2 * Copyright (c) 2020 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
16 #include <vnet/fib/fib_table.h>
18 #include <nat/lib/log.h>
19 #include <nat/lib/nat_inlines.h>
20 #include <nat/lib/ipfix_logging.h>
22 #include <nat/nat44-ei/nat44_ei.h>
23 #include <nat/nat44-ei/nat44_ei_ha.h>
25 #define NAT44_EI_EXPECTED_ARGUMENT "expected required argument(s)"
28 format_nat44_ei_session (u8 *s, va_list *args)
30 nat44_ei_main_per_thread_data_t *tnm =
31 va_arg (*args, nat44_ei_main_per_thread_data_t *);
32 nat44_ei_session_t *sess = va_arg (*args, nat44_ei_session_t *);
34 if (nat44_ei_is_unk_proto_session (sess))
37 format (s, " i2o %U proto %u fib %u\n", format_ip4_address,
38 &sess->in2out.addr, sess->in2out.port, sess->in2out.fib_index);
40 format (s, " o2i %U proto %u fib %u\n", format_ip4_address,
41 &sess->out2in.addr, sess->out2in.port, sess->out2in.fib_index);
45 s = format (s, " i2o %U proto %U port %d fib %d\n", format_ip4_address,
46 &sess->in2out.addr, format_nat_protocol, sess->nat_proto,
47 clib_net_to_host_u16 (sess->in2out.port),
48 sess->in2out.fib_index);
49 s = format (s, " o2i %U proto %U port %d fib %d\n", format_ip4_address,
50 &sess->out2in.addr, format_nat_protocol, sess->nat_proto,
51 clib_net_to_host_u16 (sess->out2in.port),
52 sess->out2in.fib_index);
55 s = format (s, " index %llu\n", sess - tnm->sessions);
56 s = format (s, " last heard %.2f\n", sess->last_heard);
57 s = format (s, " total pkts %d, total bytes %lld\n", sess->total_pkts,
59 if (nat44_ei_is_session_static (sess))
60 s = format (s, " static translation\n");
62 s = format (s, " dynamic translation\n");
68 format_nat44_ei_user (u8 *s, va_list *args)
70 nat44_ei_main_per_thread_data_t *tnm =
71 va_arg (*args, nat44_ei_main_per_thread_data_t *);
72 nat44_ei_user_t *u = va_arg (*args, nat44_ei_user_t *);
73 int verbose = va_arg (*args, int);
74 dlist_elt_t *head, *elt;
75 u32 elt_index, head_index;
77 nat44_ei_session_t *sess;
79 s = format (s, "%U: %d dynamic translations, %d static translations\n",
80 format_ip4_address, &u->addr, u->nsessions, u->nstaticsessions);
85 if (u->nsessions || u->nstaticsessions)
87 head_index = u->sessions_per_user_list_head_index;
88 head = pool_elt_at_index (tnm->list_pool, head_index);
90 elt_index = head->next;
91 elt = pool_elt_at_index (tnm->list_pool, elt_index);
92 session_index = elt->value;
94 while (session_index != ~0)
96 sess = pool_elt_at_index (tnm->sessions, session_index);
98 s = format (s, " %U\n", format_nat44_ei_session, tnm, sess);
100 elt_index = elt->next;
101 elt = pool_elt_at_index (tnm->list_pool, elt_index);
102 session_index = elt->value;
110 format_nat44_ei_static_mapping (u8 *s, va_list *args)
112 nat44_ei_static_mapping_t *m = va_arg (*args, nat44_ei_static_mapping_t *);
113 nat44_ei_lb_addr_port_t *local;
115 if (is_sm_identity_nat (m->flags))
117 if (is_sm_addr_only (m->flags))
118 s = format (s, "identity mapping %U", format_ip4_address,
121 s = format (s, "identity mapping %U %U:%d", format_nat_protocol,
122 m->proto, format_ip4_address, &m->local_addr,
123 clib_net_to_host_u16 (m->local_port));
125 pool_foreach (local, m->locals)
127 s = format (s, " vrf %d", local->vrf_id);
133 if (is_sm_addr_only (m->flags))
135 s = format (s, "local %U external %U vrf %d", format_ip4_address,
136 &m->local_addr, format_ip4_address, &m->external_addr,
141 s = format (s, "%U local %U:%d external %U:%d vrf %d",
142 format_nat_protocol, m->proto, format_ip4_address,
143 &m->local_addr, clib_net_to_host_u16 (m->local_port),
144 format_ip4_address, &m->external_addr,
145 clib_net_to_host_u16 (m->external_port), m->vrf_id);
151 format_nat44_ei_static_map_to_resolve (u8 *s, va_list *args)
153 nat44_ei_static_map_resolve_t *m =
154 va_arg (*args, nat44_ei_static_map_resolve_t *);
155 vnet_main_t *vnm = vnet_get_main ();
157 if (is_sm_addr_only (m->flags))
159 format (s, "local %U external %U vrf %d", format_ip4_address, &m->l_addr,
160 format_vnet_sw_if_index_name, vnm, m->sw_if_index, m->vrf_id);
162 s = format (s, "%U local %U:%d external %U:%d vrf %d", format_nat_protocol,
163 m->proto, format_ip4_address, &m->l_addr,
164 clib_net_to_host_u16 (m->l_port), format_vnet_sw_if_index_name,
165 vnm, m->sw_if_index, clib_net_to_host_u16 (m->e_port),
171 static clib_error_t *
172 nat44_ei_enable_disable_command_fn (vlib_main_t *vm, unformat_input_t *input,
173 vlib_cli_command_t *cmd)
175 nat44_ei_main_t *nm = &nat44_ei_main;
176 unformat_input_t _line_input, *line_input = &_line_input;
177 clib_error_t *error = 0;
179 nat44_ei_config_t c = { 0 };
180 u8 enable_set = 0, enable = 0, mode_set = 0;
182 if (!unformat_user (input, unformat_line_input, line_input))
183 return clib_error_return (0, NAT44_EI_EXPECTED_ARGUMENT);
185 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
187 if (!mode_set && unformat (line_input, "static-mapping-only"))
190 c.static_mapping_only = 1;
191 if (unformat (line_input, "connection-tracking"))
193 c.connection_tracking = 1;
196 else if (!mode_set && unformat (line_input, "out2in-dpo"))
201 else if (unformat (line_input, "inside-vrf %u", &c.inside_vrf))
203 else if (unformat (line_input, "outside-vrf %u", &c.outside_vrf))
205 else if (unformat (line_input, "users %u", &c.users))
207 else if (unformat (line_input, "sessions %u", &c.sessions))
209 else if (unformat (line_input, "user-sessions %u", &c.user_sessions))
211 else if (!enable_set)
214 if (unformat (line_input, "disable"))
216 else if (unformat (line_input, "enable"))
221 error = clib_error_return (0, "unknown input '%U'",
222 format_unformat_error, line_input);
229 error = clib_error_return (0, "expected enable | disable");
237 error = clib_error_return (0, "already enabled");
241 if (nat44_ei_plugin_enable (c) != 0)
242 error = clib_error_return (0, "enable failed");
248 error = clib_error_return (0, "already disabled");
252 if (nat44_ei_plugin_disable () != 0)
253 error = clib_error_return (0, "disable failed");
257 unformat_free (line_input);
261 static clib_error_t *
262 set_workers_command_fn (vlib_main_t *vm, unformat_input_t *input,
263 vlib_cli_command_t *cmd)
265 unformat_input_t _line_input, *line_input = &_line_input;
268 clib_error_t *error = 0;
270 if (!unformat_user (input, unformat_line_input, line_input))
271 return clib_error_return (0, NAT44_EI_EXPECTED_ARGUMENT);
273 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
275 if (unformat (line_input, "%U", unformat_bitmap_list, &bitmap))
279 error = clib_error_return (0, "unknown input '%U'",
280 format_unformat_error, line_input);
287 error = clib_error_return (0, "List of workers must be specified.");
291 rv = nat44_ei_set_workers (bitmap);
293 clib_bitmap_free (bitmap);
297 case VNET_API_ERROR_INVALID_WORKER:
298 error = clib_error_return (0, "Invalid worker(s).");
300 case VNET_API_ERROR_FEATURE_DISABLED:
302 clib_error_return (0, "Supported only if 2 or more workes available.");
309 unformat_free (line_input);
314 static clib_error_t *
315 nat_show_workers_command_fn (vlib_main_t *vm, unformat_input_t *input,
316 vlib_cli_command_t *cmd)
318 nat44_ei_main_t *nm = &nat44_ei_main;
321 if (nm->num_workers > 1)
323 vlib_cli_output (vm, "%d workers", vec_len (nm->workers));
324 vec_foreach (worker, nm->workers)
326 vlib_worker_thread_t *w =
327 vlib_worker_threads + *worker + nm->first_worker_index;
328 vlib_cli_output (vm, " %s", w->name);
335 static clib_error_t *
336 nat44_ei_set_log_level_command_fn (vlib_main_t *vm, unformat_input_t *input,
337 vlib_cli_command_t *cmd)
339 unformat_input_t _line_input, *line_input = &_line_input;
340 nat44_ei_main_t *nm = &nat44_ei_main;
341 u8 log_level = NAT_LOG_NONE;
342 clib_error_t *error = 0;
344 if (!unformat_user (input, unformat_line_input, line_input))
345 return clib_error_return (0, NAT44_EI_EXPECTED_ARGUMENT);
347 if (!unformat (line_input, "%d", &log_level))
349 error = clib_error_return (0, "unknown input '%U'",
350 format_unformat_error, line_input);
353 if (log_level > NAT_LOG_DEBUG)
355 error = clib_error_return (0, "unknown logging level '%d'", log_level);
358 nm->log_level = log_level;
361 unformat_free (line_input);
366 static clib_error_t *
367 nat44_ei_ipfix_logging_enable_disable_command_fn (vlib_main_t *vm,
368 unformat_input_t *input,
369 vlib_cli_command_t *cmd)
371 unformat_input_t _line_input, *line_input = &_line_input;
372 clib_error_t *error = 0;
374 u32 domain_id = 0, src_port = 0;
375 u8 enable_set = 0, enable = 0;
377 if (!unformat_user (input, unformat_line_input, line_input))
378 return clib_error_return (0, NAT44_EI_EXPECTED_ARGUMENT);
380 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
382 if (unformat (line_input, "domain %d", &domain_id))
384 else if (unformat (line_input, "src-port %d", &src_port))
386 else if (unformat (line_input, "disable"))
388 else if (!enable_set)
391 if (unformat (line_input, "disable"))
393 else if (unformat (line_input, "enable"))
398 error = clib_error_return (0, "unknown input '%U'",
399 format_unformat_error, line_input);
406 error = clib_error_return (0, "expected enable | disable");
410 if (nat_ipfix_logging_enable_disable (enable, domain_id, (u16) src_port))
412 error = clib_error_return (0, "ipfix logging enable failed");
417 unformat_free (line_input);
422 static clib_error_t *
423 nat44_ei_show_hash_command_fn (vlib_main_t *vm, unformat_input_t *input,
424 vlib_cli_command_t *cmd)
426 nat44_ei_main_t *nm = &nat44_ei_main;
427 nat44_ei_main_per_thread_data_t *tnm;
431 if (unformat (input, "detail"))
433 else if (unformat (input, "verbose"))
436 vlib_cli_output (vm, "%U", format_bihash_8_8, &nm->static_mapping_by_local,
438 vlib_cli_output (vm, "%U", format_bihash_8_8,
439 &nm->static_mapping_by_external, verbose);
440 vec_foreach_index (i, nm->per_thread_data)
442 tnm = vec_elt_at_index (nm->per_thread_data, i);
443 vlib_cli_output (vm, "-------- thread %d %s --------\n", i,
444 vlib_worker_threads[i].name);
446 vlib_cli_output (vm, "%U", format_bihash_8_8, &nm->in2out, verbose);
447 vlib_cli_output (vm, "%U", format_bihash_8_8, &nm->out2in, verbose);
448 vlib_cli_output (vm, "%U", format_bihash_8_8, &tnm->user_hash, verbose);
451 vlib_cli_output (vm, "-------- hash table parameters --------\n");
452 vlib_cli_output (vm, "translation buckets: %u", nm->translation_buckets);
453 vlib_cli_output (vm, "user buckets: %u", nm->user_buckets);
457 static clib_error_t *
458 nat44_ei_set_alloc_addr_and_port_alg_command_fn (vlib_main_t *vm,
459 unformat_input_t *input,
460 vlib_cli_command_t *cmd)
462 unformat_input_t _line_input, *line_input = &_line_input;
463 clib_error_t *error = 0;
464 u32 psid, psid_offset, psid_length, port_start, port_end;
466 if (!unformat_user (input, unformat_line_input, line_input))
467 return clib_error_return (0, NAT44_EI_EXPECTED_ARGUMENT);
469 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
471 if (unformat (line_input, "default"))
472 nat44_ei_set_alloc_default ();
473 else if (unformat (line_input,
474 "map-e psid %d psid-offset %d psid-len %d", &psid,
475 &psid_offset, &psid_length))
476 nat44_ei_set_alloc_mape ((u16) psid, (u16) psid_offset,
478 else if (unformat (line_input, "port-range %d - %d", &port_start,
481 if (port_end <= port_start)
483 error = clib_error_return (
484 0, "The end-port must be greater than start-port");
487 nat44_ei_set_alloc_range ((u16) port_start, (u16) port_end);
491 error = clib_error_return (0, "unknown input '%U'",
492 format_unformat_error, line_input);
498 unformat_free (line_input);
504 format_nat44_ei_addr_and_port_alloc_alg (u8 *s, va_list *args)
506 u32 i = va_arg (*args, u32);
512 case NAT44_EI_ADDR_AND_PORT_ALLOC_ALG_##N: \
515 foreach_nat44_ei_addr_and_port_alloc_alg
517 default : s = format (s, "unknown");
520 s = format (s, "%s", t);
524 static clib_error_t *
525 nat44_ei_show_alloc_addr_and_port_alg_command_fn (vlib_main_t *vm,
526 unformat_input_t *input,
527 vlib_cli_command_t *cmd)
529 nat44_ei_main_t *nm = &nat44_ei_main;
531 vlib_cli_output (vm, "NAT address and port: %U",
532 format_nat44_ei_addr_and_port_alloc_alg,
533 nm->addr_and_port_alloc_alg);
534 switch (nm->addr_and_port_alloc_alg)
536 case NAT44_EI_ADDR_AND_PORT_ALLOC_ALG_MAPE:
537 vlib_cli_output (vm, " psid %d psid-offset %d psid-len %d", nm->psid,
538 nm->psid_offset, nm->psid_length);
540 case NAT44_EI_ADDR_AND_PORT_ALLOC_ALG_RANGE:
541 vlib_cli_output (vm, " start-port %d end-port %d", nm->start_port,
551 static clib_error_t *
552 nat_set_mss_clamping_command_fn (vlib_main_t *vm, unformat_input_t *input,
553 vlib_cli_command_t *cmd)
555 unformat_input_t _line_input, *line_input = &_line_input;
556 nat44_ei_main_t *nm = &nat44_ei_main;
557 clib_error_t *error = 0;
560 if (!unformat_user (input, unformat_line_input, line_input))
561 return clib_error_return (0, NAT44_EI_EXPECTED_ARGUMENT);
563 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
565 if (unformat (line_input, "disable"))
566 nm->mss_clamping = 0;
567 else if (unformat (line_input, "%d", &mss))
568 nm->mss_clamping = (u16) mss;
571 error = clib_error_return (0, "unknown input '%U'",
572 format_unformat_error, line_input);
578 unformat_free (line_input);
583 static clib_error_t *
584 nat_show_mss_clamping_command_fn (vlib_main_t *vm, unformat_input_t *input,
585 vlib_cli_command_t *cmd)
587 nat44_ei_main_t *nm = &nat44_ei_main;
589 if (nm->mss_clamping)
590 vlib_cli_output (vm, "mss-clamping %d", nm->mss_clamping);
592 vlib_cli_output (vm, "mss-clamping disabled");
597 static clib_error_t *
598 nat_ha_failover_command_fn (vlib_main_t *vm, unformat_input_t *input,
599 vlib_cli_command_t *cmd)
601 unformat_input_t _line_input, *line_input = &_line_input;
603 u32 port, session_refresh_interval = 10;
605 clib_error_t *error = 0;
607 if (!unformat_user (input, unformat_line_input, line_input))
608 return clib_error_return (0, NAT44_EI_EXPECTED_ARGUMENT);
610 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
612 if (unformat (line_input, "%U:%u", unformat_ip4_address, &addr, &port))
614 else if (unformat (line_input, "refresh-interval %u",
615 &session_refresh_interval))
619 error = clib_error_return (0, "unknown input '%U'",
620 format_unformat_error, line_input);
625 rv = nat_ha_set_failover (vm, &addr, (u16) port, session_refresh_interval);
627 error = clib_error_return (0, "set HA failover failed");
630 unformat_free (line_input);
635 static clib_error_t *
636 nat_ha_listener_command_fn (vlib_main_t *vm, unformat_input_t *input,
637 vlib_cli_command_t *cmd)
639 unformat_input_t _line_input, *line_input = &_line_input;
641 u32 port, path_mtu = 512;
643 clib_error_t *error = 0;
645 if (!unformat_user (input, unformat_line_input, line_input))
646 return clib_error_return (0, NAT44_EI_EXPECTED_ARGUMENT);
648 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
650 if (unformat (line_input, "%U:%u", unformat_ip4_address, &addr, &port))
652 else if (unformat (line_input, "path-mtu %u", &path_mtu))
656 error = clib_error_return (0, "unknown input '%U'",
657 format_unformat_error, line_input);
662 rv = nat_ha_set_listener (vm, &addr, (u16) port, path_mtu);
664 error = clib_error_return (0, "set HA listener failed");
667 unformat_free (line_input);
672 static clib_error_t *
673 nat_show_ha_command_fn (vlib_main_t *vm, unformat_input_t *input,
674 vlib_cli_command_t *cmd)
678 u32 path_mtu, session_refresh_interval, resync_ack_missed;
681 nat_ha_get_listener (&addr, &port, &path_mtu);
684 vlib_cli_output (vm, "NAT HA disabled\n");
688 vlib_cli_output (vm, "LISTENER:\n");
689 vlib_cli_output (vm, " %U:%u path-mtu %u\n", format_ip4_address, &addr,
692 nat_ha_get_failover (&addr, &port, &session_refresh_interval);
693 vlib_cli_output (vm, "FAILOVER:\n");
695 vlib_cli_output (vm, " %U:%u refresh-interval %usec\n",
696 format_ip4_address, &addr, port,
697 session_refresh_interval);
699 vlib_cli_output (vm, " NA\n");
701 nat_ha_get_resync_status (&in_resync, &resync_ack_missed);
702 vlib_cli_output (vm, "RESYNC:\n");
704 vlib_cli_output (vm, " in progress\n");
706 vlib_cli_output (vm, " completed (%d ACK missed)\n", resync_ack_missed);
711 static clib_error_t *
712 nat_ha_flush_command_fn (vlib_main_t *vm, unformat_input_t *input,
713 vlib_cli_command_t *cmd)
719 static clib_error_t *
720 nat_ha_resync_command_fn (vlib_main_t *vm, unformat_input_t *input,
721 vlib_cli_command_t *cmd)
723 clib_error_t *error = 0;
725 if (nat_ha_resync (0, 0, 0))
726 error = clib_error_return (0, "NAT HA resync already running");
731 static clib_error_t *
732 add_address_command_fn (vlib_main_t *vm, unformat_input_t *input,
733 vlib_cli_command_t *cmd)
735 unformat_input_t _line_input, *line_input = &_line_input;
736 nat44_ei_main_t *nm = &nat44_ei_main;
737 ip4_address_t start_addr, end_addr, this_addr;
738 u32 start_host_order, end_host_order;
743 clib_error_t *error = 0;
745 if (!unformat_user (input, unformat_line_input, line_input))
746 return clib_error_return (0, NAT44_EI_EXPECTED_ARGUMENT);
748 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
750 if (unformat (line_input, "%U - %U", unformat_ip4_address, &start_addr,
751 unformat_ip4_address, &end_addr))
753 else if (unformat (line_input, "tenant-vrf %u", &vrf_id))
755 else if (unformat (line_input, "%U", unformat_ip4_address, &start_addr))
756 end_addr = start_addr;
757 else if (unformat (line_input, "del"))
761 error = clib_error_return (0, "unknown input '%U'",
762 format_unformat_error, line_input);
767 if (nm->static_mapping_only)
769 error = clib_error_return (0, "static mapping only mode");
773 start_host_order = clib_host_to_net_u32 (start_addr.as_u32);
774 end_host_order = clib_host_to_net_u32 (end_addr.as_u32);
776 if (end_host_order < start_host_order)
778 error = clib_error_return (0, "end address less than start address");
782 count = (end_host_order - start_host_order) + 1;
785 nat44_ei_log_info ("%U - %U, %d addresses...", format_ip4_address,
786 &start_addr, format_ip4_address, &end_addr, count);
788 this_addr = start_addr;
790 for (i = 0; i < count; i++)
793 rv = nat44_ei_add_address (&this_addr, vrf_id);
795 rv = nat44_ei_del_address (this_addr, 0);
799 case VNET_API_ERROR_VALUE_EXIST:
800 error = clib_error_return (0, "NAT address already in use.");
802 case VNET_API_ERROR_NO_SUCH_ENTRY:
803 error = clib_error_return (0, "NAT address not exist.");
805 case VNET_API_ERROR_UNSPECIFIED:
806 error = clib_error_return (0, "NAT address used in static mapping.");
808 case VNET_API_ERROR_FEATURE_DISABLED:
815 nat44_ei_add_del_address_dpo (this_addr, is_add);
817 increment_v4_address (&this_addr);
821 unformat_free (line_input);
826 static clib_error_t *
827 nat44_ei_show_addresses_command_fn (vlib_main_t *vm, unformat_input_t *input,
828 vlib_cli_command_t *cmd)
830 nat44_ei_main_t *nm = &nat44_ei_main;
831 nat44_ei_address_t *ap;
833 vlib_cli_output (vm, "NAT44 pool addresses:");
834 vec_foreach (ap, nm->addresses)
836 vlib_cli_output (vm, "%U", format_ip4_address, &ap->addr);
837 if (ap->fib_index != ~0)
839 vm, " tenant VRF: %u",
840 fib_table_get (ap->fib_index, FIB_PROTOCOL_IP4)->ft_table_id);
842 vlib_cli_output (vm, " tenant VRF independent");
843 #define _(N, i, n, s) \
844 vlib_cli_output (vm, " %d busy %s ports", ap->busy_ports[i], s);
851 static clib_error_t *
852 nat44_ei_feature_command_fn (vlib_main_t *vm, unformat_input_t *input,
853 vlib_cli_command_t *cmd)
855 unformat_input_t _line_input, *line_input = &_line_input;
856 vnet_main_t *vnm = vnet_get_main ();
857 clib_error_t *error = 0;
859 u32 *inside_sw_if_indices = 0;
860 u32 *outside_sw_if_indices = 0;
861 u8 is_output_feature = 0;
862 int i, rv, is_del = 0;
866 if (!unformat_user (input, unformat_line_input, line_input))
867 return clib_error_return (0, NAT44_EI_EXPECTED_ARGUMENT);
869 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
871 if (unformat (line_input, "in %U", unformat_vnet_sw_interface, vnm,
873 vec_add1 (inside_sw_if_indices, sw_if_index);
874 else if (unformat (line_input, "out %U", unformat_vnet_sw_interface, vnm,
876 vec_add1 (outside_sw_if_indices, sw_if_index);
877 else if (unformat (line_input, "output-feature"))
878 is_output_feature = 1;
879 else if (unformat (line_input, "del"))
883 error = clib_error_return (0, "unknown input '%U'",
884 format_unformat_error, line_input);
889 if (vec_len (inside_sw_if_indices))
891 for (i = 0; i < vec_len (inside_sw_if_indices); i++)
893 sw_if_index = inside_sw_if_indices[i];
894 if (is_output_feature)
898 rv = nat44_ei_del_output_interface (sw_if_index);
902 rv = nat44_ei_add_output_interface (sw_if_index);
906 error = clib_error_return (
907 0, "%s %U failed", is_del ? "del" : "add",
908 format_vnet_sw_if_index_name, vnm, sw_if_index);
916 rv = nat44_ei_del_interface (sw_if_index, 1);
920 rv = nat44_ei_add_interface (sw_if_index, 1);
924 error = clib_error_return (
925 0, "%s %U failed", is_del ? "del" : "add",
926 format_vnet_sw_if_index_name, vnm, sw_if_index);
933 if (vec_len (outside_sw_if_indices))
935 for (i = 0; i < vec_len (outside_sw_if_indices); i++)
937 sw_if_index = outside_sw_if_indices[i];
938 if (is_output_feature)
942 rv = nat44_ei_del_output_interface (sw_if_index);
946 rv = nat44_ei_add_output_interface (sw_if_index);
950 error = clib_error_return (
951 0, "%s %U failed", is_del ? "del" : "add",
952 format_vnet_sw_if_index_name, vnm, sw_if_index);
960 rv = nat44_ei_del_interface (sw_if_index, 0);
964 rv = nat44_ei_add_interface (sw_if_index, 0);
968 error = clib_error_return (
969 0, "%s %U failed", is_del ? "del" : "add",
970 format_vnet_sw_if_index_name, vnm, sw_if_index);
978 unformat_free (line_input);
979 vec_free (inside_sw_if_indices);
980 vec_free (outside_sw_if_indices);
985 static clib_error_t *
986 nat44_ei_show_interfaces_command_fn (vlib_main_t *vm, unformat_input_t *input,
987 vlib_cli_command_t *cmd)
989 nat44_ei_main_t *nm = &nat44_ei_main;
990 nat44_ei_interface_t *i;
991 vnet_main_t *vnm = vnet_get_main ();
993 vlib_cli_output (vm, "NAT44 interfaces:");
994 pool_foreach (i, nm->interfaces)
996 vlib_cli_output (vm, " %U %s", format_vnet_sw_if_index_name, vnm,
998 (nat44_ei_interface_is_inside (i) &&
999 nat44_ei_interface_is_outside (i)) ?
1001 (nat44_ei_interface_is_inside (i) ? "in" : "out"));
1004 pool_foreach (i, nm->output_feature_interfaces)
1006 vlib_cli_output (vm, " %U output-feature %s",
1007 format_vnet_sw_if_index_name, vnm, i->sw_if_index,
1008 (nat44_ei_interface_is_inside (i) &&
1009 nat44_ei_interface_is_outside (i)) ?
1011 (nat44_ei_interface_is_inside (i) ? "in" : "out"));
1017 static clib_error_t *
1018 add_static_mapping_command_fn (vlib_main_t *vm, unformat_input_t *input,
1019 vlib_cli_command_t *cmd)
1021 unformat_input_t _line_input, *line_input = &_line_input;
1022 vnet_main_t *vnm = vnet_get_main ();
1023 clib_error_t *error = 0;
1026 nat_protocol_t proto = NAT_PROTOCOL_OTHER;
1027 ip4_address_t l_addr, e_addr, pool_addr = { 0 };
1028 u32 l_port = 0, e_port = 0, vrf_id = ~0;
1029 u8 l_port_set = 0, e_port_set = 0;
1030 u32 sw_if_index = ~0, flags = 0;
1033 if (!unformat_user (input, unformat_line_input, line_input))
1034 return clib_error_return (0, NAT44_EI_EXPECTED_ARGUMENT);
1036 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1038 if (unformat (line_input, "local %U %u", unformat_ip4_address, &l_addr,
1043 else if (unformat (line_input, "local %U", unformat_ip4_address,
1046 else if (unformat (line_input, "external %U %u", unformat_ip4_address,
1051 else if (unformat (line_input, "external %U", unformat_ip4_address,
1054 else if (unformat (line_input, "external %U %u",
1055 unformat_vnet_sw_interface, vnm, &sw_if_index,
1060 else if (unformat (line_input, "external %U", unformat_vnet_sw_interface,
1063 else if (unformat (line_input, "vrf %u", &vrf_id))
1065 else if (unformat (line_input, "%U", unformat_nat_protocol, &proto))
1067 else if (unformat (line_input, "del"))
1073 error = clib_error_return (0, "unknown input: '%U'",
1074 format_unformat_error, line_input);
1079 if (l_port_set != e_port_set)
1081 error = clib_error_return (0, "Either both ports are set or none.");
1087 flags |= NAT44_EI_SM_FLAG_ADDR_ONLY;
1091 l_port = clib_host_to_net_u16 (l_port);
1092 e_port = clib_host_to_net_u16 (e_port);
1095 if (sw_if_index != ~0)
1097 flags |= NAT44_EI_SM_FLAG_SWITCH_ADDRESS;
1103 nat44_ei_add_static_mapping (l_addr, e_addr, l_port, e_port, proto,
1104 vrf_id, sw_if_index, flags, pool_addr, 0);
1108 rv = nat44_ei_del_static_mapping (l_addr, e_addr, l_port, e_port, proto,
1109 vrf_id, sw_if_index, flags);
1114 case VNET_API_ERROR_INVALID_VALUE:
1115 error = clib_error_return (0, "External port already in use.");
1117 case VNET_API_ERROR_NO_SUCH_ENTRY:
1119 error = clib_error_return (0, "External address must be allocated.");
1121 error = clib_error_return (0, "Mapping not exist.");
1123 case VNET_API_ERROR_NO_SUCH_FIB:
1124 error = clib_error_return (0, "No such VRF id.");
1126 case VNET_API_ERROR_VALUE_EXIST:
1127 error = clib_error_return (0, "Mapping already exist.");
1129 case VNET_API_ERROR_FEATURE_DISABLED:
1136 unformat_free (line_input);
1141 static clib_error_t *
1142 add_identity_mapping_command_fn (vlib_main_t *vm, unformat_input_t *input,
1143 vlib_cli_command_t *cmd)
1145 unformat_input_t _line_input, *line_input = &_line_input;
1146 vnet_main_t *vnm = vnet_get_main ();
1147 clib_error_t *error = 0;
1149 int rv, is_add = 1, port_set = 0;
1150 u32 sw_if_index = ~0, port, flags, vrf_id = ~0;
1151 nat_protocol_t proto = NAT_PROTOCOL_OTHER;
1154 flags = NAT44_EI_SM_FLAG_IDENTITY_NAT;
1156 if (!unformat_user (input, unformat_line_input, line_input))
1157 return clib_error_return (0, NAT44_EI_EXPECTED_ARGUMENT);
1159 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1161 if (unformat (line_input, "%U", unformat_ip4_address, &addr))
1163 else if (unformat (line_input, "external %U", unformat_vnet_sw_interface,
1166 else if (unformat (line_input, "vrf %u", &vrf_id))
1168 else if (unformat (line_input, "%U %u", unformat_nat_protocol, &proto,
1173 else if (unformat (line_input, "del"))
1179 error = clib_error_return (0, "unknown input: '%U'",
1180 format_unformat_error, line_input);
1187 flags |= NAT44_EI_SM_FLAG_ADDR_ONLY;
1191 port = clib_host_to_net_u16 (port);
1194 if (sw_if_index != ~0)
1196 flags |= NAT44_EI_SM_FLAG_SWITCH_ADDRESS;
1202 rv = nat44_ei_add_static_mapping (addr, addr, port, port, proto, vrf_id,
1203 sw_if_index, flags, addr, 0);
1207 rv = nat44_ei_del_static_mapping (addr, addr, port, port, proto, vrf_id,
1208 sw_if_index, flags);
1213 case VNET_API_ERROR_INVALID_VALUE:
1214 error = clib_error_return (0, "External port already in use.");
1216 case VNET_API_ERROR_NO_SUCH_ENTRY:
1218 error = clib_error_return (0, "External address must be allocated.");
1220 error = clib_error_return (0, "Mapping not exist.");
1222 case VNET_API_ERROR_NO_SUCH_FIB:
1223 error = clib_error_return (0, "No such VRF id.");
1225 case VNET_API_ERROR_VALUE_EXIST:
1226 error = clib_error_return (0, "Mapping already exist.");
1233 unformat_free (line_input);
1238 static clib_error_t *
1239 nat44_ei_show_static_mappings_command_fn (vlib_main_t *vm,
1240 unformat_input_t *input,
1241 vlib_cli_command_t *cmd)
1243 nat44_ei_main_t *nm = &nat44_ei_main;
1244 nat44_ei_static_mapping_t *m;
1245 nat44_ei_static_map_resolve_t *rp;
1247 vlib_cli_output (vm, "NAT44 static mappings:");
1248 pool_foreach (m, nm->static_mappings)
1250 vlib_cli_output (vm, " %U", format_nat44_ei_static_mapping, m);
1252 vec_foreach (rp, nm->to_resolve)
1253 vlib_cli_output (vm, " %U", format_nat44_ei_static_map_to_resolve, rp);
1258 static clib_error_t *
1259 nat44_ei_add_interface_address_command_fn (vlib_main_t *vm,
1260 unformat_input_t *input,
1261 vlib_cli_command_t *cmd)
1263 unformat_input_t _line_input, *line_input = &_line_input;
1264 nat44_ei_main_t *nm = &nat44_ei_main;
1265 clib_error_t *error = 0;
1269 if (!unformat_user (input, unformat_line_input, line_input))
1270 return clib_error_return (0, NAT44_EI_EXPECTED_ARGUMENT);
1272 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1274 if (unformat (line_input, "%U", unformat_vnet_sw_interface,
1275 nm->vnet_main, &sw_if_index))
1277 else if (unformat (line_input, "del"))
1283 error = clib_error_return (0, "unknown input '%U'",
1284 format_unformat_error, line_input);
1291 rv = nat44_ei_add_interface_address (sw_if_index);
1294 error = clib_error_return (0, "add address returned %d", rv);
1299 rv = nat44_ei_del_interface_address (sw_if_index);
1302 error = clib_error_return (0, "del address returned %d", rv);
1307 unformat_free (line_input);
1312 static clib_error_t *
1313 nat44_ei_show_interface_address_command_fn (vlib_main_t *vm,
1314 unformat_input_t *input,
1315 vlib_cli_command_t *cmd)
1317 nat44_ei_main_t *nm = &nat44_ei_main;
1318 vnet_main_t *vnm = vnet_get_main ();
1321 vlib_cli_output (vm, "NAT44 pool address interfaces:");
1322 vec_foreach (sw_if_index, nm->auto_add_sw_if_indices)
1324 vlib_cli_output (vm, " %U", format_vnet_sw_if_index_name, vnm,
1330 static clib_error_t *
1331 nat44_ei_show_sessions_command_fn (vlib_main_t *vm, unformat_input_t *input,
1332 vlib_cli_command_t *cmd)
1334 unformat_input_t _line_input, *line_input = &_line_input;
1335 clib_error_t *error = 0;
1336 ip4_address_t saddr;
1337 u8 filter_saddr = 0;
1339 nat44_ei_main_per_thread_data_t *tnm;
1340 nat44_ei_main_t *nm = &nat44_ei_main;
1345 if (!unformat_user (input, unformat_line_input, line_input))
1348 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1350 if (unformat (line_input, "detail"))
1352 else if (unformat (line_input, "filter saddr %U", unformat_ip4_address,
1357 error = clib_error_return (0, "unknown input '%U'",
1358 format_unformat_error, line_input);
1362 unformat_free (line_input);
1365 vlib_cli_output (vm, "NAT44 sessions:");
1367 vec_foreach_index (i, nm->per_thread_data)
1369 tnm = vec_elt_at_index (nm->per_thread_data, i);
1371 vlib_cli_output (vm, "-------- thread %d %s: %d sessions --------\n", i,
1372 vlib_worker_threads[i].name, pool_elts (tnm->sessions));
1375 pool_foreach (u, tnm->users)
1377 if (filter_saddr && saddr.as_u32 != u->addr.as_u32)
1379 vlib_cli_output (vm, " %U", format_nat44_ei_user, tnm, u, detail);
1385 static clib_error_t *
1386 nat44_ei_del_user_command_fn (vlib_main_t *vm, unformat_input_t *input,
1387 vlib_cli_command_t *cmd)
1389 unformat_input_t _line_input, *line_input = &_line_input;
1390 clib_error_t *error = 0;
1395 if (!unformat_user (input, unformat_line_input, line_input))
1396 return clib_error_return (0, NAT44_EI_EXPECTED_ARGUMENT);
1398 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1400 if (unformat (line_input, "%U", unformat_ip4_address, &addr))
1402 else if (unformat (line_input, "fib %u", &fib_index))
1406 error = clib_error_return (0, "unknown input '%U'",
1407 format_unformat_error, line_input);
1412 rv = nat44_ei_user_del (&addr, fib_index);
1416 error = clib_error_return (0, "nat44_ei_user_del returned %d", rv);
1420 unformat_free (line_input);
1425 static clib_error_t *
1426 nat44_ei_clear_sessions_command_fn (vlib_main_t *vm, unformat_input_t *input,
1427 vlib_cli_command_t *cmd)
1429 clib_error_t *error = 0;
1430 nat44_ei_sessions_clear ();
1434 static clib_error_t *
1435 nat44_ei_del_session_command_fn (vlib_main_t *vm, unformat_input_t *input,
1436 vlib_cli_command_t *cmd)
1438 nat44_ei_main_t *nm = &nat44_ei_main;
1439 unformat_input_t _line_input, *line_input = &_line_input;
1440 u32 port = 0, vrf_id = nm->outside_vrf_id;
1441 clib_error_t *error = 0;
1442 nat_protocol_t proto;
1446 if (!unformat_user (input, unformat_line_input, line_input))
1447 return clib_error_return (0, NAT44_EI_EXPECTED_ARGUMENT);
1449 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1451 if (unformat (line_input, "%U:%u %U", unformat_ip4_address, &addr, &port,
1452 unformat_nat_protocol, &proto))
1454 else if (unformat (line_input, "in"))
1457 vrf_id = nm->inside_vrf_id;
1459 else if (unformat (line_input, "out"))
1462 vrf_id = nm->outside_vrf_id;
1464 else if (unformat (line_input, "vrf %u", &vrf_id))
1468 error = clib_error_return (0, "unknown input '%U'",
1469 format_unformat_error, line_input);
1474 rv = nat44_ei_del_session (nm, &addr, clib_host_to_net_u16 (port), proto,
1483 error = clib_error_return (0, "nat44_ei_del_session returned %d", rv);
1488 unformat_free (line_input);
1493 static clib_error_t *
1494 nat44_ei_forwarding_set_command_fn (vlib_main_t *vm, unformat_input_t *input,
1495 vlib_cli_command_t *cmd)
1497 nat44_ei_main_t *nm = &nat44_ei_main;
1498 unformat_input_t _line_input, *line_input = &_line_input;
1499 clib_error_t *error = 0;
1501 u8 enable_set = 0, enable = 0;
1503 if (!unformat_user (input, unformat_line_input, line_input))
1504 return clib_error_return (0, NAT44_EI_EXPECTED_ARGUMENT);
1506 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1511 if (unformat (line_input, "disable"))
1513 else if (unformat (line_input, "enable"))
1518 error = clib_error_return (0, "unknown input '%U'",
1519 format_unformat_error, line_input);
1525 error = clib_error_return (0, "expected enable | disable");
1527 nm->forwarding_enabled = enable;
1530 unformat_free (line_input);
1534 static clib_error_t *
1535 set_timeout_command_fn (vlib_main_t *vm, unformat_input_t *input,
1536 vlib_cli_command_t *cmd)
1538 nat44_ei_main_t *nm = &nat44_ei_main;
1539 unformat_input_t _line_input, *line_input = &_line_input;
1540 clib_error_t *error = 0;
1542 if (!unformat_user (input, unformat_line_input, line_input))
1543 return clib_error_return (0, NAT44_EI_EXPECTED_ARGUMENT);
1545 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1547 if (unformat (line_input, "udp %u", &nm->timeouts.udp))
1549 else if (unformat (line_input, "tcp-established %u",
1550 &nm->timeouts.tcp.established))
1552 else if (unformat (line_input, "tcp-transitory %u",
1553 &nm->timeouts.tcp.transitory))
1555 else if (unformat (line_input, "icmp %u", &nm->timeouts.icmp))
1557 else if (unformat (line_input, "reset"))
1558 nat_reset_timeouts (&nm->timeouts);
1561 error = clib_error_return (0, "unknown input '%U'",
1562 format_unformat_error, line_input);
1567 unformat_free (line_input);
1571 static clib_error_t *
1572 nat_show_timeouts_command_fn (vlib_main_t *vm, unformat_input_t *input,
1573 vlib_cli_command_t *cmd)
1575 nat44_ei_main_t *nm = &nat44_ei_main;
1577 vlib_cli_output (vm, "udp timeout: %dsec", nm->timeouts.udp);
1578 vlib_cli_output (vm, "tcp-established timeout: %dsec",
1579 nm->timeouts.tcp.established);
1580 vlib_cli_output (vm, "tcp-transitory timeout: %dsec",
1581 nm->timeouts.tcp.transitory);
1582 vlib_cli_output (vm, "icmp timeout: %dsec", nm->timeouts.icmp);
1589 * @cliexstart{nat44 ei}
1590 * Enable nat44 ei plugin
1591 * To enable nat44-ei, use:
1592 * vpp# nat44 ei plugin enable
1593 * To disable nat44-ei, use:
1594 * vpp# nat44 ei plugin disable
1595 * To enable nat44 ei static mapping only, use:
1596 * vpp# nat44 ei plugin enable static-mapping
1597 * To enable nat44 ei static mapping with connection tracking, use:
1598 * vpp# nat44 ei plugin enable static-mapping connection-tracking
1599 * To enable nat44 ei out2in dpo, use:
1600 * vpp# nat44 ei plugin enable out2in-dpo
1601 * To set inside-vrf outside-vrf, use:
1602 * vpp# nat44 ei plugin enable inside-vrf <id> outside-vrf <id>
1605 VLIB_CLI_COMMAND (nat44_ei_enable_disable_command, static) = {
1606 .path = "nat44 ei plugin",
1608 "nat44 ei plugin <enable [sessions <max-number>] [users <max-number>] "
1609 "[static-mappig-only [connection-tracking]|out2in-dpo] [inside-vrf "
1610 "<vrf-id>] [outside-vrf <vrf-id>] [user-sessions <max-number>]>|disable",
1611 .function = nat44_ei_enable_disable_command_fn,
1616 * @cliexstart{set snat44 ei workers}
1617 * Set NAT workers if 2 or more workers available, use:
1618 * vpp# set snat44 ei workers 0-2,5
1621 VLIB_CLI_COMMAND (set_workers_command, static) = {
1622 .path = "set nat44 ei workers",
1623 .function = set_workers_command_fn,
1624 .short_help = "set nat44 ei workers <workers-list>",
1629 * @cliexstart{show nat44 ei workers}
1631 * vpp# show nat44 ei workers:
1637 VLIB_CLI_COMMAND (nat_show_workers_command, static) = {
1638 .path = "show nat44 ei workers",
1639 .short_help = "show nat44 ei workers",
1640 .function = nat_show_workers_command_fn,
1645 * @cliexstart{set nat44 ei timeout}
1646 * Set values of timeouts for NAT sessions (in seconds), use:
1647 * vpp# set nat44 ei timeout udp 120 tcp-established 7500 tcp-transitory 250
1649 * To reset default values use:
1650 * vpp# set nat44 ei timeout reset
1653 VLIB_CLI_COMMAND (set_timeout_command, static) = {
1654 .path = "set nat44 ei timeout",
1655 .function = set_timeout_command_fn,
1656 .short_help = "set nat44 ei timeout [udp <sec> | tcp-established <sec> "
1657 "tcp-transitory <sec> | icmp <sec> | reset]",
1662 * @cliexstart{show nat44 ei timeouts}
1663 * Show values of timeouts for NAT sessions.
1664 * vpp# show nat44 ei timeouts
1665 * udp timeout: 300sec
1666 * tcp-established timeout: 7440sec
1667 * tcp-transitory timeout: 240sec
1668 * icmp timeout: 60sec
1671 VLIB_CLI_COMMAND (nat_show_timeouts_command, static) = {
1672 .path = "show nat44 ei timeouts",
1673 .short_help = "show nat44 ei timeouts",
1674 .function = nat_show_timeouts_command_fn,
1679 * @cliexstart{nat44 ei set logging level}
1680 * To set NAT logging level use:
1681 * Set nat44 ei logging level
1684 VLIB_CLI_COMMAND (nat44_ei_set_log_level_command, static) = {
1685 .path = "nat44 ei set logging level",
1686 .function = nat44_ei_set_log_level_command_fn,
1687 .short_help = "nat44 ei set logging level <level>",
1692 * @cliexstart{snat44 ei ipfix logging}
1693 * To enable NAT IPFIX logging use:
1694 * vpp# nat44 ei ipfix logging
1695 * To set IPFIX exporter use:
1696 * vpp# set ipfix exporter collector 10.10.10.3 src 10.10.10.1
1699 VLIB_CLI_COMMAND (nat44_ei_ipfix_logging_enable_disable_command, static) = {
1700 .path = "nat44 ei ipfix logging",
1701 .function = nat44_ei_ipfix_logging_enable_disable_command_fn,
1702 .short_help = "nat44 ei ipfix logging <enable [domain <domain-id>] "
1703 "[src-port <port>]>|disable",
1708 * @cliexstart{nat44 ei addr-port-assignment-alg}
1709 * Set address and port assignment algorithm
1710 * For the MAP-E CE limit port choice based on PSID use:
1711 * vpp# nat44 ei addr-port-assignment-alg map-e psid 10 psid-offset 6 psid-len
1713 * For port range use:
1714 * vpp# nat44 ei addr-port-assignment-alg port-range <start-port> - <end-port>
1715 * To set standard (default) address and port assignment algorithm use:
1716 * vpp# nat44 ei addr-port-assignment-alg default
1719 VLIB_CLI_COMMAND (nat44_ei_set_alloc_addr_and_port_alg_command, static) = {
1720 .path = "nat44 ei addr-port-assignment-alg",
1721 .short_help = "nat44 ei addr-port-assignment-alg <alg-name> [<alg-params>]",
1722 .function = nat44_ei_set_alloc_addr_and_port_alg_command_fn,
1727 * @cliexstart{show nat44 ei addr-port-assignment-alg}
1728 * Show address and port assignment algorithm
1731 VLIB_CLI_COMMAND (nat44_ei_show_alloc_addr_and_port_alg_command, static) = {
1732 .path = "show nat44 ei addr-port-assignment-alg",
1733 .short_help = "show nat44 ei addr-port-assignment-alg",
1734 .function = nat44_ei_show_alloc_addr_and_port_alg_command_fn,
1739 * @cliexstart{nat44 ei mss-clamping}
1740 * Set TCP MSS rewriting configuration
1741 * To enable TCP MSS rewriting use:
1742 * vpp# nat44 ei mss-clamping 1452
1743 * To disbale TCP MSS rewriting use:
1744 * vpp# nat44 ei mss-clamping disable
1747 VLIB_CLI_COMMAND (nat_set_mss_clamping_command, static) = {
1748 .path = "nat44 ei mss-clamping",
1749 .short_help = "nat44 ei mss-clamping <mss-value>|disable",
1750 .function = nat_set_mss_clamping_command_fn,
1755 * @cliexstart{show nat44 ei mss-clamping}
1756 * Show TCP MSS rewriting configuration
1759 VLIB_CLI_COMMAND (nat_show_mss_clamping_command, static) = {
1760 .path = "show nat44 ei mss-clamping",
1761 .short_help = "show nat44 ei mss-clamping",
1762 .function = nat_show_mss_clamping_command_fn,
1767 * @cliexstart{nat44 ei ha failover}
1768 * Set HA failover (remote settings)
1771 VLIB_CLI_COMMAND (nat_ha_failover_command, static) = {
1772 .path = "nat44 ei ha failover",
1774 "nat44 ei ha failover <ip4-address>:<port> [refresh-interval <sec>]",
1775 .function = nat_ha_failover_command_fn,
1780 * @cliexstart{nat44 ei ha listener}
1781 * Set HA listener (local settings)
1784 VLIB_CLI_COMMAND (nat_ha_listener_command, static) = {
1785 .path = "nat44 ei ha listener",
1787 "nat44 ei ha listener <ip4-address>:<port> [path-mtu <path-mtu>]",
1788 .function = nat_ha_listener_command_fn,
1793 * @cliexstart{show nat44 ei ha}
1794 * Show HA configuration/status
1797 VLIB_CLI_COMMAND (nat_show_ha_command, static) = {
1798 .path = "show nat44 ei ha",
1799 .short_help = "show nat44 ei ha",
1800 .function = nat_show_ha_command_fn,
1805 * @cliexstart{nat44 ei ha flush}
1806 * Flush the current HA data (for testing)
1809 VLIB_CLI_COMMAND (nat_ha_flush_command, static) = {
1810 .path = "nat44 ei ha flush",
1811 .short_help = "nat44 ei ha flush",
1812 .function = nat_ha_flush_command_fn,
1817 * @cliexstart{nat44 ei ha resync}
1818 * Resync HA (resend existing sessions to new failover)
1821 VLIB_CLI_COMMAND (nat_ha_resync_command, static) = {
1822 .path = "nat44 ei ha resync",
1823 .short_help = "nat44 ei ha resync",
1824 .function = nat_ha_resync_command_fn,
1829 * @cliexstart{show nat44 ei hash tables}
1830 * Show NAT44 hash tables
1833 VLIB_CLI_COMMAND (nat44_ei_show_hash, static) = {
1834 .path = "show nat44 ei hash tables",
1835 .short_help = "show nat44 ei hash tables [detail|verbose]",
1836 .function = nat44_ei_show_hash_command_fn,
1841 * @cliexstart{nat44 ei add address}
1842 * Add/delete NAT44 pool address.
1843 * To add NAT44 pool address use:
1844 * vpp# nat44 ei add address 172.16.1.3
1845 * vpp# nat44 ei add address 172.16.2.2 - 172.16.2.24
1846 * To add NAT44 pool address for specific tenant (identified by VRF id) use:
1847 * vpp# nat44 ei add address 172.16.1.3 tenant-vrf 10
1850 VLIB_CLI_COMMAND (add_address_command, static) = {
1851 .path = "nat44 ei add address",
1852 .short_help = "nat44 ei add address <ip4-range-start> [- <ip4-range-end>] "
1853 "[tenant-vrf <vrf-id>] [del]",
1854 .function = add_address_command_fn,
1859 * @cliexstart{show nat44 ei addresses}
1860 * Show NAT44 pool addresses.
1861 * vpp# show nat44 ei addresses
1862 * NAT44 pool addresses:
1864 * tenant VRF independent
1875 VLIB_CLI_COMMAND (nat44_ei_show_addresses_command, static) = {
1876 .path = "show nat44 ei addresses",
1877 .short_help = "show nat44 ei addresses",
1878 .function = nat44_ei_show_addresses_command_fn,
1883 * @cliexstart{set interface nat44}
1884 * Enable/disable NAT44 feature on the interface.
1885 * To enable NAT44 feature with local network interface use:
1886 * vpp# set interface nat44 ei in GigabitEthernet0/8/0
1887 * To enable NAT44 feature with external network interface use:
1888 * vpp# set interface nat44 ei out GigabitEthernet0/a/0
1891 VLIB_CLI_COMMAND (set_interface_nat44_ei_command, static) = {
1892 .path = "set interface nat44 ei",
1893 .function = nat44_ei_feature_command_fn,
1895 "set interface nat44 ei in <intfc> out <intfc> [output-feature] "
1901 * @cliexstart{show nat44 ei interfaces}
1902 * Show interfaces with NAT44 feature.
1903 * vpp# show nat44 ei interfaces
1905 * GigabitEthernet0/8/0 in
1906 * GigabitEthernet0/a/0 out
1909 VLIB_CLI_COMMAND (nat44_ei_show_interfaces_command, static) = {
1910 .path = "show nat44 ei interfaces",
1911 .short_help = "show nat44 ei interfaces",
1912 .function = nat44_ei_show_interfaces_command_fn,
1917 * @cliexstart{nat44 ei add static mapping}
1918 * Static mapping allows hosts on the external network to initiate connection
1919 * to to the local network host.
1920 * To create static mapping between local host address 10.0.0.3 port 6303 and
1921 * external address 4.4.4.4 port 3606 for TCP protocol use:
1922 * vpp# nat44 ei add static mapping tcp local 10.0.0.3 6303 external 4.4.4.4
1924 * If not runnig "static mapping only" NAT plugin mode use before:
1925 * vpp# nat44 ei add address 4.4.4.4
1926 * To create address only static mapping between local and external address
1928 * vpp# nat44 ei add static mapping local 10.0.0.3 external 4.4.4.4
1929 * To create ICMP static mapping between local and external with ICMP echo
1930 * identifier 10 use:
1931 * vpp# nat44 ei add static mapping icmp local 10.0.0.3 10 external 4.4.4.4 10
1934 VLIB_CLI_COMMAND (add_static_mapping_command, static) = {
1935 .path = "nat44 ei add static mapping",
1936 .function = add_static_mapping_command_fn,
1937 .short_help = "nat44 ei add static mapping tcp|udp|icmp local <addr> "
1938 "[<port|icmp-echo-id>] "
1939 "external <addr> [<port|icmp-echo-id>] [vrf <table-id>] [del]",
1944 * @cliexstart{nat44 ei add identity mapping}
1945 * Identity mapping translate an IP address to itself.
1946 * To create identity mapping for address 10.0.0.3 port 6303 for TCP protocol
1948 * vpp# nat44 ei add identity mapping 10.0.0.3 tcp 6303
1949 * To create identity mapping for address 10.0.0.3 use:
1950 * vpp# nat44 ei add identity mapping 10.0.0.3
1951 * To create identity mapping for DHCP addressed interface use:
1952 * vpp# nat44 ei add identity mapping external GigabitEthernet0/a/0 tcp 3606
1955 VLIB_CLI_COMMAND (add_identity_mapping_command, static) = {
1956 .path = "nat44 ei add identity mapping",
1957 .function = add_identity_mapping_command_fn,
1959 "nat44 ei add identity mapping <ip4-addr>|external <interface> "
1960 "[<protocol> <port>] [vrf <table-id>] [del]",
1965 * @cliexstart{show nat44 ei static mappings}
1966 * Show NAT44 static mappings.
1967 * vpp# show nat44 ei static mappings
1968 * NAT44 static mappings:
1969 * local 10.0.0.3 external 4.4.4.4 vrf 0
1970 * tcp local 192.168.0.4:6303 external 4.4.4.3:3606 vrf 0
1971 * tcp vrf 0 external 1.2.3.4:80
1972 * local 10.100.10.10:8080 probability 80
1973 * local 10.100.10.20:8080 probability 20
1974 * tcp local 10.0.0.10:3603 external GigabitEthernet0/a/0:6306 vrf 10
1977 VLIB_CLI_COMMAND (nat44_ei_show_static_mappings_command, static) = {
1978 .path = "show nat44 ei static mappings",
1979 .short_help = "show nat44 ei static mappings",
1980 .function = nat44_ei_show_static_mappings_command_fn,
1985 * @cliexstart{nat44 ei add interface address}
1986 * Use NAT44 pool address from specific interfce
1987 * To add NAT44 pool address from specific interface use:
1988 * vpp# nat44 ei add interface address GigabitEthernet0/8/0
1991 VLIB_CLI_COMMAND (nat44_ei_add_interface_address_command, static) = {
1992 .path = "nat44 ei add interface address",
1993 .short_help = "nat44 ei add interface address <interface> [del]",
1994 .function = nat44_ei_add_interface_address_command_fn,
1999 * @cliexstart{show nat44 ei interface address}
2000 * Show NAT44 pool address interfaces
2001 * vpp# show nat44 ei interface address
2002 * NAT44 pool address interfaces:
2003 * GigabitEthernet0/a/0
2006 VLIB_CLI_COMMAND (nat44_ei_show_interface_address_command, static) = {
2007 .path = "show nat44 ei interface address",
2008 .short_help = "show nat44 ei interface address",
2009 .function = nat44_ei_show_interface_address_command_fn,
2014 * @cliexstart{show nat44 ei sessions}
2015 * Show NAT44 sessions.
2018 VLIB_CLI_COMMAND (nat44_ei_show_sessions_command, static) = {
2019 .path = "show nat44 ei sessions",
2020 .short_help = "show nat44 ei sessions [detail] [filter saddr <ip>]",
2021 .function = nat44_ei_show_sessions_command_fn,
2026 * @cliexstart{nat44 ei del user}
2027 * To delete all NAT44 user sessions:
2028 * vpp# nat44 ei del user 10.0.0.3
2031 VLIB_CLI_COMMAND (nat44_ei_del_user_command, static) = {
2032 .path = "nat44 ei del user",
2033 .short_help = "nat44 ei del user <addr> [fib <index>]",
2034 .function = nat44_ei_del_user_command_fn,
2039 * @cliexstart{clear nat44 ei sessions}
2040 * To clear all NAT44 sessions
2041 * vpp# clear nat44 ei sessions
2044 VLIB_CLI_COMMAND (nat44_ei_clear_sessions_command, static) = {
2045 .path = "clear nat44 ei sessions",
2046 .short_help = "clear nat44 ei sessions",
2047 .function = nat44_ei_clear_sessions_command_fn,
2052 * @cliexstart{nat44 ei del session}
2053 * To administratively delete NAT44 session by inside address and port use:
2054 * vpp# nat44 ei del session in 10.0.0.3:6303 tcp
2055 * To administratively delete NAT44 session by outside address and port use:
2056 * vpp# nat44 ei del session out 1.0.0.3:6033 udp
2059 VLIB_CLI_COMMAND (nat44_ei_del_session_command, static) = {
2060 .path = "nat44 ei del session",
2061 .short_help = "nat44 ei del session in|out <addr>:<port> tcp|udp|icmp [vrf "
2062 "<id>] [external-host <addr>:<port>]",
2063 .function = nat44_ei_del_session_command_fn,
2068 * @cliexstart{nat44 ei forwarding}
2069 * Enable or disable forwarding
2070 * Forward packets which don't match existing translation
2071 * or static mapping instead of dropping them.
2072 * To enable forwarding, use:
2073 * vpp# nat44 ei forwarding enable
2074 * To disable forwarding, use:
2075 * vpp# nat44 ei forwarding disable
2078 VLIB_CLI_COMMAND (nat44_ei_forwarding_set_command, static) = {
2079 .path = "nat44 ei forwarding",
2080 .short_help = "nat44 ei forwarding enable|disable",
2081 .function = nat44_ei_forwarding_set_command_fn,
2085 * fd.io coding-style-patch-verification: ON
2088 * eval: (c-set-style "gnu")