to_fib()

void snat_add_del_addr_to_fib ( ip4_address_t addr,
u8  p_len,
u32  sw_if_index,
int  is_add 
)

Add/del NAT address to FIB.

Add the external NAT address to the FIB as receive entries. This ensures that VPP will reply to ARP for this address and we don't need to enable proxy ARP on the outside interface.

Parameters
addrIPv4 address
plenaddress prefix length
sw_if_indexsoftware index of the outside interface
is_add0 = delete, 1 = add.

Definition at line 488 of file nat.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ snat_add_interface_address()

int snat_add_interface_address ( snat_main_t sm,
u32  sw_if_index,
int  is_del,
u8  twice_nat 
)

Add/delete NAT44 pool address from specific interfce.

Parameters
sw_if_indexsoftware index of the interface
is_del1 = delete, 0 = add
twice_nat1 = twice NAT address for extenal hosts
Returns
0 on success, non-zero value otherwise

Definition at line 3298 of file nat.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ snat_add_static_mapping()

int snat_add_static_mapping ( ip4_address_t  l_addr,
ip4_address_t  e_addr,
u16  l_port,
u16  e_port,
u32  vrf_id,
int  addr_only,
u32  sw_if_index,
snat_protocol_t  proto,
int  is_add,
twice_nat_type_t  twice_nat,
u8  out2in_only,
u8 tag,
u8  identity_nat 
)

Add/delete NAT44 static mapping.

Parameters
l_addrlocal IPv4 address
e_addrexternal IPv4 address
l_portlocal port number
e_portexternal port number
vrf_idlocal VRF ID
addr_only1 = 1:1NAT, 0 = 1:1NAPT
sw_if_indexuse interface address as external IPv4 address
protoL4 protocol
is_add1 = add, 0 = delete
twice_nattwice-nat mode
out2in_onlyif 1 rule match only out2in direction
tagopaque string tag
identity_natidentity NAT
Returns
0 on success, non-zero value otherwise

Definition at line 652 of file nat.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ snat_alloc_outside_address_and_port()

int snat_alloc_outside_address_and_port ( snat_address_t addresses,
u32  fib_index,
u32  thread_index,
snat_session_key_t k,
u16  port_per_thread,
u32  snat_thread_index 
)

Alloc outside address and port.

Parameters
addressesvector of outside addresses
fib_indexFIB table index
thread_indexthread index
kallocated address and port pair
port_per_threadnumber of ports per threead
snat_thread_indexNAT thread index
Returns
0 on success, non-zero value otherwise

Definition at line 2432 of file nat.c.

+ Here is the caller graph for this function:

◆ snat_api_init()

clib_error_t* snat_api_init ( vlib_main_t vm,
snat_main_t sm 
)

Definition at line 3295 of file nat_api.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ snat_del_address()

int snat_del_address ( snat_main_t sm,
ip4_address_t  addr,
u8  delete_sm,
u8  twice_nat 
)

Delete external address from NAT44 pool.

Parameters
addrIPv4 address
delete_sm1 if delete static mapping using address
twice_nat1 if twice NAT address
Returns
0 on success, non-zero value otherwise

Definition at line 1601 of file nat.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ snat_free_outside_address_and_port()

void snat_free_outside_address_and_port ( snat_address_t addresses,
u32  thread_index,
snat_session_key_t k 
)

Free outside address and port pair.

Parameters
addressesvector of outside addresses
thread_indexthread index
kadddress, port and protocol

Definition at line 2249 of file nat.c.

+ Here is the caller graph for this function:

◆ snat_hairpinning()

int snat_hairpinning ( snat_main_t sm,
vlib_buffer_t b0,
ip4_header_t ip0,
udp_header_t udp0,
tcp_header_t tcp0,
u32  proto0,
int  is_ed 
)

Definition at line 96 of file nat44_hairpinning.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ snat_icmp_hairpinning()

u32 snat_icmp_hairpinning ( snat_main_t sm,
vlib_buffer_t b0,
ip4_header_t ip0,
icmp46_header_t *  icmp0,
int  is_ed 
)

Definition at line 203 of file nat44_hairpinning.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ snat_interface_add_del()

int snat_interface_add_del ( u32  sw_if_index,
u8  is_inside,
int  is_del 
)

Enable/disable NAT44 feature on the interface.

Parameters
sw_if_indexsoftware index of the interface
is_inside1 = inside, 0 = outside
is_del1 = delete, 0 = add
Returns
0 on success, non-zero value otherwise

Definition at line 1715 of file nat.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ snat_interface_add_del_output_feature()

int snat_interface_add_del_output_feature ( u32  sw_if_index,
u8  is_inside,
int  is_del 
)

Enable/disable NAT44 output feature on the interface (postrouting NAT)

Parameters
sw_if_indexsoftware index of the interface
is_inside1 = inside, 0 = outside
is_del1 = delete, 0 = add
Returns
0 on success, non-zero value otherwise

Definition at line 1964 of file nat.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ snat_set_workers()

int snat_set_workers ( uword bitmap)

Set NAT plugin workers.

Parameters
bitmapNAT workers bitmap
Returns
0 on success, non-zero value otherwise

Definition at line 2087 of file nat.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

◆ snat_static_mapping_match()

int snat_static_mapping_match ( snat_main_t sm,
snat_session_key_t  match,
snat_session_key_t mapping,
u8  by_external,
u8 is_addr_only,
twice_nat_type_t twice_nat,
lb_nat_type_t lb,
ip4_address_t ext_host_addr,
u8 is_identity_nat 
)

Match NAT44 static mapping.

Parameters
matchaddress and port to match
mappingexternal/local address and port of the matched mapping
by_externalif 0 match by local address otherwise match by external address
is_addr_only1 if matched mapping is address only
twice_natmatched mapping is twice NAT type
lb1 if matched mapping is load-balanced
ext_host_addrexternal host address
Returns
0 if match found otherwise 1.

Definition at line 2287 of file nat.c.

+ Here is the call graph for this function:
+ Here is the caller graph for this function:

Variable Documentation

◆ format_det_map_ses

format_function_t format_det_map_ses

Definition at line 592 of file nat.h.

◆ format_nat44_reass_trace

format_function_t format_nat44_reass_trace

Definition at line 597 of file nat.h.

◆ format_nat_addr_and_port_alloc_alg

format_function_t format_nat_addr_and_port_alloc_alg

Definition at line 596 of file nat.h.

◆ format_snat_key

format_function_t format_snat_key

Definition at line 593 of file nat.h.

◆ format_snat_protocol

format_function_t format_snat_protocol

Definition at line 595 of file nat.h.

◆ format_snat_session

format_function_t format_snat_session

Definition at line 591 of file nat.h.

◆ format_snat_static_map_to_resolve

format_function_t format_snat_static_map_to_resolve

Definition at line 590 of file nat.h.

◆ format_snat_static_mapping

format_function_t format_snat_static_mapping

Definition at line 589 of file nat.h.

◆ format_snat_user

format_function_t format_snat_user

Definition at line 588 of file nat.h.

◆ format_static_mapping_key

format_function_t format_static_mapping_key

Definition at line 594 of file nat.h.

◆ nat44_ed_hairpin_dst_node

vlib_node_registration_t nat44_ed_hairpin_dst_node
Initial value:
= {
.name = "nat44-ed-hairpin-dst",
.vector_size = sizeof (u32),
.error_strings = nat44_hairpin_error_strings,
.n_next_nodes = NAT_HAIRPIN_N_NEXT,
.next_nodes = {
[NAT_HAIRPIN_NEXT_DROP] = "error-drop",
[NAT_HAIRPIN_NEXT_LOOKUP] = "ip4-lookup",
},
}
static char * nat44_hairpin_error_strings[]
unsigned int u32
Definition: types.h:88
#define ARRAY_LEN(x)
Definition: clib.h:62
static uword nat44_ed_hairpin_dst_fn(vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame)

(constructor) VLIB_REGISTER_NODE (nat44_ed_hairpin_dst_node)

Definition at line 781 of file nat44_hairpinning.c.

◆ nat44_ed_hairpin_src_node

vlib_node_registration_t nat44_ed_hairpin_src_node
Initial value:
= {
.name = "nat44-ed-hairpin-src",
.vector_size = sizeof (u32),
.error_strings = nat44_hairpin_error_strings,
.n_next_nodes = SNAT_HAIRPIN_SRC_N_NEXT,
.next_nodes = {
[SNAT_HAIRPIN_SRC_NEXT_DROP] = "error-drop",
[SNAT_HAIRPIN_SRC_NEXT_SNAT_IN2OUT] = "nat44-ed-in2out-output",
[SNAT_HAIRPIN_SRC_NEXT_SNAT_IN2OUT_WH] = "nat44-in2out-output-worker-handoff",
},
}
static char * nat44_hairpin_error_strings[]
unsigned int u32
Definition: types.h:88
static uword nat44_ed_hairpin_src_fn(vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame)
#define ARRAY_LEN(x)
Definition: clib.h:62

(constructor) VLIB_REGISTER_NODE (nat44_ed_hairpin_src_node)

Definition at line 912 of file nat44_hairpinning.c.

◆ nat44_ed_in2out_node

vlib_node_registration_t nat44_ed_in2out_node

(constructor) VLIB_REGISTER_NODE (nat44_ed_in2out_node)

Definition at line 84 of file in2out_ed.c.

◆ nat44_ed_in2out_output_node

vlib_node_registration_t nat44_ed_in2out_output_node

(constructor) VLIB_REGISTER_NODE (nat44_ed_in2out_output_node)

Definition at line 86 of file in2out_ed.c.

◆ nat44_ed_in2out_output_worker_handoff_node

vlib_node_registration_t nat44_ed_in2out_output_worker_handoff_node

◆ nat44_ed_in2out_worker_handoff_node

vlib_node_registration_t nat44_ed_in2out_worker_handoff_node

◆ nat44_ed_out2in_node

vlib_node_registration_t nat44_ed_out2in_node
Initial value:
= {
.name = "nat44-ed-out2in",
.vector_size = sizeof (u32),
.error_strings = nat_out2in_ed_error_strings,
.runtime_data_bytes = sizeof (snat_runtime_t),
.n_next_nodes = NAT44_ED_OUT2IN_N_NEXT,
.next_nodes = {
[NAT44_ED_OUT2IN_NEXT_DROP] = "error-drop",
[NAT44_ED_OUT2IN_NEXT_LOOKUP] = "ip4-lookup",
[NAT44_ED_OUT2IN_NEXT_SLOW_PATH] = "nat44-ed-out2in-slowpath",
[NAT44_ED_OUT2IN_NEXT_ICMP_ERROR] = "ip4-icmp-error",
[NAT44_ED_OUT2IN_NEXT_IN2OUT] = "nat44-ed-in2out",
[NAT44_ED_OUT2IN_NEXT_REASS] = "nat44-ed-out2in-reass",
},
}
static char * nat_out2in_ed_error_strings[]
Definition: out2in_ed.c:61
static uword nat44_ed_out2in_fast_path_fn(vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame)
Definition: out2in_ed.c:1547
unsigned int u32
Definition: types.h:88
static u8 * format_nat44_ed_out2in_trace(u8 *s, va_list *args)
Definition: out2in_ed.c:91
#define ARRAY_LEN(x)
Definition: clib.h:62

(constructor) VLIB_REGISTER_NODE (nat44_ed_out2in_node)

Definition at line 1555 of file out2in_ed.c.

◆ nat44_ed_out2in_worker_handoff_node

vlib_node_registration_t nat44_ed_out2in_worker_handoff_node

◆ snat_det_in2out_node

vlib_node_registration_t snat_det_in2out_node
Initial value:
= {
.name = "nat44-det-in2out",
.vector_size = sizeof (u32),
.format_trace = format_nat_det_in2out_trace,
.error_strings = nat_det_in2out_error_strings,
.n_next_nodes = NAT_DET_IN2OUT_N_NEXT,
.next_nodes = {
[NAT_DET_IN2OUT_NEXT_DROP] = "error-drop",
[NAT_DET_IN2OUT_NEXT_LOOKUP] = "ip4-lookup",
[NAT_DET_IN2OUT_NEXT_ICMP_ERROR] = "ip4-icmp-error",
},
}
static char * nat_det_in2out_error_strings[]
unsigned int u32
Definition: types.h:88
#define ARRAY_LEN(x)
Definition: clib.h:62
static uword snat_det_in2out_node_fn(vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame)
static u8 * format_nat_det_in2out_trace(u8 *s, va_list *args)

(constructor) VLIB_REGISTER_NODE (snat_det_in2out_node)

Definition at line 858 of file nat_det_in2out.c.

◆ snat_det_out2in_node

vlib_node_registration_t snat_det_out2in_node
Initial value:
= {
.name = "nat44-det-out2in",
.vector_size = sizeof (u32),
.format_trace = format_nat_det_out2in_trace,
.error_strings = nat_det_out2in_error_strings,
.runtime_data_bytes = sizeof (snat_runtime_t),
.n_next_nodes = NAT_DET_OUT2IN_N_NEXT,
.next_nodes = {
[NAT_DET_OUT2IN_NEXT_DROP] = "error-drop",
[NAT_DET_OUT2IN_NEXT_LOOKUP] = "ip4-lookup",
[NAT_DET_OUT2IN_NEXT_ICMP_ERROR] = "ip4-icmp-error",
},
}
unsigned int u32
Definition: types.h:88
static char * nat_det_out2in_error_strings[]
static u8 * format_nat_det_out2in_trace(u8 *s, va_list *args)
#define ARRAY_LEN(x)
Definition: clib.h:62
static uword snat_det_out2in_node_fn(vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame)

(constructor) VLIB_REGISTER_NODE (snat_det_out2in_node)

Definition at line 690 of file nat_det_out2in.c.

◆ snat_hairpin_dst_node

vlib_node_registration_t snat_hairpin_dst_node
Initial value:
= {
.function = snat_hairpin_dst_fn,
.name = "nat44-hairpin-dst",
.vector_size = sizeof (u32),
.error_strings = nat44_hairpin_error_strings,
.n_next_nodes = NAT_HAIRPIN_N_NEXT,
.next_nodes = {
[NAT_HAIRPIN_NEXT_DROP] = "error-drop",
[NAT_HAIRPIN_NEXT_LOOKUP] = "ip4-lookup",
},
}
static char * nat44_hairpin_error_strings[]
unsigned int u32
Definition: types.h:88
static uword snat_hairpin_dst_fn(vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame)
#define ARRAY_LEN(x)
Definition: clib.h:62

(constructor) VLIB_REGISTER_NODE (snat_hairpin_dst_node)

Definition at line 756 of file nat44_hairpinning.c.

◆ snat_hairpin_src_node

vlib_node_registration_t snat_hairpin_src_node
Initial value:
= {
.function = snat_hairpin_src_fn,
.name = "nat44-hairpin-src",
.vector_size = sizeof (u32),
.error_strings = nat44_hairpin_error_strings,
.n_next_nodes = SNAT_HAIRPIN_SRC_N_NEXT,
.next_nodes = {
[SNAT_HAIRPIN_SRC_NEXT_DROP] = "error-drop",
[SNAT_HAIRPIN_SRC_NEXT_SNAT_IN2OUT] = "nat44-in2out-output",
[SNAT_HAIRPIN_SRC_NEXT_SNAT_IN2OUT_WH] = "nat44-in2out-output-worker-handoff",
},
}
static uword snat_hairpin_src_fn(vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame)
static char * nat44_hairpin_error_strings[]
unsigned int u32
Definition: types.h:88
#define ARRAY_LEN(x)
Definition: clib.h:62

(constructor) VLIB_REGISTER_NODE (snat_hairpin_src_node)

Definition at line 885 of file nat44_hairpinning.c.

◆ snat_in2out_fast_node

vlib_node_registration_t snat_in2out_fast_node

(constructor) VLIB_REGISTER_NODE (snat_in2out_fast_node)

Definition at line 77 of file in2out.c.

◆ snat_in2out_node

vlib_node_registration_t snat_in2out_node

(constructor) VLIB_REGISTER_NODE (snat_in2out_node)

Definition at line 75 of file in2out.c.

◆ snat_in2out_output_node

vlib_node_registration_t snat_in2out_output_node

(constructor) VLIB_REGISTER_NODE (snat_in2out_output_node)

Definition at line 78 of file in2out.c.

◆ snat_in2out_output_worker_handoff_node

vlib_node_registration_t snat_in2out_output_worker_handoff_node
Initial value:
= {
.name = "nat44-in2out-output-worker-handoff",
.vector_size = sizeof (u32),
.format_trace = format_nat44_handoff_trace,
.error_strings = nat44_handoff_error_strings,
.n_next_nodes = 1,
.next_nodes = {
[0] = "error-drop",
},
}
static char * nat44_handoff_error_strings[]
Definition: nat44_handoff.c:46
unsigned int u32
Definition: types.h:88
static uword snat_in2out_output_worker_handoff_fn(vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame)
#define ARRAY_LEN(x)
Definition: clib.h:62
static u8 * format_nat44_handoff_trace(u8 *s, va_list *args)
Definition: nat44_handoff.c:58

(constructor) VLIB_REGISTER_NODE (snat_in2out_output_worker_handoff_node)

Definition at line 191 of file nat44_handoff.c.

◆ snat_in2out_worker_handoff_node

vlib_node_registration_t snat_in2out_worker_handoff_node
Initial value:
= {
.name = "nat44-in2out-worker-handoff",
.vector_size = sizeof (u32),
.format_trace = format_nat44_handoff_trace,
.error_strings = nat44_handoff_error_strings,
.n_next_nodes = 1,
.next_nodes = {
[0] = "error-drop",
},
}
static char * nat44_handoff_error_strings[]
Definition: nat44_handoff.c:46
static uword snat_in2out_worker_handoff_fn(vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame)
unsigned int u32
Definition: types.h:88
#define ARRAY_LEN(x)
Definition: clib.h:62
static u8 * format_nat44_handoff_trace(u8 *s, va_list *args)
Definition: nat44_handoff.c:58

(constructor) VLIB_REGISTER_NODE (snat_in2out_worker_handoff_node)

Definition at line 164 of file nat44_handoff.c.

◆ snat_main

snat_main_t snat_main

Definition at line 38 of file nat.c.

◆ snat_out2in_fast_node

vlib_node_registration_t snat_out2in_fast_node
Initial value:
= {
.name = "nat44-out2in-fast",
.vector_size = sizeof (u32),
.error_strings = snat_out2in_error_strings,
.runtime_data_bytes = sizeof (snat_runtime_t),
.n_next_nodes = SNAT_OUT2IN_N_NEXT,
.next_nodes = {
[SNAT_OUT2IN_NEXT_LOOKUP] = "ip4-lookup",
[SNAT_OUT2IN_NEXT_DROP] = "error-drop",
[SNAT_OUT2IN_NEXT_ICMP_ERROR] = "ip4-icmp-error",
[SNAT_OUT2IN_NEXT_REASS] = "nat44-out2in-reass",
},
}
static u8 * format_snat_out2in_fast_trace(u8 *s, va_list *args)
Definition: out2in.c:61
unsigned int u32
Definition: types.h:88
#define ARRAY_LEN(x)
Definition: clib.h:62
static char * snat_out2in_error_strings[]
Definition: out2in.c:102
static uword snat_out2in_fast_node_fn(vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame)
Definition: out2in.c:1689

(constructor) VLIB_REGISTER_NODE (snat_out2in_fast_node)

Definition at line 1855 of file out2in.c.

◆ snat_out2in_node

vlib_node_registration_t snat_out2in_node
Initial value:
= {
.function = snat_out2in_node_fn,
.name = "nat44-out2in",
.vector_size = sizeof (u32),
.format_trace = format_snat_out2in_trace,
.error_strings = snat_out2in_error_strings,
.runtime_data_bytes = sizeof (snat_runtime_t),
.n_next_nodes = SNAT_OUT2IN_N_NEXT,
.next_nodes = {
[SNAT_OUT2IN_NEXT_DROP] = "error-drop",
[SNAT_OUT2IN_NEXT_LOOKUP] = "ip4-lookup",
[SNAT_OUT2IN_NEXT_ICMP_ERROR] = "ip4-icmp-error",
[SNAT_OUT2IN_NEXT_REASS] = "nat44-out2in-reass",
},
}
unsigned int u32
Definition: types.h:88
#define ARRAY_LEN(x)
Definition: clib.h:62
static char * snat_out2in_error_strings[]
Definition: out2in.c:102
static u8 * format_snat_out2in_trace(u8 *s, va_list *args)
Definition: out2in.c:47
static uword snat_out2in_node_fn(vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame)
Definition: out2in.c:690

(constructor) VLIB_REGISTER_NODE (snat_out2in_node)

Definition at line 1325 of file out2in.c.

◆ snat_out2in_worker_handoff_node

vlib_node_registration_t snat_out2in_worker_handoff_node
Initial value:
= {
.name = "nat44-out2in-worker-handoff",
.vector_size = sizeof (u32),
.format_trace = format_nat44_handoff_trace,
.error_strings = nat44_handoff_error_strings,
.n_next_nodes = 1,
.next_nodes = {
[0] = "error-drop",
},
}
static char * nat44_handoff_error_strings[]
Definition: nat44_handoff.c:46
unsigned int u32
Definition: types.h:88
#define ARRAY_LEN(x)
Definition: clib.h:62
static uword snat_out2in_worker_handoff_fn(vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame)
static u8 * format_nat44_handoff_trace(u8 *s, va_list *args)
Definition: nat44_handoff.c:58

(constructor) VLIB_REGISTER_NODE (snat_out2in_worker_handoff_node)

Definition at line 218 of file nat44_handoff.c.

◆ unformat_snat_protocol

unformat_function_t unformat_snat_protocol

Definition at line 599 of file nat.h.