2 * Copyright (c) 2018 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
21 #include <nat/nat_ipfix_logging.h>
22 #include <nat/nat_det.h>
23 #include <nat/nat64.h>
24 #include <nat/nat_inlines.h>
25 #include <nat/nat44/inlines.h>
26 #include <nat/nat_affinity.h>
27 #include <vnet/fib/fib_table.h>
28 #include <nat/nat_ha.h>
30 #define UNSUPPORTED_IN_DET_MODE_STR \
31 "This command is unsupported in deterministic mode"
32 #define SUPPORTED_ONLY_IN_DET_MODE_STR \
33 "This command is supported only in deterministic mode"
36 set_workers_command_fn (vlib_main_t * vm,
37 unformat_input_t * input, vlib_cli_command_t * cmd)
39 unformat_input_t _line_input, *line_input = &_line_input;
40 snat_main_t *sm = &snat_main;
43 clib_error_t *error = 0;
45 if (sm->deterministic)
46 return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
48 /* Get a line of input. */
49 if (!unformat_user (input, unformat_line_input, line_input))
52 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
54 if (unformat (line_input, "%U", unformat_bitmap_list, &bitmap))
58 error = clib_error_return (0, "unknown input '%U'",
59 format_unformat_error, line_input);
66 error = clib_error_return (0, "List of workers must be specified.");
70 rv = snat_set_workers (bitmap);
72 clib_bitmap_free (bitmap);
76 case VNET_API_ERROR_INVALID_WORKER:
77 error = clib_error_return (0, "Invalid worker(s).");
79 case VNET_API_ERROR_FEATURE_DISABLED:
80 error = clib_error_return (0,
81 "Supported only if 2 or more workes available.");
88 unformat_free (line_input);
94 nat_show_workers_commnad_fn (vlib_main_t * vm, unformat_input_t * input,
95 vlib_cli_command_t * cmd)
97 snat_main_t *sm = &snat_main;
100 if (sm->deterministic)
101 return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
103 if (sm->num_workers > 1)
105 vlib_cli_output (vm, "%d workers", vec_len (sm->workers));
107 vec_foreach (worker, sm->workers)
109 vlib_worker_thread_t *w =
110 vlib_worker_threads + *worker + sm->first_worker_index;
111 vlib_cli_output (vm, " %s", w->name);
119 static clib_error_t *
120 snat_set_log_level_command_fn (vlib_main_t * vm,
121 unformat_input_t * input,
122 vlib_cli_command_t * cmd)
124 unformat_input_t _line_input, *line_input = &_line_input;
125 snat_main_t *sm = &snat_main;
126 u8 log_level = SNAT_LOG_NONE;
127 clib_error_t *error = 0;
129 /* Get a line of input. */
130 if (!unformat_user (input, unformat_line_input, line_input))
133 if (!unformat (line_input, "%d", &log_level))
135 error = clib_error_return (0, "unknown input '%U'",
136 format_unformat_error, line_input);
139 if (log_level > SNAT_LOG_DEBUG)
141 error = clib_error_return (0, "unknown logging level '%d'", log_level);
144 sm->log_level = log_level;
147 unformat_free (line_input);
152 static clib_error_t *
153 snat_ipfix_logging_enable_disable_command_fn (vlib_main_t * vm,
154 unformat_input_t * input,
155 vlib_cli_command_t * cmd)
157 unformat_input_t _line_input, *line_input = &_line_input;
162 clib_error_t *error = 0;
164 /* Get a line of input. */
165 if (!unformat_user (input, unformat_line_input, line_input))
167 rv = snat_ipfix_logging_enable_disable (enable, domain_id,
170 return clib_error_return (0, "ipfix logging enable failed");
174 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
176 if (unformat (line_input, "domain %d", &domain_id))
178 else if (unformat (line_input, "src-port %d", &src_port))
180 else if (unformat (line_input, "disable"))
184 error = clib_error_return (0, "unknown input '%U'",
185 format_unformat_error, line_input);
190 rv = snat_ipfix_logging_enable_disable (enable, domain_id, (u16) src_port);
194 error = clib_error_return (0, "ipfix logging enable failed");
199 unformat_free (line_input);
204 static clib_error_t *
205 nat44_show_hash_commnad_fn (vlib_main_t * vm, unformat_input_t * input,
206 vlib_cli_command_t * cmd)
208 snat_main_t *sm = &snat_main;
209 snat_main_per_thread_data_t *tsm;
210 nat_affinity_main_t *nam = &nat_affinity_main;
214 if (unformat (input, "detail"))
216 else if (unformat (input, "verbose"))
219 vlib_cli_output (vm, "%U", format_bihash_8_8, &sm->static_mapping_by_local,
221 vlib_cli_output (vm, "%U",
222 format_bihash_8_8, &sm->static_mapping_by_external,
224 vec_foreach_index (i, sm->per_thread_data)
226 tsm = vec_elt_at_index (sm->per_thread_data, i);
227 vlib_cli_output (vm, "-------- thread %d %s --------\n",
228 i, vlib_worker_threads[i].name);
229 if (sm->endpoint_dependent)
231 vlib_cli_output (vm, "%U", format_bihash_16_8, &tsm->in2out_ed,
233 vlib_cli_output (vm, "%U", format_bihash_16_8, &tsm->out2in_ed,
238 vlib_cli_output (vm, "%U", format_bihash_8_8, &tsm->in2out, verbose);
239 vlib_cli_output (vm, "%U", format_bihash_8_8, &tsm->out2in, verbose);
241 vlib_cli_output (vm, "%U", format_bihash_8_8, &tsm->user_hash, verbose);
244 if (sm->endpoint_dependent)
246 vlib_cli_output (vm, "%U", format_bihash_16_8, &nam->affinity_hash,
252 static clib_error_t *
253 nat44_set_alloc_addr_and_port_alg_command_fn (vlib_main_t * vm,
254 unformat_input_t * input,
255 vlib_cli_command_t * cmd)
257 unformat_input_t _line_input, *line_input = &_line_input;
258 snat_main_t *sm = &snat_main;
259 clib_error_t *error = 0;
260 u32 psid, psid_offset, psid_length, port_start, port_end;
262 if (sm->deterministic)
263 return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
265 /* Get a line of input. */
266 if (!unformat_user (input, unformat_line_input, line_input))
269 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
271 if (unformat (line_input, "default"))
272 nat_set_alloc_addr_and_port_default ();
275 (line_input, "map-e psid %d psid-offset %d psid-len %d", &psid,
276 &psid_offset, &psid_length))
277 nat_set_alloc_addr_and_port_mape ((u16) psid, (u16) psid_offset,
281 (line_input, "port-range %d - %d", &port_start, &port_end))
283 if (port_end <= port_start)
286 clib_error_return (0,
287 "The end-port must be greater than start-port");
290 nat_set_alloc_addr_and_port_range ((u16) port_start,
295 error = clib_error_return (0, "unknown input '%U'",
296 format_unformat_error, line_input);
302 unformat_free (line_input);
307 static clib_error_t *
308 nat44_show_alloc_addr_and_port_alg_command_fn (vlib_main_t * vm,
309 unformat_input_t * input,
310 vlib_cli_command_t * cmd)
312 snat_main_t *sm = &snat_main;
314 if (sm->deterministic)
315 return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
317 vlib_cli_output (vm, "NAT address and port: %U",
318 format_nat_addr_and_port_alloc_alg,
319 sm->addr_and_port_alloc_alg);
320 switch (sm->addr_and_port_alloc_alg)
322 case NAT_ADDR_AND_PORT_ALLOC_ALG_MAPE:
323 vlib_cli_output (vm, " psid %d psid-offset %d psid-len %d", sm->psid,
324 sm->psid_offset, sm->psid_length);
326 case NAT_ADDR_AND_PORT_ALLOC_ALG_RANGE:
327 vlib_cli_output (vm, " start-port %d end-port %d", sm->start_port,
337 static clib_error_t *
338 nat_set_mss_clamping_command_fn (vlib_main_t * vm, unformat_input_t * input,
339 vlib_cli_command_t * cmd)
341 unformat_input_t _line_input, *line_input = &_line_input;
342 snat_main_t *sm = &snat_main;
343 clib_error_t *error = 0;
346 /* Get a line of input. */
347 if (!unformat_user (input, unformat_line_input, line_input))
350 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
352 if (unformat (line_input, "disable"))
353 sm->mss_clamping = 0;
354 else if (unformat (line_input, "%d", &mss))
356 sm->mss_clamping = (u16) mss;
357 sm->mss_value_net = clib_host_to_net_u16 (sm->mss_clamping);
361 error = clib_error_return (0, "unknown input '%U'",
362 format_unformat_error, line_input);
368 unformat_free (line_input);
373 static clib_error_t *
374 nat_show_mss_clamping_command_fn (vlib_main_t * vm, unformat_input_t * input,
375 vlib_cli_command_t * cmd)
377 snat_main_t *sm = &snat_main;
379 if (sm->mss_clamping)
380 vlib_cli_output (vm, "mss-clamping %d", sm->mss_clamping);
382 vlib_cli_output (vm, "mss-clamping disabled");
387 static clib_error_t *
388 nat_ha_failover_command_fn (vlib_main_t * vm, unformat_input_t * input,
389 vlib_cli_command_t * cmd)
391 unformat_input_t _line_input, *line_input = &_line_input;
393 u32 port, session_refresh_interval = 10;
395 clib_error_t *error = 0;
397 /* Get a line of input. */
398 if (!unformat_user (input, unformat_line_input, line_input))
401 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
403 if (unformat (line_input, "%U:%u", unformat_ip4_address, &addr, &port))
407 (line_input, "refresh-interval %u", &session_refresh_interval))
411 error = clib_error_return (0, "unknown input '%U'",
412 format_unformat_error, line_input);
417 rv = nat_ha_set_failover (&addr, (u16) port, session_refresh_interval);
419 error = clib_error_return (0, "set HA failover failed");
422 unformat_free (line_input);
427 static clib_error_t *
428 nat_ha_listener_command_fn (vlib_main_t * vm, unformat_input_t * input,
429 vlib_cli_command_t * cmd)
431 unformat_input_t _line_input, *line_input = &_line_input;
433 u32 port, path_mtu = 512;
435 clib_error_t *error = 0;
437 /* Get a line of input. */
438 if (!unformat_user (input, unformat_line_input, line_input))
441 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
443 if (unformat (line_input, "%U:%u", unformat_ip4_address, &addr, &port))
445 else if (unformat (line_input, "path-mtu %u", &path_mtu))
449 error = clib_error_return (0, "unknown input '%U'",
450 format_unformat_error, line_input);
455 rv = nat_ha_set_listener (&addr, (u16) port, path_mtu);
457 error = clib_error_return (0, "set HA listener failed");
460 unformat_free (line_input);
465 static clib_error_t *
466 nat_show_ha_command_fn (vlib_main_t * vm, unformat_input_t * input,
467 vlib_cli_command_t * cmd)
471 u32 path_mtu, session_refresh_interval, resync_ack_missed;
474 nat_ha_get_listener (&addr, &port, &path_mtu);
477 vlib_cli_output (vm, "NAT HA disabled\n");
481 vlib_cli_output (vm, "LISTENER:\n");
482 vlib_cli_output (vm, " %U:%u path-mtu %u\n",
483 format_ip4_address, &addr, port, path_mtu);
485 nat_ha_get_failover (&addr, &port, &session_refresh_interval);
486 vlib_cli_output (vm, "FAILOVER:\n");
488 vlib_cli_output (vm, " %U:%u refresh-interval %usec\n",
489 format_ip4_address, &addr, port,
490 session_refresh_interval);
492 vlib_cli_output (vm, " NA\n");
494 nat_ha_get_resync_status (&in_resync, &resync_ack_missed);
495 vlib_cli_output (vm, "RESYNC:\n");
497 vlib_cli_output (vm, " in progress\n");
499 vlib_cli_output (vm, " completed (%d ACK missed)\n", resync_ack_missed);
504 static clib_error_t *
505 nat_ha_flush_command_fn (vlib_main_t * vm, unformat_input_t * input,
506 vlib_cli_command_t * cmd)
512 static clib_error_t *
513 nat_ha_resync_command_fn (vlib_main_t * vm, unformat_input_t * input,
514 vlib_cli_command_t * cmd)
516 clib_error_t *error = 0;
518 if (nat_ha_resync (0, 0, 0))
519 error = clib_error_return (0, "NAT HA resync already running");
524 static clib_error_t *
525 add_address_command_fn (vlib_main_t * vm,
526 unformat_input_t * input, vlib_cli_command_t * cmd)
528 unformat_input_t _line_input, *line_input = &_line_input;
529 snat_main_t *sm = &snat_main;
530 ip4_address_t start_addr, end_addr, this_addr;
531 u32 start_host_order, end_host_order;
536 clib_error_t *error = 0;
539 if (sm->deterministic)
540 return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
542 /* Get a line of input. */
543 if (!unformat_user (input, unformat_line_input, line_input))
546 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
548 if (unformat (line_input, "%U - %U",
549 unformat_ip4_address, &start_addr,
550 unformat_ip4_address, &end_addr))
552 else if (unformat (line_input, "tenant-vrf %u", &vrf_id))
554 else if (unformat (line_input, "%U", unformat_ip4_address, &start_addr))
555 end_addr = start_addr;
556 else if (unformat (line_input, "twice-nat"))
558 else if (unformat (line_input, "del"))
562 error = clib_error_return (0, "unknown input '%U'",
563 format_unformat_error, line_input);
568 if (sm->static_mapping_only)
570 error = clib_error_return (0, "static mapping only mode");
574 start_host_order = clib_host_to_net_u32 (start_addr.as_u32);
575 end_host_order = clib_host_to_net_u32 (end_addr.as_u32);
577 if (end_host_order < start_host_order)
579 error = clib_error_return (0, "end address less than start address");
583 count = (end_host_order - start_host_order) + 1;
586 nat_log_info ("%U - %U, %d addresses...",
587 format_ip4_address, &start_addr,
588 format_ip4_address, &end_addr, count);
590 this_addr = start_addr;
592 for (i = 0; i < count; i++)
595 rv = snat_add_address (sm, &this_addr, vrf_id, twice_nat);
597 rv = snat_del_address (sm, this_addr, 0, twice_nat);
601 case VNET_API_ERROR_VALUE_EXIST:
602 error = clib_error_return (0, "NAT address already in use.");
604 case VNET_API_ERROR_NO_SUCH_ENTRY:
605 error = clib_error_return (0, "NAT address not exist.");
607 case VNET_API_ERROR_UNSPECIFIED:
609 clib_error_return (0, "NAT address used in static mapping.");
611 case VNET_API_ERROR_FEATURE_DISABLED:
613 clib_error_return (0,
614 "twice NAT available only for endpoint-dependent mode.");
621 nat44_add_del_address_dpo (this_addr, is_add);
623 increment_v4_address (&this_addr);
627 unformat_free (line_input);
632 static clib_error_t *
633 nat44_show_summary_command_fn (vlib_main_t * vm, unformat_input_t * input,
634 vlib_cli_command_t * cmd)
636 snat_main_per_thread_data_t *tsm;
637 snat_main_t *sm = &snat_main;
640 if (sm->deterministic || !sm->endpoint_dependent)
641 return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
643 // print session configuration values
644 vlib_cli_output (vm, "max translations: %u", sm->max_translations);
645 vlib_cli_output (vm, "max translations per user: %u",
646 sm->max_translations_per_user);
650 u64 now = vlib_time_now (sm->vlib_main);
651 u64 sess_timeout_time;
653 u32 udp_sessions = 0;
654 u32 tcp_sessions = 0;
655 u32 icmp_sessions = 0;
659 u32 transitory_wait_closed = 0;
660 u32 transitory_closed = 0;
663 if (sm->num_workers > 1)
666 vec_foreach (tsm, sm->per_thread_data)
668 pool_foreach (s, tsm->sessions,
670 sess_timeout_time = s->last_heard +
671 (f64) nat44_session_get_timeout (sm, s);
672 if (now >= sess_timeout_time)
675 switch (s->in2out.protocol)
677 case SNAT_PROTOCOL_ICMP:
680 case SNAT_PROTOCOL_TCP:
684 if (s->tcp_close_timestamp)
686 if (now >= s->tcp_close_timestamp)
692 ++transitory_wait_closed;
700 case SNAT_PROTOCOL_UDP:
706 count += pool_elts (tsm->sessions);
712 tsm = vec_elt_at_index (sm->per_thread_data, sm->num_workers);
714 pool_foreach (s, tsm->sessions,
716 sess_timeout_time = s->last_heard +
717 (f64) nat44_session_get_timeout (sm, s);
718 if (now >= sess_timeout_time)
721 switch (s->in2out.protocol)
723 case SNAT_PROTOCOL_ICMP:
726 case SNAT_PROTOCOL_TCP:
730 if (s->tcp_close_timestamp)
732 if (now >= s->tcp_close_timestamp)
738 ++transitory_wait_closed;
746 case SNAT_PROTOCOL_UDP:
753 count = pool_elts (tsm->sessions);
756 vlib_cli_output (vm, "total timed out sessions: %u", timed_out);
757 vlib_cli_output (vm, "total sessions: %u", count);
758 vlib_cli_output (vm, "total tcp sessions: %u", tcp_sessions);
759 vlib_cli_output (vm, "total tcp established sessions: %u", established);
760 vlib_cli_output (vm, "total tcp transitory sessions: %u", transitory);
761 vlib_cli_output (vm, "total tcp transitory (WAIT-CLOSED) sessions: %u",
762 transitory_wait_closed);
763 vlib_cli_output (vm, "total tcp transitory (CLOSED) sessions: %u",
765 vlib_cli_output (vm, "total udp sessions: %u", udp_sessions);
766 vlib_cli_output (vm, "total icmp sessions: %u", icmp_sessions);
770 static clib_error_t *
771 nat44_show_addresses_command_fn (vlib_main_t * vm, unformat_input_t * input,
772 vlib_cli_command_t * cmd)
774 snat_main_t *sm = &snat_main;
777 if (sm->deterministic)
778 return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
780 vlib_cli_output (vm, "NAT44 pool addresses:");
782 vec_foreach (ap, sm->addresses)
784 vlib_cli_output (vm, "%U", format_ip4_address, &ap->addr);
785 if (ap->fib_index != ~0)
786 vlib_cli_output (vm, " tenant VRF: %u",
787 fib_table_get(ap->fib_index, FIB_PROTOCOL_IP4)->ft_table_id);
789 vlib_cli_output (vm, " tenant VRF independent");
790 #define _(N, i, n, s) \
791 vlib_cli_output (vm, " %d busy %s ports", ap->busy_##n##_ports, s);
792 foreach_snat_protocol
795 vlib_cli_output (vm, "NAT44 twice-nat pool addresses:");
796 vec_foreach (ap, sm->twice_nat_addresses)
798 vlib_cli_output (vm, "%U", format_ip4_address, &ap->addr);
799 if (ap->fib_index != ~0)
800 vlib_cli_output (vm, " tenant VRF: %u",
801 fib_table_get(ap->fib_index, FIB_PROTOCOL_IP4)->ft_table_id);
803 vlib_cli_output (vm, " tenant VRF independent");
804 #define _(N, i, n, s) \
805 vlib_cli_output (vm, " %d busy %s ports", ap->busy_##n##_ports, s);
806 foreach_snat_protocol
813 static clib_error_t *
814 snat_feature_command_fn (vlib_main_t * vm,
815 unformat_input_t * input, vlib_cli_command_t * cmd)
817 unformat_input_t _line_input, *line_input = &_line_input;
818 vnet_main_t *vnm = vnet_get_main ();
819 clib_error_t *error = 0;
821 u32 *inside_sw_if_indices = 0;
822 u32 *outside_sw_if_indices = 0;
823 u8 is_output_feature = 0;
829 /* Get a line of input. */
830 if (!unformat_user (input, unformat_line_input, line_input))
833 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
835 if (unformat (line_input, "in %U", unformat_vnet_sw_interface,
837 vec_add1 (inside_sw_if_indices, sw_if_index);
838 else if (unformat (line_input, "out %U", unformat_vnet_sw_interface,
840 vec_add1 (outside_sw_if_indices, sw_if_index);
841 else if (unformat (line_input, "output-feature"))
842 is_output_feature = 1;
843 else if (unformat (line_input, "del"))
847 error = clib_error_return (0, "unknown input '%U'",
848 format_unformat_error, line_input);
853 if (vec_len (inside_sw_if_indices))
855 for (i = 0; i < vec_len (inside_sw_if_indices); i++)
857 sw_if_index = inside_sw_if_indices[i];
858 if (is_output_feature)
860 if (snat_interface_add_del_output_feature
861 (sw_if_index, 1, is_del))
863 error = clib_error_return (0, "%s %U failed",
864 is_del ? "del" : "add",
865 format_vnet_sw_if_index_name,
872 if (snat_interface_add_del (sw_if_index, 1, is_del))
874 error = clib_error_return (0, "%s %U failed",
875 is_del ? "del" : "add",
876 format_vnet_sw_if_index_name,
884 if (vec_len (outside_sw_if_indices))
886 for (i = 0; i < vec_len (outside_sw_if_indices); i++)
888 sw_if_index = outside_sw_if_indices[i];
889 if (is_output_feature)
891 if (snat_interface_add_del_output_feature
892 (sw_if_index, 0, is_del))
894 error = clib_error_return (0, "%s %U failed",
895 is_del ? "del" : "add",
896 format_vnet_sw_if_index_name,
903 if (snat_interface_add_del (sw_if_index, 0, is_del))
905 error = clib_error_return (0, "%s %U failed",
906 is_del ? "del" : "add",
907 format_vnet_sw_if_index_name,
916 unformat_free (line_input);
917 vec_free (inside_sw_if_indices);
918 vec_free (outside_sw_if_indices);
923 static clib_error_t *
924 nat44_show_interfaces_command_fn (vlib_main_t * vm, unformat_input_t * input,
925 vlib_cli_command_t * cmd)
927 snat_main_t *sm = &snat_main;
929 vnet_main_t *vnm = vnet_get_main ();
931 vlib_cli_output (vm, "NAT44 interfaces:");
933 pool_foreach (i, sm->interfaces,
935 vlib_cli_output (vm, " %U %s", format_vnet_sw_if_index_name, vnm,
937 (nat_interface_is_inside(i) &&
938 nat_interface_is_outside(i)) ? "in out" :
939 (nat_interface_is_inside(i) ? "in" : "out"));
942 pool_foreach (i, sm->output_feature_interfaces,
944 vlib_cli_output (vm, " %U output-feature %s",
945 format_vnet_sw_if_index_name, vnm,
947 (nat_interface_is_inside(i) &&
948 nat_interface_is_outside(i)) ? "in out" :
949 (nat_interface_is_inside(i) ? "in" : "out"));
956 static clib_error_t *
957 add_static_mapping_command_fn (vlib_main_t * vm,
958 unformat_input_t * input,
959 vlib_cli_command_t * cmd)
961 unformat_input_t _line_input, *line_input = &_line_input;
962 snat_main_t *sm = &snat_main;
963 clib_error_t *error = 0;
964 ip4_address_t l_addr, e_addr;
965 u32 l_port = 0, e_port = 0, vrf_id = ~0;
968 u32 sw_if_index = ~0;
969 vnet_main_t *vnm = vnet_get_main ();
971 snat_protocol_t proto = ~0;
973 twice_nat_type_t twice_nat = TWICE_NAT_DISABLED;
976 if (sm->deterministic)
977 return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
979 /* Get a line of input. */
980 if (!unformat_user (input, unformat_line_input, line_input))
983 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
985 if (unformat (line_input, "local %U %u", unformat_ip4_address, &l_addr,
989 if (unformat (line_input, "local %U", unformat_ip4_address, &l_addr))
991 else if (unformat (line_input, "external %U %u", unformat_ip4_address,
994 else if (unformat (line_input, "external %U", unformat_ip4_address,
997 else if (unformat (line_input, "external %U %u",
998 unformat_vnet_sw_interface, vnm, &sw_if_index,
1002 else if (unformat (line_input, "external %U",
1003 unformat_vnet_sw_interface, vnm, &sw_if_index))
1005 else if (unformat (line_input, "vrf %u", &vrf_id))
1007 else if (unformat (line_input, "%U", unformat_snat_protocol, &proto))
1009 else if (unformat (line_input, "twice-nat"))
1010 twice_nat = TWICE_NAT;
1011 else if (unformat (line_input, "self-twice-nat"))
1012 twice_nat = TWICE_NAT_SELF;
1013 else if (unformat (line_input, "out2in-only"))
1015 else if (unformat (line_input, "del"))
1019 error = clib_error_return (0, "unknown input: '%U'",
1020 format_unformat_error, line_input);
1025 if (twice_nat && addr_only)
1027 error = clib_error_return (0, "twice NAT only for 1:1 NAPT");
1031 if (!addr_only && !proto_set)
1033 error = clib_error_return (0, "missing protocol");
1037 rv = snat_add_static_mapping (l_addr, e_addr, (u16) l_port, (u16) e_port,
1038 vrf_id, addr_only, sw_if_index, proto, is_add,
1039 twice_nat, out2in_only, 0, 0);
1043 case VNET_API_ERROR_INVALID_VALUE:
1044 error = clib_error_return (0, "External port already in use.");
1046 case VNET_API_ERROR_NO_SUCH_ENTRY:
1048 error = clib_error_return (0, "External address must be allocated.");
1050 error = clib_error_return (0, "Mapping not exist.");
1052 case VNET_API_ERROR_NO_SUCH_FIB:
1053 error = clib_error_return (0, "No such VRF id.");
1055 case VNET_API_ERROR_VALUE_EXIST:
1056 error = clib_error_return (0, "Mapping already exist.");
1058 case VNET_API_ERROR_FEATURE_DISABLED:
1060 clib_error_return (0,
1061 "twice-nat/out2in-only available only for endpoint-dependent mode.");
1068 unformat_free (line_input);
1073 static clib_error_t *
1074 add_identity_mapping_command_fn (vlib_main_t * vm,
1075 unformat_input_t * input,
1076 vlib_cli_command_t * cmd)
1078 unformat_input_t _line_input, *line_input = &_line_input;
1079 snat_main_t *sm = &snat_main;
1080 clib_error_t *error = 0;
1082 u32 port = 0, vrf_id = ~0;
1085 u32 sw_if_index = ~0;
1086 vnet_main_t *vnm = vnet_get_main ();
1088 snat_protocol_t proto;
1090 if (sm->deterministic)
1091 return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
1095 /* Get a line of input. */
1096 if (!unformat_user (input, unformat_line_input, line_input))
1099 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1101 if (unformat (line_input, "%U", unformat_ip4_address, &addr))
1103 else if (unformat (line_input, "external %U",
1104 unformat_vnet_sw_interface, vnm, &sw_if_index))
1106 else if (unformat (line_input, "vrf %u", &vrf_id))
1108 else if (unformat (line_input, "%U %u", unformat_snat_protocol, &proto,
1111 else if (unformat (line_input, "del"))
1115 error = clib_error_return (0, "unknown input: '%U'",
1116 format_unformat_error, line_input);
1121 rv = snat_add_static_mapping (addr, addr, (u16) port, (u16) port,
1122 vrf_id, addr_only, sw_if_index, proto, is_add,
1127 case VNET_API_ERROR_INVALID_VALUE:
1128 error = clib_error_return (0, "External port already in use.");
1130 case VNET_API_ERROR_NO_SUCH_ENTRY:
1132 error = clib_error_return (0, "External address must be allocated.");
1134 error = clib_error_return (0, "Mapping not exist.");
1136 case VNET_API_ERROR_NO_SUCH_FIB:
1137 error = clib_error_return (0, "No such VRF id.");
1139 case VNET_API_ERROR_VALUE_EXIST:
1140 error = clib_error_return (0, "Mapping already exist.");
1147 unformat_free (line_input);
1152 static clib_error_t *
1153 add_lb_static_mapping_command_fn (vlib_main_t * vm,
1154 unformat_input_t * input,
1155 vlib_cli_command_t * cmd)
1157 unformat_input_t _line_input, *line_input = &_line_input;
1158 snat_main_t *sm = &snat_main;
1159 clib_error_t *error = 0;
1160 ip4_address_t l_addr, e_addr;
1161 u32 l_port = 0, e_port = 0, vrf_id = 0, probability = 0, affinity = 0;
1164 snat_protocol_t proto;
1166 nat44_lb_addr_port_t *locals = 0, local;
1167 twice_nat_type_t twice_nat = TWICE_NAT_DISABLED;
1170 if (sm->deterministic)
1171 return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
1173 /* Get a line of input. */
1174 if (!unformat_user (input, unformat_line_input, line_input))
1177 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1179 if (unformat (line_input, "local %U:%u probability %u",
1180 unformat_ip4_address, &l_addr, &l_port, &probability))
1182 clib_memset (&local, 0, sizeof (local));
1183 local.addr = l_addr;
1184 local.port = (u16) l_port;
1185 local.probability = (u8) probability;
1186 vec_add1 (locals, local);
1188 else if (unformat (line_input, "local %U:%u vrf %u probability %u",
1189 unformat_ip4_address, &l_addr, &l_port, &vrf_id,
1192 clib_memset (&local, 0, sizeof (local));
1193 local.addr = l_addr;
1194 local.port = (u16) l_port;
1195 local.probability = (u8) probability;
1196 local.vrf_id = vrf_id;
1197 vec_add1 (locals, local);
1199 else if (unformat (line_input, "external %U:%u", unformat_ip4_address,
1202 else if (unformat (line_input, "protocol %U", unformat_snat_protocol,
1205 else if (unformat (line_input, "twice-nat"))
1206 twice_nat = TWICE_NAT;
1207 else if (unformat (line_input, "self-twice-nat"))
1208 twice_nat = TWICE_NAT_SELF;
1209 else if (unformat (line_input, "out2in-only"))
1211 else if (unformat (line_input, "del"))
1213 else if (unformat (line_input, "affinity %u", &affinity))
1217 error = clib_error_return (0, "unknown input: '%U'",
1218 format_unformat_error, line_input);
1223 if (vec_len (locals) < 2)
1225 error = clib_error_return (0, "at least two local must be set");
1231 error = clib_error_return (0, "missing protocol");
1235 rv = nat44_add_del_lb_static_mapping (e_addr, (u16) e_port, proto, locals,
1236 is_add, twice_nat, out2in_only, 0,
1241 case VNET_API_ERROR_INVALID_VALUE:
1242 error = clib_error_return (0, "External port already in use.");
1244 case VNET_API_ERROR_NO_SUCH_ENTRY:
1246 error = clib_error_return (0, "External address must be allocated.");
1248 error = clib_error_return (0, "Mapping not exist.");
1250 case VNET_API_ERROR_VALUE_EXIST:
1251 error = clib_error_return (0, "Mapping already exist.");
1253 case VNET_API_ERROR_FEATURE_DISABLED:
1255 clib_error_return (0, "Available only for endpoint-dependent mode.");
1262 unformat_free (line_input);
1268 static clib_error_t *
1269 add_lb_backend_command_fn (vlib_main_t * vm,
1270 unformat_input_t * input, vlib_cli_command_t * cmd)
1272 unformat_input_t _line_input, *line_input = &_line_input;
1273 snat_main_t *sm = &snat_main;
1274 clib_error_t *error = 0;
1275 ip4_address_t l_addr, e_addr;
1276 u32 l_port = 0, e_port = 0, vrf_id = 0, probability = 0;
1279 snat_protocol_t proto;
1282 if (sm->deterministic)
1283 return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
1285 /* Get a line of input. */
1286 if (!unformat_user (input, unformat_line_input, line_input))
1289 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1291 if (unformat (line_input, "local %U:%u probability %u",
1292 unformat_ip4_address, &l_addr, &l_port, &probability))
1294 else if (unformat (line_input, "local %U:%u vrf %u probability %u",
1295 unformat_ip4_address, &l_addr, &l_port, &vrf_id,
1298 else if (unformat (line_input, "external %U:%u", unformat_ip4_address,
1301 else if (unformat (line_input, "protocol %U", unformat_snat_protocol,
1304 else if (unformat (line_input, "del"))
1308 error = clib_error_return (0, "unknown input: '%U'",
1309 format_unformat_error, line_input);
1314 if (!l_port || !e_port)
1316 error = clib_error_return (0, "local or external must be set");
1322 error = clib_error_return (0, "missing protocol");
1327 nat44_lb_static_mapping_add_del_local (e_addr, (u16) e_port, l_addr,
1328 l_port, proto, vrf_id, probability,
1333 case VNET_API_ERROR_INVALID_VALUE:
1334 error = clib_error_return (0, "External is not load-balancing static "
1337 case VNET_API_ERROR_NO_SUCH_ENTRY:
1338 error = clib_error_return (0, "Mapping or back-end not exist.");
1340 case VNET_API_ERROR_VALUE_EXIST:
1341 error = clib_error_return (0, "Back-end already exist.");
1343 case VNET_API_ERROR_FEATURE_DISABLED:
1345 clib_error_return (0, "Available only for endpoint-dependent mode.");
1347 case VNET_API_ERROR_UNSPECIFIED:
1348 error = clib_error_return (0, "At least two back-ends must remain");
1355 unformat_free (line_input);
1360 static clib_error_t *
1361 nat44_show_static_mappings_command_fn (vlib_main_t * vm,
1362 unformat_input_t * input,
1363 vlib_cli_command_t * cmd)
1365 snat_main_t *sm = &snat_main;
1366 snat_static_mapping_t *m;
1367 snat_static_map_resolve_t *rp;
1369 if (sm->deterministic)
1370 return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
1372 vlib_cli_output (vm, "NAT44 static mappings:");
1374 pool_foreach (m, sm->static_mappings,
1376 vlib_cli_output (vm, " %U", format_snat_static_mapping, m);
1378 vec_foreach (rp, sm->to_resolve)
1379 vlib_cli_output (vm, " %U", format_snat_static_map_to_resolve, rp);
1385 static clib_error_t *
1386 snat_add_interface_address_command_fn (vlib_main_t * vm,
1387 unformat_input_t * input,
1388 vlib_cli_command_t * cmd)
1390 snat_main_t *sm = &snat_main;
1391 unformat_input_t _line_input, *line_input = &_line_input;
1395 clib_error_t *error = 0;
1398 if (sm->deterministic)
1399 return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
1401 /* Get a line of input. */
1402 if (!unformat_user (input, unformat_line_input, line_input))
1405 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1407 if (unformat (line_input, "%U", unformat_vnet_sw_interface,
1408 sm->vnet_main, &sw_if_index))
1410 else if (unformat (line_input, "twice-nat"))
1412 else if (unformat (line_input, "del"))
1416 error = clib_error_return (0, "unknown input '%U'",
1417 format_unformat_error, line_input);
1422 rv = snat_add_interface_address (sm, sw_if_index, is_del, twice_nat);
1430 error = clib_error_return (0, "snat_add_interface_address returned %d",
1436 unformat_free (line_input);
1441 static clib_error_t *
1442 nat44_show_interface_address_command_fn (vlib_main_t * vm,
1443 unformat_input_t * input,
1444 vlib_cli_command_t * cmd)
1446 snat_main_t *sm = &snat_main;
1447 vnet_main_t *vnm = vnet_get_main ();
1450 if (sm->deterministic)
1451 return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
1454 vlib_cli_output (vm, "NAT44 pool address interfaces:");
1455 vec_foreach (sw_if_index, sm->auto_add_sw_if_indices)
1457 vlib_cli_output (vm, " %U", format_vnet_sw_if_index_name, vnm,
1460 vlib_cli_output (vm, "NAT44 twice-nat pool address interfaces:");
1461 vec_foreach (sw_if_index, sm->auto_add_sw_if_indices_twice_nat)
1463 vlib_cli_output (vm, " %U", format_vnet_sw_if_index_name, vnm,
1471 static clib_error_t *
1472 nat44_show_sessions_command_fn (vlib_main_t * vm, unformat_input_t * input,
1473 vlib_cli_command_t * cmd)
1475 unformat_input_t _line_input, *line_input = &_line_input;
1476 clib_error_t *error = 0;
1477 snat_main_t *sm = &snat_main;
1478 snat_main_per_thread_data_t *tsm;
1480 int detail = 0, metrics = 0;
1484 if (sm->deterministic)
1485 return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
1487 if (!unformat_user (input, unformat_line_input, line_input))
1490 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1492 if (unformat (line_input, "detail"))
1494 else if (unformat (line_input, "metrics"))
1498 error = clib_error_return (0, "unknown input '%U'",
1499 format_unformat_error, line_input);
1503 unformat_free (line_input);
1506 vlib_cli_output (vm, "NAT44 sessions:");
1508 vec_foreach_index (i, sm->per_thread_data)
1510 tsm = vec_elt_at_index (sm->per_thread_data, i);
1512 vlib_cli_output (vm, "-------- thread %d %s: %d sessions --------\n",
1513 i, vlib_worker_threads[i].name,
1514 pool_elts (tsm->sessions));
1517 u64 now = vlib_time_now (sm->vlib_main);
1518 pool_foreach (u, tsm->users,
1520 vlib_cli_output (vm, " %U", format_snat_user_v2, tsm, u, now);
1525 pool_foreach (u, tsm->users,
1527 vlib_cli_output (vm, " %U", format_snat_user, tsm, u, detail);
1535 static clib_error_t *
1536 nat44_del_user_command_fn (vlib_main_t * vm,
1537 unformat_input_t * input, vlib_cli_command_t * cmd)
1539 snat_main_t *sm = &snat_main;
1540 unformat_input_t _line_input, *line_input = &_line_input;
1541 clib_error_t *error = 0;
1546 if (sm->deterministic)
1547 return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
1549 /* Get a line of input. */
1550 if (!unformat_user (input, unformat_line_input, line_input))
1553 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1555 if (unformat (line_input, "%U", unformat_ip4_address, &addr))
1557 else if (unformat (line_input, "fib %u", &fib_index))
1561 error = clib_error_return (0, "unknown input '%U'",
1562 format_unformat_error, line_input);
1567 rv = nat44_user_del (&addr, fib_index);
1571 error = clib_error_return (0, "nat44_user_del returned %d", rv);
1575 unformat_free (line_input);
1580 static clib_error_t *
1581 nat44_del_session_command_fn (vlib_main_t * vm,
1582 unformat_input_t * input,
1583 vlib_cli_command_t * cmd)
1585 snat_main_t *sm = &snat_main;
1586 unformat_input_t _line_input, *line_input = &_line_input;
1587 int is_in = 0, is_ed = 0;
1588 clib_error_t *error = 0;
1589 ip4_address_t addr, eh_addr;
1590 u32 port = 0, eh_port = 0, vrf_id = sm->outside_vrf_id;
1591 snat_protocol_t proto;
1594 if (sm->deterministic)
1595 return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
1597 /* Get a line of input. */
1598 if (!unformat_user (input, unformat_line_input, line_input))
1601 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1604 (line_input, "%U:%u %U", unformat_ip4_address, &addr, &port,
1605 unformat_snat_protocol, &proto))
1607 else if (unformat (line_input, "in"))
1610 vrf_id = sm->inside_vrf_id;
1612 else if (unformat (line_input, "out"))
1615 vrf_id = sm->outside_vrf_id;
1617 else if (unformat (line_input, "vrf %u", &vrf_id))
1621 (line_input, "external-host %U:%u", unformat_ip4_address,
1622 &eh_addr, &eh_port))
1626 error = clib_error_return (0, "unknown input '%U'",
1627 format_unformat_error, line_input);
1634 nat44_del_ed_session (sm, &addr, port, &eh_addr, eh_port,
1635 snat_proto_to_ip_proto (proto), vrf_id, is_in);
1637 rv = nat44_del_session (sm, &addr, port, proto, vrf_id, is_in);
1645 error = clib_error_return (0, "nat44_del_session returned %d", rv);
1650 unformat_free (line_input);
1655 static clib_error_t *
1656 snat_forwarding_set_command_fn (vlib_main_t * vm,
1657 unformat_input_t * input,
1658 vlib_cli_command_t * cmd)
1660 snat_main_t *sm = &snat_main;
1661 unformat_input_t _line_input, *line_input = &_line_input;
1662 u8 forwarding_enable;
1663 u8 forwarding_enable_set = 0;
1664 clib_error_t *error = 0;
1666 if (sm->deterministic)
1667 return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
1669 /* Get a line of input. */
1670 if (!unformat_user (input, unformat_line_input, line_input))
1671 return clib_error_return (0, "'enable' or 'disable' expected");
1673 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1675 if (!forwarding_enable_set && unformat (line_input, "enable"))
1677 forwarding_enable = 1;
1678 forwarding_enable_set = 1;
1680 else if (!forwarding_enable_set && unformat (line_input, "disable"))
1682 forwarding_enable = 0;
1683 forwarding_enable_set = 1;
1687 error = clib_error_return (0, "unknown input '%U'",
1688 format_unformat_error, line_input);
1693 if (!forwarding_enable_set)
1695 error = clib_error_return (0, "'enable' or 'disable' expected");
1699 sm->forwarding_enabled = forwarding_enable;
1702 unformat_free (line_input);
1707 static clib_error_t *
1708 snat_det_map_command_fn (vlib_main_t * vm,
1709 unformat_input_t * input, vlib_cli_command_t * cmd)
1711 snat_main_t *sm = &snat_main;
1712 unformat_input_t _line_input, *line_input = &_line_input;
1713 ip4_address_t in_addr, out_addr;
1714 u32 in_plen, out_plen;
1716 clib_error_t *error = 0;
1718 if (!sm->deterministic)
1719 return clib_error_return (0, SUPPORTED_ONLY_IN_DET_MODE_STR);
1721 /* Get a line of input. */
1722 if (!unformat_user (input, unformat_line_input, line_input))
1725 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1728 (line_input, "in %U/%u", unformat_ip4_address, &in_addr, &in_plen))
1732 (line_input, "out %U/%u", unformat_ip4_address, &out_addr,
1735 else if (unformat (line_input, "del"))
1739 error = clib_error_return (0, "unknown input '%U'",
1740 format_unformat_error, line_input);
1745 rv = snat_det_add_map (sm, &in_addr, (u8) in_plen, &out_addr, (u8) out_plen,
1750 error = clib_error_return (0, "snat_det_add_map return %d", rv);
1755 unformat_free (line_input);
1760 static clib_error_t *
1761 nat44_det_show_mappings_command_fn (vlib_main_t * vm,
1762 unformat_input_t * input,
1763 vlib_cli_command_t * cmd)
1765 snat_main_t *sm = &snat_main;
1768 if (!sm->deterministic)
1769 return clib_error_return (0, SUPPORTED_ONLY_IN_DET_MODE_STR);
1771 vlib_cli_output (vm, "NAT44 deterministic mappings:");
1773 pool_foreach (dm, sm->det_maps,
1775 vlib_cli_output (vm, " in %U/%d out %U/%d\n",
1776 format_ip4_address, &dm->in_addr, dm->in_plen,
1777 format_ip4_address, &dm->out_addr, dm->out_plen);
1778 vlib_cli_output (vm, " outside address sharing ratio: %d\n",
1780 vlib_cli_output (vm, " number of ports per inside host: %d\n",
1781 dm->ports_per_host);
1782 vlib_cli_output (vm, " sessions number: %d\n", dm->ses_num);
1789 static clib_error_t *
1790 snat_det_forward_command_fn (vlib_main_t * vm,
1791 unformat_input_t * input,
1792 vlib_cli_command_t * cmd)
1794 snat_main_t *sm = &snat_main;
1795 unformat_input_t _line_input, *line_input = &_line_input;
1796 ip4_address_t in_addr, out_addr;
1799 clib_error_t *error = 0;
1801 if (!sm->deterministic)
1802 return clib_error_return (0, SUPPORTED_ONLY_IN_DET_MODE_STR);
1804 /* Get a line of input. */
1805 if (!unformat_user (input, unformat_line_input, line_input))
1808 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1810 if (unformat (line_input, "%U", unformat_ip4_address, &in_addr))
1814 error = clib_error_return (0, "unknown input '%U'",
1815 format_unformat_error, line_input);
1820 dm = snat_det_map_by_user (sm, &in_addr);
1822 vlib_cli_output (vm, "no match");
1825 snat_det_forward (dm, &in_addr, &out_addr, &lo_port);
1826 vlib_cli_output (vm, "%U:<%d-%d>", format_ip4_address, &out_addr,
1827 lo_port, lo_port + dm->ports_per_host - 1);
1831 unformat_free (line_input);
1836 static clib_error_t *
1837 snat_det_reverse_command_fn (vlib_main_t * vm,
1838 unformat_input_t * input,
1839 vlib_cli_command_t * cmd)
1841 snat_main_t *sm = &snat_main;
1842 unformat_input_t _line_input, *line_input = &_line_input;
1843 ip4_address_t in_addr, out_addr;
1846 clib_error_t *error = 0;
1848 if (!sm->deterministic)
1849 return clib_error_return (0, SUPPORTED_ONLY_IN_DET_MODE_STR);
1851 /* Get a line of input. */
1852 if (!unformat_user (input, unformat_line_input, line_input))
1855 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1858 (line_input, "%U:%d", unformat_ip4_address, &out_addr, &out_port))
1862 error = clib_error_return (0, "unknown input '%U'",
1863 format_unformat_error, line_input);
1868 if (out_port < 1024 || out_port > 65535)
1870 error = clib_error_return (0, "wrong port, must be <1024-65535>");
1874 dm = snat_det_map_by_out (sm, &out_addr);
1876 vlib_cli_output (vm, "no match");
1879 snat_det_reverse (dm, &out_addr, (u16) out_port, &in_addr);
1880 vlib_cli_output (vm, "%U", format_ip4_address, &in_addr);
1884 unformat_free (line_input);
1889 static clib_error_t *
1890 set_timeout_command_fn (vlib_main_t * vm,
1891 unformat_input_t * input, vlib_cli_command_t * cmd)
1893 snat_main_t *sm = &snat_main;
1894 unformat_input_t _line_input, *line_input = &_line_input;
1895 clib_error_t *error = 0;
1897 /* Get a line of input. */
1898 if (!unformat_user (input, unformat_line_input, line_input))
1901 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1903 if (unformat (line_input, "udp %u", &sm->udp_timeout))
1905 if (nat64_set_udp_timeout (sm->udp_timeout))
1907 error = clib_error_return (0, "Invalid UDP timeout value");
1911 else if (unformat (line_input, "tcp-established %u",
1912 &sm->tcp_established_timeout))
1914 if (nat64_set_tcp_timeouts
1915 (sm->tcp_transitory_timeout, sm->tcp_established_timeout))
1918 clib_error_return (0,
1919 "Invalid TCP established timeouts value");
1923 else if (unformat (line_input, "tcp-transitory %u",
1924 &sm->tcp_transitory_timeout))
1926 if (nat64_set_tcp_timeouts
1927 (sm->tcp_transitory_timeout, sm->tcp_established_timeout))
1930 clib_error_return (0,
1931 "Invalid TCP transitory timeouts value");
1935 else if (unformat (line_input, "icmp %u", &sm->icmp_timeout))
1937 if (nat64_set_icmp_timeout (sm->icmp_timeout))
1939 error = clib_error_return (0, "Invalid ICMP timeout value");
1943 else if (unformat (line_input, "reset"))
1945 sm->udp_timeout = SNAT_UDP_TIMEOUT;
1946 sm->tcp_established_timeout = SNAT_TCP_ESTABLISHED_TIMEOUT;
1947 sm->tcp_transitory_timeout = SNAT_TCP_TRANSITORY_TIMEOUT;
1948 sm->icmp_timeout = SNAT_ICMP_TIMEOUT;
1949 nat64_set_udp_timeout (0);
1950 nat64_set_icmp_timeout (0);
1951 nat64_set_tcp_timeouts (0, 0);
1955 error = clib_error_return (0, "unknown input '%U'",
1956 format_unformat_error, line_input);
1961 unformat_free (line_input);
1965 static clib_error_t *
1966 nat_show_timeouts_command_fn (vlib_main_t * vm,
1967 unformat_input_t * input,
1968 vlib_cli_command_t * cmd)
1970 snat_main_t *sm = &snat_main;
1972 vlib_cli_output (vm, "udp timeout: %dsec", sm->udp_timeout);
1973 vlib_cli_output (vm, "tcp-established timeout: %dsec",
1974 sm->tcp_established_timeout);
1975 vlib_cli_output (vm, "tcp-transitory timeout: %dsec",
1976 sm->tcp_transitory_timeout);
1977 vlib_cli_output (vm, "icmp timeout: %dsec", sm->icmp_timeout);
1982 static clib_error_t *
1983 nat44_det_show_sessions_command_fn (vlib_main_t * vm,
1984 unformat_input_t * input,
1985 vlib_cli_command_t * cmd)
1987 snat_main_t *sm = &snat_main;
1989 snat_det_session_t *ses;
1992 if (!sm->deterministic)
1993 return clib_error_return (0, SUPPORTED_ONLY_IN_DET_MODE_STR);
1995 vlib_cli_output (vm, "NAT44 deterministic sessions:");
1997 pool_foreach (dm, sm->det_maps,
1999 vec_foreach_index (i, dm->sessions)
2001 ses = vec_elt_at_index (dm->sessions, i);
2003 vlib_cli_output (vm, " %U", format_det_map_ses, dm, ses, &i);
2010 static clib_error_t *
2011 snat_det_close_session_out_fn (vlib_main_t * vm,
2012 unformat_input_t * input,
2013 vlib_cli_command_t * cmd)
2015 snat_main_t *sm = &snat_main;
2016 unformat_input_t _line_input, *line_input = &_line_input;
2017 ip4_address_t out_addr, ext_addr, in_addr;
2018 u32 out_port, ext_port;
2020 snat_det_session_t *ses;
2021 snat_det_out_key_t key;
2022 clib_error_t *error = 0;
2024 if (!sm->deterministic)
2025 return clib_error_return (0, SUPPORTED_ONLY_IN_DET_MODE_STR);
2027 /* Get a line of input. */
2028 if (!unformat_user (input, unformat_line_input, line_input))
2031 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
2033 if (unformat (line_input, "%U:%d %U:%d",
2034 unformat_ip4_address, &out_addr, &out_port,
2035 unformat_ip4_address, &ext_addr, &ext_port))
2039 error = clib_error_return (0, "unknown input '%U'",
2040 format_unformat_error, line_input);
2045 unformat_free (line_input);
2047 dm = snat_det_map_by_out (sm, &out_addr);
2049 vlib_cli_output (vm, "no match");
2052 snat_det_reverse (dm, &ext_addr, (u16) out_port, &in_addr);
2053 key.ext_host_addr = out_addr;
2054 key.ext_host_port = ntohs ((u16) ext_port);
2055 key.out_port = ntohs ((u16) out_port);
2056 ses = snat_det_get_ses_by_out (dm, &out_addr, key.as_u64);
2058 vlib_cli_output (vm, "no match");
2060 snat_det_ses_close (dm, ses);
2064 unformat_free (line_input);
2069 static clib_error_t *
2070 snat_det_close_session_in_fn (vlib_main_t * vm,
2071 unformat_input_t * input,
2072 vlib_cli_command_t * cmd)
2074 snat_main_t *sm = &snat_main;
2075 unformat_input_t _line_input, *line_input = &_line_input;
2076 ip4_address_t in_addr, ext_addr;
2077 u32 in_port, ext_port;
2079 snat_det_session_t *ses;
2080 snat_det_out_key_t key;
2081 clib_error_t *error = 0;
2083 if (!sm->deterministic)
2084 return clib_error_return (0, SUPPORTED_ONLY_IN_DET_MODE_STR);
2086 /* Get a line of input. */
2087 if (!unformat_user (input, unformat_line_input, line_input))
2090 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
2092 if (unformat (line_input, "%U:%d %U:%d",
2093 unformat_ip4_address, &in_addr, &in_port,
2094 unformat_ip4_address, &ext_addr, &ext_port))
2098 error = clib_error_return (0, "unknown input '%U'",
2099 format_unformat_error, line_input);
2104 unformat_free (line_input);
2106 dm = snat_det_map_by_user (sm, &in_addr);
2108 vlib_cli_output (vm, "no match");
2111 key.ext_host_addr = ext_addr;
2112 key.ext_host_port = ntohs ((u16) ext_port);
2114 snat_det_find_ses_by_in (dm, &in_addr, ntohs ((u16) in_port), key);
2116 vlib_cli_output (vm, "no match");
2118 snat_det_ses_close (dm, ses);
2122 unformat_free (line_input);
2130 * @cliexstart{set snat workers}
2131 * Set NAT workers if 2 or more workers available, use:
2132 * vpp# set snat workers 0-2,5
2135 VLIB_CLI_COMMAND (set_workers_command, static) = {
2136 .path = "set nat workers",
2137 .function = set_workers_command_fn,
2138 .short_help = "set nat workers <workers-list>",
2143 * @cliexstart{show nat workers}
2145 * vpp# show nat workers:
2151 VLIB_CLI_COMMAND (nat_show_workers_command, static) = {
2152 .path = "show nat workers",
2153 .short_help = "show nat workers",
2154 .function = nat_show_workers_commnad_fn,
2159 * @cliexstart{set nat timeout}
2160 * Set values of timeouts for NAT sessions (in seconds), use:
2161 * vpp# set nat timeout udp 120 tcp-established 7500 tcp-transitory 250 icmp 90
2162 * To reset default values use:
2163 * vpp# set nat44 deterministic timeout reset
2166 VLIB_CLI_COMMAND (set_timeout_command, static) = {
2167 .path = "set nat timeout",
2168 .function = set_timeout_command_fn,
2170 "set nat timeout [udp <sec> | tcp-established <sec> "
2171 "tcp-transitory <sec> | icmp <sec> | reset]",
2176 * @cliexstart{show nat timeouts}
2177 * Show values of timeouts for NAT sessions.
2178 * vpp# show nat timeouts
2179 * udp timeout: 300sec
2180 * tcp-established timeout: 7440sec
2181 * tcp-transitory timeout: 240sec
2182 * icmp timeout: 60sec
2185 VLIB_CLI_COMMAND (nat_show_timeouts_command, static) = {
2186 .path = "show nat timeouts",
2187 .short_help = "show nat timeouts",
2188 .function = nat_show_timeouts_command_fn,
2193 * @cliexstart{nat set logging level}
2194 * To set NAT logging level use:
2195 * Set nat logging level
2198 VLIB_CLI_COMMAND (snat_set_log_level_command, static) = {
2199 .path = "nat set logging level",
2200 .function = snat_set_log_level_command_fn,
2201 .short_help = "nat set logging level <level>",
2206 * @cliexstart{snat ipfix logging}
2207 * To enable NAT IPFIX logging use:
2208 * vpp# nat ipfix logging
2209 * To set IPFIX exporter use:
2210 * vpp# set ipfix exporter collector 10.10.10.3 src 10.10.10.1
2213 VLIB_CLI_COMMAND (snat_ipfix_logging_enable_disable_command, static) = {
2214 .path = "nat ipfix logging",
2215 .function = snat_ipfix_logging_enable_disable_command_fn,
2216 .short_help = "nat ipfix logging [domain <domain-id>] [src-port <port>] [disable]",
2221 * @cliexstart{nat addr-port-assignment-alg}
2222 * Set address and port assignment algorithm
2223 * For the MAP-E CE limit port choice based on PSID use:
2224 * vpp# nat addr-port-assignment-alg map-e psid 10 psid-offset 6 psid-len 6
2225 * For port range use:
2226 * vpp# nat addr-port-assignment-alg port-range <start-port> - <end-port>
2227 * To set standard (default) address and port assignment algorithm use:
2228 * vpp# nat addr-port-assignment-alg default
2231 VLIB_CLI_COMMAND (nat44_set_alloc_addr_and_port_alg_command, static) = {
2232 .path = "nat addr-port-assignment-alg",
2233 .short_help = "nat addr-port-assignment-alg <alg-name> [<alg-params>]",
2234 .function = nat44_set_alloc_addr_and_port_alg_command_fn,
2239 * @cliexstart{show nat addr-port-assignment-alg}
2240 * Show address and port assignment algorithm
2243 VLIB_CLI_COMMAND (nat44_show_alloc_addr_and_port_alg_command, static) = {
2244 .path = "show nat addr-port-assignment-alg",
2245 .short_help = "show nat addr-port-assignment-alg",
2246 .function = nat44_show_alloc_addr_and_port_alg_command_fn,
2251 * @cliexstart{nat mss-clamping}
2252 * Set TCP MSS rewriting configuration
2253 * To enable TCP MSS rewriting use:
2254 * vpp# nat mss-clamping 1452
2255 * To disbale TCP MSS rewriting use:
2256 * vpp# nat mss-clamping disable
2259 VLIB_CLI_COMMAND (nat_set_mss_clamping_command, static) = {
2260 .path = "nat mss-clamping",
2261 .short_help = "nat mss-clamping <mss-value>|disable",
2262 .function = nat_set_mss_clamping_command_fn,
2267 * @cliexstart{show nat mss-clamping}
2268 * Show TCP MSS rewriting configuration
2271 VLIB_CLI_COMMAND (nat_show_mss_clamping_command, static) = {
2272 .path = "show nat mss-clamping",
2273 .short_help = "show nat mss-clamping",
2274 .function = nat_show_mss_clamping_command_fn,
2279 * @cliexstart{nat ha failover}
2280 * Set HA failover (remote settings)
2283 VLIB_CLI_COMMAND (nat_ha_failover_command, static) = {
2284 .path = "nat ha failover",
2285 .short_help = "nat ha failover <ip4-address>:<port> [refresh-interval <sec>]",
2286 .function = nat_ha_failover_command_fn,
2291 * @cliexstart{nat ha listener}
2292 * Set HA listener (local settings)
2295 VLIB_CLI_COMMAND (nat_ha_listener_command, static) = {
2296 .path = "nat ha listener",
2297 .short_help = "nat ha listener <ip4-address>:<port> [path-mtu <path-mtu>]",
2298 .function = nat_ha_listener_command_fn,
2303 * @cliexstart{show nat ha}
2304 * Show HA configuration/status
2307 VLIB_CLI_COMMAND (nat_show_ha_command, static) = {
2308 .path = "show nat ha",
2309 .short_help = "show nat ha",
2310 .function = nat_show_ha_command_fn,
2315 * @cliexstart{nat ha flush}
2316 * Flush the current HA data (for testing)
2319 VLIB_CLI_COMMAND (nat_ha_flush_command, static) = {
2320 .path = "nat ha flush",
2321 .short_help = "nat ha flush",
2322 .function = nat_ha_flush_command_fn,
2327 * @cliexstart{nat ha resync}
2328 * Resync HA (resend existing sessions to new failover)
2331 VLIB_CLI_COMMAND (nat_ha_resync_command, static) = {
2332 .path = "nat ha resync",
2333 .short_help = "nat ha resync",
2334 .function = nat_ha_resync_command_fn,
2339 * @cliexstart{show nat44 hash tables}
2340 * Show NAT44 hash tables
2343 VLIB_CLI_COMMAND (nat44_show_hash, static) = {
2344 .path = "show nat44 hash tables",
2345 .short_help = "show nat44 hash tables [detail|verbose]",
2346 .function = nat44_show_hash_commnad_fn,
2351 * @cliexstart{nat44 add address}
2352 * Add/delete NAT44 pool address.
2353 * To add NAT44 pool address use:
2354 * vpp# nat44 add address 172.16.1.3
2355 * vpp# nat44 add address 172.16.2.2 - 172.16.2.24
2356 * To add NAT44 pool address for specific tenant (identified by VRF id) use:
2357 * vpp# nat44 add address 172.16.1.3 tenant-vrf 10
2360 VLIB_CLI_COMMAND (add_address_command, static) = {
2361 .path = "nat44 add address",
2362 .short_help = "nat44 add address <ip4-range-start> [- <ip4-range-end>] "
2363 "[tenant-vrf <vrf-id>] [twice-nat] [del]",
2364 .function = add_address_command_fn,
2369 * @cliexstart{show nat44 summary}
2370 * Show NAT44 summary
2371 * vpp# show nat44 summary
2374 VLIB_CLI_COMMAND (nat44_show_summary_command, static) = {
2375 .path = "show nat44 summary",
2376 .short_help = "show nat44 summary",
2377 .function = nat44_show_summary_command_fn,
2382 * @cliexstart{show nat44 addresses}
2383 * Show NAT44 pool addresses.
2384 * vpp# show nat44 addresses
2385 * NAT44 pool addresses:
2387 * tenant VRF independent
2396 * NAT44 twice-nat pool addresses:
2398 * tenant VRF independent
2404 VLIB_CLI_COMMAND (nat44_show_addresses_command, static) = {
2405 .path = "show nat44 addresses",
2406 .short_help = "show nat44 addresses",
2407 .function = nat44_show_addresses_command_fn,
2412 * @cliexstart{set interface nat44}
2413 * Enable/disable NAT44 feature on the interface.
2414 * To enable NAT44 feature with local network interface use:
2415 * vpp# set interface nat44 in GigabitEthernet0/8/0
2416 * To enable NAT44 feature with external network interface use:
2417 * vpp# set interface nat44 out GigabitEthernet0/a/0
2420 VLIB_CLI_COMMAND (set_interface_snat_command, static) = {
2421 .path = "set interface nat44",
2422 .function = snat_feature_command_fn,
2423 .short_help = "set interface nat44 in <intfc> out <intfc> [output-feature] "
2429 * @cliexstart{show nat44 interfaces}
2430 * Show interfaces with NAT44 feature.
2431 * vpp# show nat44 interfaces
2433 * GigabitEthernet0/8/0 in
2434 * GigabitEthernet0/a/0 out
2437 VLIB_CLI_COMMAND (nat44_show_interfaces_command, static) = {
2438 .path = "show nat44 interfaces",
2439 .short_help = "show nat44 interfaces",
2440 .function = nat44_show_interfaces_command_fn,
2445 * @cliexstart{nat44 add static mapping}
2446 * Static mapping allows hosts on the external network to initiate connection
2447 * to to the local network host.
2448 * To create static mapping between local host address 10.0.0.3 port 6303 and
2449 * external address 4.4.4.4 port 3606 for TCP protocol use:
2450 * vpp# nat44 add static mapping tcp local 10.0.0.3 6303 external 4.4.4.4 3606
2451 * If not runnig "static mapping only" NAT plugin mode use before:
2452 * vpp# nat44 add address 4.4.4.4
2453 * To create static mapping between local and external address use:
2454 * vpp# nat44 add static mapping local 10.0.0.3 external 4.4.4.4
2457 VLIB_CLI_COMMAND (add_static_mapping_command, static) = {
2458 .path = "nat44 add static mapping",
2459 .function = add_static_mapping_command_fn,
2461 "nat44 add static mapping tcp|udp|icmp local <addr> [<port>] "
2462 "external <addr> [<port>] [vrf <table-id>] [twice-nat|self-twice-nat] "
2463 "[out2in-only] [del]",
2468 * @cliexstart{nat44 add identity mapping}
2469 * Identity mapping translate an IP address to itself.
2470 * To create identity mapping for address 10.0.0.3 port 6303 for TCP protocol
2472 * vpp# nat44 add identity mapping 10.0.0.3 tcp 6303
2473 * To create identity mapping for address 10.0.0.3 use:
2474 * vpp# nat44 add identity mapping 10.0.0.3
2475 * To create identity mapping for DHCP addressed interface use:
2476 * vpp# nat44 add identity mapping external GigabitEthernet0/a/0 tcp 3606
2479 VLIB_CLI_COMMAND (add_identity_mapping_command, static) = {
2480 .path = "nat44 add identity mapping",
2481 .function = add_identity_mapping_command_fn,
2482 .short_help = "nat44 add identity mapping <ip4-addr>|external <interface> "
2483 "[<protocol> <port>] [vrf <table-id>] [del]",
2488 * @cliexstart{nat44 add load-balancing static mapping}
2489 * Service load balancing using NAT44
2490 * To add static mapping with load balancing for service with external IP
2491 * address 1.2.3.4 and TCP port 80 and mapped to 2 local servers
2492 * 10.100.10.10:8080 and 10.100.10.20:8080 with probability 80% resp. 20% use:
2493 * vpp# nat44 add load-balancing static mapping protocol tcp external 1.2.3.4:80 local 10.100.10.10:8080 probability 80 local 10.100.10.20:8080 probability 20
2496 VLIB_CLI_COMMAND (add_lb_static_mapping_command, static) = {
2497 .path = "nat44 add load-balancing static mapping",
2498 .function = add_lb_static_mapping_command_fn,
2500 "nat44 add load-balancing static mapping protocol tcp|udp "
2501 "external <addr>:<port> local <addr>:<port> [vrf <table-id>] "
2502 "probability <n> [twice-nat|self-twice-nat] [out2in-only] "
2503 "[affinity <timeout-seconds>] [del]",
2508 * @cliexstart{nat44 add load-balancing static mapping}
2509 * Modify service load balancing using NAT44
2510 * To add new back-end server 10.100.10.30:8080 for service load balancing
2511 * static mapping with external IP address 1.2.3.4 and TCP port 80 use:
2512 * vpp# nat44 add load-balancing back-end protocol tcp external 1.2.3.4:80 local 10.100.10.30:8080 probability 25
2515 VLIB_CLI_COMMAND (add_lb_backend_command, static) = {
2516 .path = "nat44 add load-balancing back-end",
2517 .function = add_lb_backend_command_fn,
2519 "nat44 add load-balancing back-end protocol tcp|udp "
2520 "external <addr>:<port> local <addr>:<port> [vrf <table-id>] "
2521 "probability <n> [del]",
2526 * @cliexstart{show nat44 static mappings}
2527 * Show NAT44 static mappings.
2528 * vpp# show nat44 static mappings
2529 * NAT44 static mappings:
2530 * local 10.0.0.3 external 4.4.4.4 vrf 0
2531 * tcp local 192.168.0.4:6303 external 4.4.4.3:3606 vrf 0
2532 * tcp vrf 0 external 1.2.3.4:80 out2in-only
2533 * local 10.100.10.10:8080 probability 80
2534 * local 10.100.10.20:8080 probability 20
2535 * tcp local 10.100.3.8:8080 external 169.10.10.1:80 vrf 0 twice-nat
2536 * tcp local 10.0.0.10:3603 external GigabitEthernet0/a/0:6306 vrf 10
2539 VLIB_CLI_COMMAND (nat44_show_static_mappings_command, static) = {
2540 .path = "show nat44 static mappings",
2541 .short_help = "show nat44 static mappings",
2542 .function = nat44_show_static_mappings_command_fn,
2547 * @cliexstart{nat44 add interface address}
2548 * Use NAT44 pool address from specific interfce
2549 * To add NAT44 pool address from specific interface use:
2550 * vpp# nat44 add interface address GigabitEthernet0/8/0
2553 VLIB_CLI_COMMAND (snat_add_interface_address_command, static) = {
2554 .path = "nat44 add interface address",
2555 .short_help = "nat44 add interface address <interface> [twice-nat] [del]",
2556 .function = snat_add_interface_address_command_fn,
2561 * @cliexstart{show nat44 interface address}
2562 * Show NAT44 pool address interfaces
2563 * vpp# show nat44 interface address
2564 * NAT44 pool address interfaces:
2565 * GigabitEthernet0/a/0
2566 * NAT44 twice-nat pool address interfaces:
2567 * GigabitEthernet0/8/0
2570 VLIB_CLI_COMMAND (nat44_show_interface_address_command, static) = {
2571 .path = "show nat44 interface address",
2572 .short_help = "show nat44 interface address",
2573 .function = nat44_show_interface_address_command_fn,
2578 * @cliexstart{show nat44 sessions}
2579 * Show NAT44 sessions.
2582 VLIB_CLI_COMMAND (nat44_show_sessions_command, static) = {
2583 .path = "show nat44 sessions",
2584 .short_help = "show nat44 sessions [detail|metrics]",
2585 .function = nat44_show_sessions_command_fn,
2590 * @cliexstart{nat44 del user}
2591 * To delete all NAT44 user sessions:
2592 * vpp# nat44 del user 10.0.0.3
2595 VLIB_CLI_COMMAND (nat44_del_user_command, static) = {
2596 .path = "nat44 del user",
2597 .short_help = "nat44 del user <addr> [fib <index>]",
2598 .function = nat44_del_user_command_fn,
2603 * @cliexstart{nat44 del session}
2604 * To administratively delete NAT44 session by inside address and port use:
2605 * vpp# nat44 del session in 10.0.0.3:6303 tcp
2606 * To administratively delete NAT44 session by outside address and port use:
2607 * vpp# nat44 del session out 1.0.0.3:6033 udp
2610 VLIB_CLI_COMMAND (nat44_del_session_command, static) = {
2611 .path = "nat44 del session",
2612 .short_help = "nat44 del session in|out <addr>:<port> tcp|udp|icmp [vrf <id>] [external-host <addr>:<port>]",
2613 .function = nat44_del_session_command_fn,
2618 * @cliexstart{nat44 forwarding}
2619 * Enable or disable forwarding
2620 * Forward packets which don't match existing translation
2621 * or static mapping instead of dropping them.
2622 * To enable forwarding, use:
2623 * vpp# nat44 forwarding enable
2624 * To disable forwarding, use:
2625 * vpp# nat44 forwarding disable
2628 VLIB_CLI_COMMAND (snat_forwarding_set_command, static) = {
2629 .path = "nat44 forwarding",
2630 .short_help = "nat44 forwarding enable|disable",
2631 .function = snat_forwarding_set_command_fn,
2636 * @cliexstart{nat44 deterministic add}
2637 * Create bijective mapping of inside address to outside address and port range
2638 * pairs, with the purpose of enabling deterministic NAT to reduce logging in
2640 * To create deterministic mapping between inside network 10.0.0.0/18 and
2641 * outside network 1.1.1.0/30 use:
2642 * # vpp# nat44 deterministic add in 10.0.0.0/18 out 1.1.1.0/30
2645 VLIB_CLI_COMMAND (snat_det_map_command, static) = {
2646 .path = "nat44 deterministic add",
2647 .short_help = "nat44 deterministic add in <addr>/<plen> out <addr>/<plen> [del]",
2648 .function = snat_det_map_command_fn,
2653 * @cliexpstart{show nat44 deterministic mappings}
2654 * Show NAT44 deterministic mappings
2655 * vpp# show nat44 deterministic mappings
2656 * NAT44 deterministic mappings:
2657 * in 10.0.0.0/24 out 1.1.1.1/32
2658 * outside address sharing ratio: 256
2659 * number of ports per inside host: 252
2660 * sessions number: 0
2663 VLIB_CLI_COMMAND (nat44_det_show_mappings_command, static) = {
2664 .path = "show nat44 deterministic mappings",
2665 .short_help = "show nat44 deterministic mappings",
2666 .function = nat44_det_show_mappings_command_fn,
2671 * @cliexstart{nat44 deterministic forward}
2672 * Return outside address and port range from inside address for deterministic
2674 * To obtain outside address and port of inside host use:
2675 * vpp# nat44 deterministic forward 10.0.0.2
2676 * 1.1.1.0:<1054-1068>
2679 VLIB_CLI_COMMAND (snat_det_forward_command, static) = {
2680 .path = "nat44 deterministic forward",
2681 .short_help = "nat44 deterministic forward <addr>",
2682 .function = snat_det_forward_command_fn,
2687 * @cliexstart{nat44 deterministic reverse}
2688 * Return inside address from outside address and port for deterministic NAT.
2689 * To obtain inside host address from outside address and port use:
2690 * #vpp nat44 deterministic reverse 1.1.1.1:1276
2694 VLIB_CLI_COMMAND (snat_det_reverse_command, static) = {
2695 .path = "nat44 deterministic reverse",
2696 .short_help = "nat44 deterministic reverse <addr>:<port>",
2697 .function = snat_det_reverse_command_fn,
2702 * @cliexstart{show nat44 deterministic sessions}
2703 * Show NAT44 deterministic sessions.
2704 * vpp# show nat44 deterministic sessions
2705 * NAT44 deterministic sessions:
2706 * in 10.0.0.3:3005 out 1.1.1.2:1146 external host 172.16.1.2:3006 state: udp-active expire: 306
2707 * in 10.0.0.3:3000 out 1.1.1.2:1141 external host 172.16.1.2:3001 state: udp-active expire: 306
2708 * in 10.0.0.4:3005 out 1.1.1.2:1177 external host 172.16.1.2:3006 state: udp-active expire: 306
2711 VLIB_CLI_COMMAND (nat44_det_show_sessions_command, static) = {
2712 .path = "show nat44 deterministic sessions",
2713 .short_help = "show nat44 deterministic sessions",
2714 .function = nat44_det_show_sessions_command_fn,
2719 * @cliexstart{nat44 deterministic close session out}
2720 * Close session using outside ip address and port
2721 * and external ip address and port, use:
2722 * vpp# nat44 deterministic close session out 1.1.1.1:1276 2.2.2.2:2387
2725 VLIB_CLI_COMMAND (snat_det_close_sesion_out_command, static) = {
2726 .path = "nat44 deterministic close session out",
2727 .short_help = "nat44 deterministic close session out "
2728 "<out_addr>:<out_port> <ext_addr>:<ext_port>",
2729 .function = snat_det_close_session_out_fn,
2734 * @cliexstart{nat44 deterministic close session in}
2735 * Close session using inside ip address and port
2736 * and external ip address and port, use:
2737 * vpp# nat44 deterministic close session in 3.3.3.3:3487 2.2.2.2:2387
2740 VLIB_CLI_COMMAND (snat_det_close_session_in_command, static) = {
2741 .path = "nat44 deterministic close session in",
2742 .short_help = "nat44 deterministic close session in "
2743 "<in_addr>:<in_port> <ext_addr>:<ext_port>",
2744 .function = snat_det_close_session_in_fn,
2750 * fd.io coding-style-patch-verification: ON
2753 * eval: (c-set-style "gnu")
Code Review / vpp.git / blob