FD.io VPP  v21.10.1-2-g0a485f517
Vector Packet Processing
cnat_snat_policy.h
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2020 Cisco and/or its affiliates.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at:
6  *
7  * http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #ifndef __CNAT_SNAT_H__
17 #define __CNAT_SNAT_H__
18 
19 #include <cnat/cnat_types.h>
20 #include <cnat/cnat_session.h>
21 
22 /* function to use to decide whether to snat connections in the output
23  * feature. Returns 1 if we should source NAT */
24 typedef int (*cnat_snat_policy_t) (vlib_buffer_t *b, cnat_session_t *session);
25 
26 typedef struct cnat_snat_pfx_table_meta_t_
27 {
28  u32 dst_address_length_refcounts[129];
29  u16 *prefix_lengths_in_search_order;
30  uword *non_empty_dst_address_length_bitmap;
31 } cnat_snat_pfx_table_meta_t;
32 
33 typedef struct cnat_snat_exclude_pfx_table_t_
34 {
35  /* Stores (ip family, prefix & mask) */
36  clib_bihash_24_8_t ip_hash;
37  /* family dependant cache */
38  cnat_snat_pfx_table_meta_t meta[2];
39  /* Precomputed ip masks (ip4 & ip6) */
40  ip6_address_t ip_masks[129];
41 } cnat_snat_exclude_pfx_table_t;
42 
43 typedef enum cnat_snat_interface_map_type_t_
44 {
45  CNAT_SNAT_IF_MAP_INCLUDE_V4 = AF_IP4,
46  CNAT_SNAT_IF_MAP_INCLUDE_V6 = AF_IP6,
47  CNAT_SNAT_IF_MAP_INCLUDE_POD,
48  CNAT_N_SNAT_IF_MAP,
49 } cnat_snat_interface_map_type_t;
50 
51 typedef enum cnat_snat_policy_type_t_
52 {
53  CNAT_SNAT_POLICY_NONE = 0,
54  CNAT_SNAT_POLICY_IF_PFX = 1,
55  CNAT_SNAT_POLICY_K8S = 2,
56 } cnat_snat_policy_type_t;
57 
58 typedef struct cnat_snat_policy_main_t_
59 {
60  /* Longest prefix Match table for source NATing */
61  cnat_snat_exclude_pfx_table_t excluded_pfx;
62 
63  /* interface maps including or excluding sw_if_indexes */
64  clib_bitmap_t *interface_maps[CNAT_N_SNAT_IF_MAP];
65 
66  /* SNAT policy for the output feature node */
67  cnat_snat_policy_t snat_policy;
68 
69  /* Ip4 Address to use for source NATing */
70  cnat_endpoint_t snat_ip4;
71 
72  /* Ip6 Address to use for source NATing */
73  cnat_endpoint_t snat_ip6;
74 
75 } cnat_snat_policy_main_t;
76 
77 extern cnat_snat_policy_main_t cnat_snat_policy_main;
78 
79 extern void cnat_set_snat (ip4_address_t *ip4, ip6_address_t *ip6,
80  u32 sw_if_index);
81 extern int cnat_snat_policy_add_pfx (ip_prefix_t *pfx);
82 extern int cnat_snat_policy_del_pfx (ip_prefix_t *pfx);
83 extern int cnat_set_snat_policy (cnat_snat_policy_type_t policy);
84 extern int cnat_snat_policy_add_del_if (u32 sw_if_index, u8 is_add,
85  cnat_snat_interface_map_type_t table);
86 
87 int cnat_search_snat_prefix (ip46_address_t *addr, ip_address_family_t af);
88 
89 /*
90  * fd.io coding-style-patch-verification: ON
91  *
92  * Local Variables:
93  * eval: (c-set-style "gnu")
94  * End:
95  */
96 
97 #endif
CNAT_SNAT_POLICY_NONE
@ CNAT_SNAT_POLICY_NONE
Definition: cnat_snat_policy.h:53
ip4
vl_api_ip4_address_t ip4
Definition: one.api:376
ip_prefix
Definition: ip_types.h:116
policy
vl_api_ipsec_spd_action_t policy
Definition: ipsec.api:99
cnat_snat_pfx_table_meta_t
struct cnat_snat_pfx_table_meta_t_ cnat_snat_pfx_table_meta_t
cnat_session.h
clib_bitmap_t
uword clib_bitmap_t
Definition: bitmap.h:50
cnat_snat_pfx_table_meta_t_::prefix_lengths_in_search_order
u16 * prefix_lengths_in_search_order
Definition: cnat_snat_policy.h:29
cnat_snat_pfx_table_meta_t_
Definition: cnat_snat_policy.h:26
cnat_snat_exclude_pfx_table_t
struct cnat_snat_exclude_pfx_table_t_ cnat_snat_exclude_pfx_table_t
u16
unsigned short u16
Definition: types.h:57
cnat_snat_policy_main_t_::excluded_pfx
cnat_snat_exclude_pfx_table_t excluded_pfx
Definition: cnat_snat_policy.h:61
AF_IP4
@ AF_IP4
Definition: ip_types.h:23
cnat_snat_exclude_pfx_table_t_::meta
cnat_snat_pfx_table_meta_t meta[2]
Definition: cnat_snat_policy.h:38
cnat_session_t_
A session represents the memory of a translation.
Definition: cnat_session.h:37
CNAT_SNAT_IF_MAP_INCLUDE_V4
@ CNAT_SNAT_IF_MAP_INCLUDE_V4
Definition: cnat_snat_policy.h:45
addr
vhost_vring_addr_t addr
Definition: vhost_user.h:130
cnat_endpoint_t_
Definition: cnat_types.h:73
cnat_snat_interface_map_type_t
enum cnat_snat_interface_map_type_t_ cnat_snat_interface_map_type_t
cnat_snat_policy_add_del_if
int cnat_snat_policy_add_del_if(u32 sw_if_index, u8 is_add, cnat_snat_interface_map_type_t table)
Definition: cnat_snat_policy.c:89
cnat_snat_policy_main_t_::snat_ip4
cnat_endpoint_t snat_ip4
Definition: cnat_snat_policy.h:70
cnat_snat_interface_map_type_t_
cnat_snat_interface_map_type_t_
Definition: cnat_snat_policy.h:43
cnat_types.h
cnat_search_snat_prefix
int cnat_search_snat_prefix(ip46_address_t *addr, ip_address_family_t af)
Definition: cnat_snat_policy.c:218
cnat_snat_pfx_table_meta_t_::non_empty_dst_address_length_bitmap
uword * non_empty_dst_address_length_bitmap
Definition: cnat_snat_policy.h:30
cnat_snat_policy_main_t_::interface_maps
clib_bitmap_t * interface_maps[CNAT_N_SNAT_IF_MAP]
Definition: cnat_snat_policy.h:64
cnat_snat_exclude_pfx_table_t_::ip_masks
ip6_address_t ip_masks[129]
Definition: cnat_snat_policy.h:40
uword
u64 uword
Definition: types.h:112
CNAT_SNAT_IF_MAP_INCLUDE_V6
@ CNAT_SNAT_IF_MAP_INCLUDE_V6
Definition: cnat_snat_policy.h:46
cnat_set_snat_policy
int cnat_set_snat_policy(cnat_snat_policy_type_t policy)
Definition: cnat_snat_policy.c:473
ip4_address_t
Definition: ip4_packet.h:50
cnat_snat_policy_t
int(* cnat_snat_policy_t)(vlib_buffer_t *b, cnat_session_t *session)
Definition: cnat_snat_policy.h:24
cnat_snat_policy_main
cnat_snat_policy_main_t cnat_snat_policy_main
Definition: cnat_snat_policy.c:20
cnat_snat_exclude_pfx_table_t_
Definition: cnat_snat_policy.h:33
cnat_snat_policy_main_t
struct cnat_snat_policy_main_t_ cnat_snat_policy_main_t
cnat_snat_policy_del_pfx
int cnat_snat_policy_del_pfx(ip_prefix_t *pfx)
Definition: cnat_snat_policy.c:179
cnat_snat_policy_add_pfx
int cnat_snat_policy_add_pfx(ip_prefix_t *pfx)
Definition: cnat_snat_policy.c:148
u32
unsigned int u32
Definition: types.h:88
af
vl_api_address_family_t af
Definition: ip.api:619
ip6
vl_api_ip6_address_t ip6
Definition: one.api:424
cnat_snat_policy_type_t_
cnat_snat_policy_type_t_
Definition: cnat_snat_policy.h:51
cnat_snat_policy_main_t_::snat_policy
cnat_snat_policy_t snat_policy
Definition: cnat_snat_policy.h:67
AF_IP6
@ AF_IP6
Definition: ip_types.h:24
CNAT_SNAT_POLICY_IF_PFX
@ CNAT_SNAT_POLICY_IF_PFX
Definition: cnat_snat_policy.h:54
cnat_snat_policy_main_t_
Definition: cnat_snat_policy.h:58
cnat_snat_policy_main_t_::snat_ip6
cnat_endpoint_t snat_ip6
Definition: cnat_snat_policy.h:73
b
vlib_buffer_t ** b
Definition: nat44_ei_out2in.c:717
u8
unsigned char u8
Definition: types.h:56
cnat_snat_exclude_pfx_table_t_::ip_hash
clib_bihash_24_8_t ip_hash
Definition: cnat_snat_policy.h:36
cnat_snat_policy_type_t
enum cnat_snat_policy_type_t_ cnat_snat_policy_type_t
CNAT_SNAT_IF_MAP_INCLUDE_POD
@ CNAT_SNAT_IF_MAP_INCLUDE_POD
Definition: cnat_snat_policy.h:47
cnat_snat_pfx_table_meta_t_::dst_address_length_refcounts
u32 dst_address_length_refcounts[129]
Definition: cnat_snat_policy.h:28
sw_if_index
vl_api_interface_index_t sw_if_index
Definition: wireguard.api:34
CNAT_N_SNAT_IF_MAP
@ CNAT_N_SNAT_IF_MAP
Definition: cnat_snat_policy.h:48
CNAT_SNAT_POLICY_K8S
@ CNAT_SNAT_POLICY_K8S
Definition: cnat_snat_policy.h:55
cnat_set_snat
void cnat_set_snat(ip4_address_t *ip4, ip6_address_t *ip6, u32 sw_if_index)
Definition: cnat_snat_policy.c:331
ip_address_family_t
enum ip_address_family_t_ ip_address_family_t
vlib_buffer_t
VLIB buffer representation.
Definition: buffer.h:111