2 * Copyright (c) 2020 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
16 #ifndef __CNAT_TYPES_H__
17 #define __CNAT_TYPES_H__
19 #include <vppinfra/bihash_24_8.h>
20 #include <vnet/fib/fib_node.h>
21 #include <vnet/fib/fib_source.h>
22 #include <vnet/ip/ip_types.h>
23 #include <vnet/ip/ip.h>
24 #include <vnet/util/throttle.h>
26 /* only in the default table for v4 and v6 */
27 #define CNAT_FIB_TABLE 0
29 /* default lifetime of NAT sessions (seconds) */
30 #define CNAT_DEFAULT_SESSION_MAX_AGE 30
31 /* lifetime of TCP conn NAT sessions after SYNACK (seconds) */
32 #define CNAT_DEFAULT_TCP_MAX_AGE 3600
33 /* lifetime of TCP conn NAT sessions after RST/FIN (seconds) */
34 #define CNAT_DEFAULT_TCP_RST_TIMEOUT 5
35 #define CNAT_DEFAULT_SCANNER_TIMEOUT (1.0)
37 #define CNAT_DEFAULT_SESSION_BUCKETS 1024
38 #define CNAT_DEFAULT_TRANSLATION_BUCKETS 1024
39 #define CNAT_DEFAULT_SNAT_BUCKETS 1024
41 #define CNAT_DEFAULT_SESSION_MEMORY (1 << 20)
42 #define CNAT_DEFAULT_TRANSLATION_MEMORY (256 << 10)
43 #define CNAT_DEFAULT_SNAT_MEMORY (64 << 20)
45 /* This should be strictly lower than FIB_SOURCE_INTERFACE
46 * from fib_source.h */
47 #define CNAT_FIB_SOURCE_PRIORITY 0x02
49 /* Initial refcnt for timestamps (2 : session & rsession) */
50 #define CNAT_TIMESTAMP_INIT_REFCNT 2
52 #define MIN_SRC_PORT ((u16) 0xC000)
56 /* Endpoint addr has been resolved */
57 CNAT_EP_FLAG_RESOLVED = 1,
60 typedef struct cnat_endpoint_t_
68 typedef struct cnat_endpoint_tuple_t_
70 cnat_endpoint_t dst_ep;
71 cnat_endpoint_t src_ep;
72 } cnat_endpoint_tuple_t;
82 u32 dst_address_length_refcounts[129];
83 u16 *prefix_lengths_in_search_order;
84 uword *non_empty_dst_address_length_bitmap;
85 } cnat_snat_pfx_table_meta_t;
89 /* Stores (ip family, prefix & mask) */
90 clib_bihash_24_8_t ip_hash;
91 /* family dependant cache */
92 cnat_snat_pfx_table_meta_t meta[2];
93 /* Precomputed ip masks (ip4 & ip6) */
94 ip6_address_t ip_masks[129];
95 } cnat_snat_pfx_table_t;
97 typedef struct cnat_main_
99 /* Memory size of the session bihash */
100 uword session_hash_memory;
102 /* Number of buckets of the session bihash */
103 u32 session_hash_buckets;
105 /* Memory size of the translation bihash */
106 uword translation_hash_memory;
108 /* Number of buckets of the translation bihash */
109 u32 translation_hash_buckets;
111 /* Memory size of the source NAT prefix bihash */
112 uword snat_hash_memory;
114 /* Number of buckets of the source NAT prefix bihash */
115 u32 snat_hash_buckets;
117 /* Timeout after which to clear sessions (in seconds) */
120 /* Timeout after which to clear an established TCP
121 * session (in seconds) */
124 /* delay in seconds between two scans of session/clients tables */
127 /* Lock for the timestamp pool */
128 clib_rwlock_t ts_lock;
130 /* Ip4 Address to use for source NATing */
131 cnat_endpoint_t snat_ip4;
133 /* Ip6 Address to use for source NATing */
134 cnat_endpoint_t snat_ip6;
136 /* Longest prefix Match table for source NATing */
137 cnat_snat_pfx_table_t snat_pfx_table;
139 /* Index of the scanner process node */
140 uword scanner_node_index;
142 /* Did we do lazy init ? */
145 /* Enable or Disable the scanner on startup */
146 u8 default_scanner_state;
149 typedef struct cnat_timestamp_t_
151 /* Last time said session was seen */
153 /* expire after N seconds */
155 /* Users refcount, initially 3 (session, rsession, dpo) */
159 typedef struct cnat_node_ctx_
163 ip_address_family_t af;
167 cnat_main_t *cnat_get_main ();
168 extern u8 *format_cnat_endpoint (u8 * s, va_list * args);
169 extern uword unformat_cnat_ep_tuple (unformat_input_t * input,
171 extern uword unformat_cnat_ep (unformat_input_t * input, va_list * args);
172 extern cnat_timestamp_t *cnat_timestamps;
173 extern fib_source_t cnat_fib_source;
174 extern cnat_main_t cnat_main;
176 extern char *cnat_error_strings[];
180 #define cnat_error(n,s) CNAT_ERROR_##n,
181 #include <cnat/cnat_error.def>
186 typedef enum cnat_scanner_cmd_t_
190 } cnat_scanner_cmd_t;
193 * Lazy initialization when first adding a translation
196 extern void cnat_lazy_init ();
199 * Enable/Disable session cleanup
201 extern void cnat_enable_disable_scanner (cnat_scanner_cmd_t event_type);
204 * Resolve endpoint address
206 extern u8 cnat_resolve_ep (cnat_endpoint_t * ep);
207 extern u8 cnat_resolve_addr (u32 sw_if_index, ip_address_family_t af,
208 ip_address_t * addr);
212 * fd.io coding-style-patch-verification: ON
215 * eval: (c-set-style "gnu")