2 * snat.c - simple nat plugin
4 * Copyright (c) 2016 Cisco and/or its affiliates.
5 * Licensed under the Apache License, Version 2.0 (the "License");
6 * you may not use this file except in compliance with the License.
7 * You may obtain a copy of the License at:
9 * http://www.apache.org/licenses/LICENSE-2.0
11 * Unless required by applicable law or agreed to in writing, software
12 * distributed under the License is distributed on an "AS IS" BASIS,
13 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 * See the License for the specific language governing permissions and
15 * limitations under the License.
18 #include <vnet/vnet.h>
19 #include <vnet/ip/ip.h>
20 #include <vnet/ip/ip4.h>
21 #include <vnet/plugin/plugin.h>
22 #include <vlibapi/api.h>
23 #include <snat/snat.h>
24 #include <snat/snat_ipfix_logging.h>
25 #include <vnet/fib/fib_table.h>
26 #include <vnet/fib/ip4_fib.h>
28 #include <vlibapi/api.h>
29 #include <vlibmemory/api.h>
30 #include <vlibsocket/api.h>
31 #include <vpp/app/version.h>
33 snat_main_t snat_main;
35 /* define message IDs */
36 #include <snat/snat_msg_enum.h>
38 /* define message structures */
40 #include <snat/snat_all_api_h.h>
43 /* define generated endian-swappers */
45 #include <snat/snat_all_api_h.h>
48 #define vl_print(handle, ...) vlib_cli_output (handle, __VA_ARGS__)
50 /* Get the API version number */
51 #define vl_api_version(n,v) static u32 api_version=(v);
52 #include <snat/snat_all_api_h.h>
55 /* Macro to finish up custom dump fns */
58 vl_print (handle, (char *)s); \
63 * A handy macro to set up a message reply.
64 * Assumes that the following variables are available:
65 * mp - pointer to request message
66 * rmp - pointer to reply message type
70 #define REPLY_MACRO(t) \
72 unix_shared_memory_queue_t * q = \
73 vl_api_client_index_to_input_queue (mp->client_index); \
77 rmp = vl_msg_api_alloc (sizeof (*rmp)); \
78 rmp->_vl_msg_id = ntohs((t)+sm->msg_id_base); \
79 rmp->context = mp->context; \
80 rmp->retval = ntohl(rv); \
82 vl_msg_api_send_shmem (q, (u8 *)&rmp); \
85 #define REPLY_MACRO2(t, body) \
87 unix_shared_memory_queue_t * q = \
88 vl_api_client_index_to_input_queue (mp->client_index); \
92 rmp = vl_msg_api_alloc (sizeof (*rmp)); \
93 rmp->_vl_msg_id = ntohs((t)+sm->msg_id_base); \
94 rmp->context = mp->context; \
95 rmp->retval = ntohl(rv); \
96 do {body;} while (0); \
97 vl_msg_api_send_shmem (q, (u8 *)&rmp); \
101 /* Hook up input features */
102 VNET_FEATURE_INIT (ip4_snat_in2out, static) = {
103 .arc_name = "ip4-unicast",
104 .node_name = "snat-in2out",
105 .runs_before = VNET_FEATURES ("snat-out2in"),
107 VNET_FEATURE_INIT (ip4_snat_out2in, static) = {
108 .arc_name = "ip4-unicast",
109 .node_name = "snat-out2in",
110 .runs_before = VNET_FEATURES ("ip4-lookup"),
112 VNET_FEATURE_INIT (ip4_snat_in2out_worker_handoff, static) = {
113 .arc_name = "ip4-unicast",
114 .node_name = "snat-in2out-worker-handoff",
115 .runs_before = VNET_FEATURES ("snat-out2in-worker-handoff"),
117 VNET_FEATURE_INIT (ip4_snat_out2in_worker_handoff, static) = {
118 .arc_name = "ip4-unicast",
119 .node_name = "snat-out2in-worker-handoff",
120 .runs_before = VNET_FEATURES ("ip4-lookup"),
122 VNET_FEATURE_INIT (ip4_snat_in2out_fast, static) = {
123 .arc_name = "ip4-unicast",
124 .node_name = "snat-in2out-fast",
125 .runs_before = VNET_FEATURES ("snat-out2in-fast"),
127 VNET_FEATURE_INIT (ip4_snat_out2in_fast, static) = {
128 .arc_name = "ip4-unicast",
129 .node_name = "snat-out2in-fast",
130 .runs_before = VNET_FEATURES ("ip4-lookup"),
134 VLIB_PLUGIN_REGISTER () = {
135 .version = VPP_BUILD_VER,
139 /*$$$$$ move to an installed header file */
140 #if (1 || CLIB_DEBUG > 0) /* "trust, but verify" */
142 #define VALIDATE_SW_IF_INDEX(mp) \
143 do { u32 __sw_if_index = ntohl(mp->sw_if_index); \
144 vnet_main_t *__vnm = vnet_get_main(); \
145 if (pool_is_free_index(__vnm->interface_main.sw_interfaces, \
147 rv = VNET_API_ERROR_INVALID_SW_IF_INDEX; \
148 goto bad_sw_if_index; \
152 #define BAD_SW_IF_INDEX_LABEL \
158 #define VALIDATE_RX_SW_IF_INDEX(mp) \
159 do { u32 __rx_sw_if_index = ntohl(mp->rx_sw_if_index); \
160 vnet_main_t *__vnm = vnet_get_main(); \
161 if (pool_is_free_index(__vnm->interface_main.sw_interfaces, \
162 __rx_sw_if_index)) { \
163 rv = VNET_API_ERROR_INVALID_SW_IF_INDEX; \
164 goto bad_rx_sw_if_index; \
168 #define BAD_RX_SW_IF_INDEX_LABEL \
170 bad_rx_sw_if_index: \
174 #define VALIDATE_TX_SW_IF_INDEX(mp) \
175 do { u32 __tx_sw_if_index = ntohl(mp->tx_sw_if_index); \
176 vnet_main_t *__vnm = vnet_get_main(); \
177 if (pool_is_free_index(__vnm->interface_main.sw_interfaces, \
178 __tx_sw_if_index)) { \
179 rv = VNET_API_ERROR_INVALID_SW_IF_INDEX; \
180 goto bad_tx_sw_if_index; \
184 #define BAD_TX_SW_IF_INDEX_LABEL \
186 bad_tx_sw_if_index: \
192 #define VALIDATE_SW_IF_INDEX(mp)
193 #define BAD_SW_IF_INDEX_LABEL
194 #define VALIDATE_RX_SW_IF_INDEX(mp)
195 #define BAD_RX_SW_IF_INDEX_LABEL
196 #define VALIDATE_TX_SW_IF_INDEX(mp)
197 #define BAD_TX_SW_IF_INDEX_LABEL
199 #endif /* CLIB_DEBUG > 0 */
202 * @brief Add/del NAT address to FIB.
204 * Add the external NAT address to the FIB as receive entries. This ensures
205 * that VPP will reply to ARP for this address and we don't need to enable
206 * proxy ARP on the outside interface.
208 * @param addr IPv4 address.
209 * @param sw_if_index Interface.
210 * @param is_add If 0 delete, otherwise add.
213 snat_add_del_addr_to_fib (ip4_address_t * addr, u32 sw_if_index, int is_add)
215 fib_prefix_t prefix = {
217 .fp_proto = FIB_PROTOCOL_IP4,
219 .ip4.as_u32 = addr->as_u32,
222 u32 fib_index = ip4_fib_table_get_index_for_sw_if_index(sw_if_index);
225 fib_table_entry_update_one_path(fib_index,
227 FIB_SOURCE_PLUGIN_HI,
228 (FIB_ENTRY_FLAG_CONNECTED |
229 FIB_ENTRY_FLAG_LOCAL |
230 FIB_ENTRY_FLAG_EXCLUSIVE),
237 FIB_ROUTE_PATH_FLAG_NONE);
239 fib_table_entry_delete(fib_index,
241 FIB_SOURCE_PLUGIN_HI);
244 void snat_add_address (snat_main_t *sm, ip4_address_t *addr)
249 /* Check if address already exists */
250 vec_foreach (ap, sm->addresses)
252 if (ap->addr.as_u32 == addr->as_u32)
256 vec_add2 (sm->addresses, ap, 1);
258 #define _(N, i, n, s) \
259 clib_bitmap_alloc (ap->busy_##n##_port_bitmap, 65535);
260 foreach_snat_protocol
263 /* Add external address to FIB */
264 pool_foreach (i, sm->interfaces,
269 snat_add_del_addr_to_fib(addr, i->sw_if_index, 1);
274 static int is_snat_address_used_in_static_mapping (snat_main_t *sm,
277 snat_static_mapping_t *m;
278 pool_foreach (m, sm->static_mappings,
280 if (m->external_addr.as_u32 == addr.as_u32)
287 static void increment_v4_address (ip4_address_t * a)
291 v = clib_net_to_host_u32(a->as_u32) + 1;
292 a->as_u32 = clib_host_to_net_u32(v);
296 snat_add_static_mapping_when_resolved (snat_main_t * sm,
297 ip4_address_t l_addr,
302 snat_protocol_t proto,
306 snat_static_map_resolve_t *rp;
308 vec_add2 (sm->to_resolve, rp, 1);
309 rp->l_addr.as_u32 = l_addr.as_u32;
311 rp->sw_if_index = sw_if_index;
315 rp->addr_only = addr_only;
320 * @brief Add static mapping.
322 * Create static mapping between local addr+port and external addr+port.
324 * @param l_addr Local IPv4 address.
325 * @param e_addr External IPv4 address.
326 * @param l_port Local port number.
327 * @param e_port External port number.
328 * @param vrf_id VRF ID.
329 * @param addr_only If 0 address port and pair mapping, otherwise address only.
330 * @param sw_if_index External port instead of specific IP address.
331 * @param is_add If 0 delete static mapping, otherwise add.
335 int snat_add_static_mapping(ip4_address_t l_addr, ip4_address_t e_addr,
336 u16 l_port, u16 e_port, u32 vrf_id, int addr_only,
337 u32 sw_if_index, snat_protocol_t proto, int is_add)
339 snat_main_t * sm = &snat_main;
340 snat_static_mapping_t *m;
341 snat_session_key_t m_key;
342 clib_bihash_kv_8_8_t kv, value;
343 snat_address_t *a = 0;
346 snat_interface_t *interface;
349 /* If the external address is a specific interface address */
350 if (sw_if_index != ~0)
352 ip4_address_t * first_int_addr;
354 /* Might be already set... */
355 first_int_addr = ip4_interface_first_address
356 (sm->ip4_main, sw_if_index, 0 /* just want the address*/);
358 /* DHCP resolution required? */
359 if (first_int_addr == 0)
361 snat_add_static_mapping_when_resolved
362 (sm, l_addr, l_port, sw_if_index, e_port, vrf_id, proto,
367 e_addr.as_u32 = first_int_addr->as_u32;
371 m_key.port = addr_only ? 0 : e_port;
372 m_key.protocol = addr_only ? 0 : proto;
373 m_key.fib_index = sm->outside_fib_index;
374 kv.key = m_key.as_u64;
375 if (clib_bihash_search_8_8 (&sm->static_mapping_by_external, &kv, &value))
378 m = pool_elt_at_index (sm->static_mappings, value.value);
383 return VNET_API_ERROR_VALUE_EXIST;
385 /* Convert VRF id to FIB index */
388 p = hash_get (sm->ip4_main->fib_index_by_table_id, vrf_id);
390 return VNET_API_ERROR_NO_SUCH_FIB;
393 /* If not specified use inside VRF id from SNAT plugin startup config */
396 fib_index = sm->inside_fib_index;
397 vrf_id = sm->inside_vrf_id;
400 /* Find external address in allocated addresses and reserve port for
401 address and port pair mapping when dynamic translations enabled */
402 if (!addr_only && !(sm->static_mapping_only))
404 for (i = 0; i < vec_len (sm->addresses); i++)
406 if (sm->addresses[i].addr.as_u32 == e_addr.as_u32)
408 a = sm->addresses + i;
409 /* External port must be unused */
412 #define _(N, j, n, s) \
413 case SNAT_PROTOCOL_##N: \
414 if (clib_bitmap_get_no_check (a->busy_##n##_port_bitmap, e_port)) \
415 return VNET_API_ERROR_INVALID_VALUE; \
416 clib_bitmap_set_no_check (a->busy_##n##_port_bitmap, e_port, 1); \
418 a->busy_##n##_ports++; \
420 foreach_snat_protocol
423 clib_warning("unknown_protocol");
424 return VNET_API_ERROR_INVALID_VALUE_2;
429 /* External address must be allocated */
431 return VNET_API_ERROR_NO_SUCH_ENTRY;
434 pool_get (sm->static_mappings, m);
435 memset (m, 0, sizeof (*m));
436 m->local_addr = l_addr;
437 m->external_addr = e_addr;
438 m->addr_only = addr_only;
440 m->fib_index = fib_index;
443 m->local_port = l_port;
444 m->external_port = e_port;
448 m_key.addr = m->local_addr;
449 m_key.port = m->local_port;
450 m_key.protocol = m->proto;
451 m_key.fib_index = m->fib_index;
452 kv.key = m_key.as_u64;
453 kv.value = m - sm->static_mappings;
454 clib_bihash_add_del_8_8(&sm->static_mapping_by_local, &kv, 1);
456 m_key.addr = m->external_addr;
457 m_key.port = m->external_port;
458 m_key.fib_index = sm->outside_fib_index;
459 kv.key = m_key.as_u64;
460 kv.value = m - sm->static_mappings;
461 clib_bihash_add_del_8_8(&sm->static_mapping_by_external, &kv, 1);
466 snat_user_key_t w_key0;
467 snat_worker_key_t w_key1;
469 w_key0.addr = m->local_addr;
470 w_key0.fib_index = m->fib_index;
471 kv.key = w_key0.as_u64;
473 if (clib_bihash_search_8_8 (&sm->worker_by_in, &kv, &value))
475 kv.value = sm->first_worker_index +
476 sm->workers[sm->next_worker++ % vec_len (sm->workers)];
478 clib_bihash_add_del_8_8 (&sm->worker_by_in, &kv, 1);
482 kv.value = value.value;
485 w_key1.addr = m->external_addr;
486 w_key1.port = clib_host_to_net_u16 (m->external_port);
487 w_key1.fib_index = sm->outside_fib_index;
488 kv.key = w_key1.as_u64;
489 clib_bihash_add_del_8_8 (&sm->worker_by_out, &kv, 1);
495 return VNET_API_ERROR_NO_SUCH_ENTRY;
497 /* Free external address port */
498 if (!addr_only && !(sm->static_mapping_only))
500 for (i = 0; i < vec_len (sm->addresses); i++)
502 if (sm->addresses[i].addr.as_u32 == e_addr.as_u32)
504 a = sm->addresses + i;
507 #define _(N, j, n, s) \
508 case SNAT_PROTOCOL_##N: \
509 clib_bitmap_set_no_check (a->busy_##n##_port_bitmap, e_port, 0); \
511 a->busy_##n##_ports--; \
513 foreach_snat_protocol
516 clib_warning("unknown_protocol");
517 return VNET_API_ERROR_INVALID_VALUE_2;
524 m_key.addr = m->local_addr;
525 m_key.port = m->local_port;
526 m_key.protocol = m->proto;
527 m_key.fib_index = m->fib_index;
528 kv.key = m_key.as_u64;
529 clib_bihash_add_del_8_8(&sm->static_mapping_by_local, &kv, 0);
531 m_key.addr = m->external_addr;
532 m_key.port = m->external_port;
533 m_key.fib_index = sm->outside_fib_index;
534 kv.key = m_key.as_u64;
535 clib_bihash_add_del_8_8(&sm->static_mapping_by_external, &kv, 0);
537 /* Delete session(s) for static mapping if exist */
538 if (!(sm->static_mapping_only) ||
539 (sm->static_mapping_only && sm->static_mapping_connection_tracking))
541 snat_user_key_t u_key;
543 dlist_elt_t * head, * elt;
544 u32 elt_index, head_index, del_elt_index;
548 snat_main_per_thread_data_t *tsm;
550 u_key.addr = m->local_addr;
551 u_key.fib_index = m->fib_index;
552 kv.key = u_key.as_u64;
553 if (!clib_bihash_search_8_8 (&sm->user_hash, &kv, &value))
555 user_index = value.value;
556 if (!clib_bihash_search_8_8 (&sm->worker_by_in, &kv, &value))
557 tsm = vec_elt_at_index (sm->per_thread_data, value.value);
559 tsm = vec_elt_at_index (sm->per_thread_data, sm->num_workers);
560 u = pool_elt_at_index (tsm->users, user_index);
561 if (u->nstaticsessions)
563 head_index = u->sessions_per_user_list_head_index;
564 head = pool_elt_at_index (tsm->list_pool, head_index);
565 elt_index = head->next;
566 elt = pool_elt_at_index (tsm->list_pool, elt_index);
567 ses_index = elt->value;
568 while (ses_index != ~0)
570 s = pool_elt_at_index (tsm->sessions, ses_index);
571 del_elt_index = elt_index;
572 elt_index = elt->next;
573 elt = pool_elt_at_index (tsm->list_pool, elt_index);
574 ses_index = elt->value;
578 if ((s->out2in.addr.as_u32 != e_addr.as_u32) &&
579 (clib_net_to_host_u16 (s->out2in.port) != e_port))
584 snat_ipfix_logging_nat44_ses_delete(s->in2out.addr.as_u32,
585 s->out2in.addr.as_u32,
589 s->in2out.fib_index);
591 value.key = s->in2out.as_u64;
592 clib_bihash_add_del_8_8 (&sm->in2out, &value, 0);
593 value.key = s->out2in.as_u64;
594 clib_bihash_add_del_8_8 (&sm->out2in, &value, 0);
595 pool_put (tsm->sessions, s);
597 clib_dlist_remove (tsm->list_pool, del_elt_index);
598 pool_put_index (tsm->list_pool, del_elt_index);
599 u->nstaticsessions--;
606 pool_put (tsm->users, u);
607 clib_bihash_add_del_8_8 (&sm->user_hash, &kv, 0);
613 /* Delete static mapping from pool */
614 pool_put (sm->static_mappings, m);
620 /* Add/delete external address to FIB */
621 pool_foreach (interface, sm->interfaces,
623 if (interface->is_inside)
626 snat_add_del_addr_to_fib(&e_addr, interface->sw_if_index, is_add);
633 int snat_del_address (snat_main_t *sm, ip4_address_t addr, u8 delete_sm)
635 snat_address_t *a = 0;
637 u32 *ses_to_be_removed = 0, *ses_index;
638 clib_bihash_kv_8_8_t kv, value;
639 snat_user_key_t user_key;
641 snat_main_per_thread_data_t *tsm;
642 snat_static_mapping_t *m;
643 snat_interface_t *interface;
646 /* Find SNAT address */
647 for (i=0; i < vec_len (sm->addresses); i++)
649 if (sm->addresses[i].addr.as_u32 == addr.as_u32)
651 a = sm->addresses + i;
656 return VNET_API_ERROR_NO_SUCH_ENTRY;
660 pool_foreach (m, sm->static_mappings,
662 if (m->external_addr.as_u32 == addr.as_u32)
663 (void) snat_add_static_mapping (m->local_addr, m->external_addr,
664 m->local_port, m->external_port,
665 m->vrf_id, m->addr_only, ~0,
671 /* Check if address is used in some static mapping */
672 if (is_snat_address_used_in_static_mapping(sm, addr))
674 clib_warning ("address used in static mapping");
675 return VNET_API_ERROR_UNSPECIFIED;
679 /* Delete sessions using address */
680 if (a->busy_tcp_ports || a->busy_udp_ports || a->busy_icmp_ports)
682 vec_foreach (tsm, sm->per_thread_data)
684 pool_foreach (ses, tsm->sessions, ({
685 if (ses->out2in.addr.as_u32 == addr.as_u32)
688 snat_ipfix_logging_nat44_ses_delete(ses->in2out.addr.as_u32,
689 ses->out2in.addr.as_u32,
690 ses->in2out.protocol,
693 ses->in2out.fib_index);
694 vec_add1 (ses_to_be_removed, ses - tsm->sessions);
695 kv.key = ses->in2out.as_u64;
696 clib_bihash_add_del_8_8 (&sm->in2out, &kv, 0);
697 kv.key = ses->out2in.as_u64;
698 clib_bihash_add_del_8_8 (&sm->out2in, &kv, 0);
699 clib_dlist_remove (tsm->list_pool, ses->per_user_index);
700 user_key.addr = ses->in2out.addr;
701 user_key.fib_index = ses->in2out.fib_index;
702 kv.key = user_key.as_u64;
703 if (!clib_bihash_search_8_8 (&sm->user_hash, &kv, &value))
705 u = pool_elt_at_index (tsm->users, value.value);
711 vec_foreach (ses_index, ses_to_be_removed)
712 pool_put_index (tsm->sessions, ses_index[0]);
714 vec_free (ses_to_be_removed);
718 vec_del1 (sm->addresses, i);
720 /* Delete external address from FIB */
721 pool_foreach (interface, sm->interfaces,
723 if (interface->is_inside)
726 snat_add_del_addr_to_fib(&addr, interface->sw_if_index, 0);
733 static int snat_interface_add_del (u32 sw_if_index, u8 is_inside, int is_del)
735 snat_main_t *sm = &snat_main;
737 const char * feature_name;
739 snat_static_mapping_t * m;
741 if (sm->static_mapping_only && !(sm->static_mapping_connection_tracking))
742 feature_name = is_inside ? "snat-in2out-fast" : "snat-out2in-fast";
745 if (sm->num_workers > 1)
746 feature_name = is_inside ? "snat-in2out-worker-handoff" : "snat-out2in-worker-handoff";
748 feature_name = is_inside ? "snat-in2out" : "snat-out2in";
751 vnet_feature_enable_disable ("ip4-unicast", feature_name, sw_if_index,
754 if (sm->fq_in2out_index == ~0)
755 sm->fq_in2out_index = vlib_frame_queue_main_init (snat_in2out_node.index, 0);
757 if (sm->fq_out2in_index == ~0)
758 sm->fq_out2in_index = vlib_frame_queue_main_init (snat_out2in_node.index, 0);
760 pool_foreach (i, sm->interfaces,
762 if (i->sw_if_index == sw_if_index)
765 pool_put (sm->interfaces, i);
767 return VNET_API_ERROR_VALUE_EXIST;
774 return VNET_API_ERROR_NO_SUCH_ENTRY;
776 pool_get (sm->interfaces, i);
777 i->sw_if_index = sw_if_index;
778 i->is_inside = is_inside;
780 /* Add/delete external addresses to FIB */
785 vec_foreach (ap, sm->addresses)
786 snat_add_del_addr_to_fib(&ap->addr, sw_if_index, !is_del);
788 pool_foreach (m, sm->static_mappings,
793 snat_add_del_addr_to_fib(&m->external_addr, sw_if_index, !is_del);
799 static int snat_set_workers (uword * bitmap)
801 snat_main_t *sm = &snat_main;
804 if (sm->num_workers < 2)
805 return VNET_API_ERROR_FEATURE_DISABLED;
807 if (clib_bitmap_last_set (bitmap) >= sm->num_workers)
808 return VNET_API_ERROR_INVALID_WORKER;
810 vec_free (sm->workers);
811 clib_bitmap_foreach (i, bitmap,
813 vec_add1(sm->workers, i);
820 vl_api_snat_add_address_range_t_handler
821 (vl_api_snat_add_address_range_t * mp)
823 snat_main_t * sm = &snat_main;
824 vl_api_snat_add_address_range_reply_t * rmp;
825 ip4_address_t this_addr;
826 u32 start_host_order, end_host_order;
833 rv = VNET_API_ERROR_UNIMPLEMENTED;
837 if (sm->static_mapping_only)
839 rv = VNET_API_ERROR_FEATURE_DISABLED;
843 tmp = (u32 *) mp->first_ip_address;
844 start_host_order = clib_host_to_net_u32 (tmp[0]);
845 tmp = (u32 *) mp->last_ip_address;
846 end_host_order = clib_host_to_net_u32 (tmp[0]);
848 count = (end_host_order - start_host_order) + 1;
851 clib_warning ("%U - %U, %d addresses...",
852 format_ip4_address, mp->first_ip_address,
853 format_ip4_address, mp->last_ip_address,
856 memcpy (&this_addr.as_u8, mp->first_ip_address, 4);
858 for (i = 0; i < count; i++)
861 snat_add_address (sm, &this_addr);
863 rv = snat_del_address (sm, this_addr, 0);
868 increment_v4_address (&this_addr);
872 REPLY_MACRO (VL_API_SNAT_ADD_ADDRESS_RANGE_REPLY);
875 static void *vl_api_snat_add_address_range_t_print
876 (vl_api_snat_add_address_range_t *mp, void * handle)
880 s = format (0, "SCRIPT: snat_add_address_range ");
881 s = format (s, "%U ", format_ip4_address, mp->first_ip_address);
882 if (memcmp (mp->first_ip_address, mp->last_ip_address, 4))
884 s = format (s, " - %U ", format_ip4_address, mp->last_ip_address);
890 send_snat_address_details
891 (snat_address_t * a, unix_shared_memory_queue_t * q, u32 context)
893 vl_api_snat_address_details_t *rmp;
894 snat_main_t * sm = &snat_main;
896 rmp = vl_msg_api_alloc (sizeof (*rmp));
897 memset (rmp, 0, sizeof (*rmp));
898 rmp->_vl_msg_id = ntohs (VL_API_SNAT_ADDRESS_DETAILS+sm->msg_id_base);
900 clib_memcpy (rmp->ip_address, &(a->addr), 4);
901 rmp->context = context;
903 vl_msg_api_send_shmem (q, (u8 *) & rmp);
907 vl_api_snat_address_dump_t_handler
908 (vl_api_snat_address_dump_t * mp)
910 unix_shared_memory_queue_t *q;
911 snat_main_t * sm = &snat_main;
914 q = vl_api_client_index_to_input_queue (mp->client_index);
918 vec_foreach (a, sm->addresses)
919 send_snat_address_details (a, q, mp->context);
922 static void *vl_api_snat_address_dump_t_print
923 (vl_api_snat_address_dump_t *mp, void * handle)
927 s = format (0, "SCRIPT: snat_address_dump ");
933 vl_api_snat_interface_add_del_feature_t_handler
934 (vl_api_snat_interface_add_del_feature_t * mp)
936 snat_main_t * sm = &snat_main;
937 vl_api_snat_interface_add_del_feature_reply_t * rmp;
938 u8 is_del = mp->is_add == 0;
939 u32 sw_if_index = ntohl(mp->sw_if_index);
942 VALIDATE_SW_IF_INDEX(mp);
944 rv = snat_interface_add_del (sw_if_index, mp->is_inside, is_del);
946 BAD_SW_IF_INDEX_LABEL;
948 REPLY_MACRO(VL_API_SNAT_INTERFACE_ADD_DEL_FEATURE_REPLY);
951 static void *vl_api_snat_interface_add_del_feature_t_print
952 (vl_api_snat_interface_add_del_feature_t * mp, void *handle)
956 s = format (0, "SCRIPT: snat_interface_add_del_feature ");
957 s = format (s, "sw_if_index %d %s %s",
958 clib_host_to_net_u32(mp->sw_if_index),
959 mp->is_inside ? "in":"out",
960 mp->is_add ? "" : "del");
966 send_snat_interface_details
967 (snat_interface_t * i, unix_shared_memory_queue_t * q, u32 context)
969 vl_api_snat_interface_details_t *rmp;
970 snat_main_t * sm = &snat_main;
972 rmp = vl_msg_api_alloc (sizeof (*rmp));
973 memset (rmp, 0, sizeof (*rmp));
974 rmp->_vl_msg_id = ntohs (VL_API_SNAT_INTERFACE_DETAILS+sm->msg_id_base);
975 rmp->sw_if_index = ntohl (i->sw_if_index);
976 rmp->is_inside = i->is_inside;
977 rmp->context = context;
979 vl_msg_api_send_shmem (q, (u8 *) & rmp);
983 vl_api_snat_interface_dump_t_handler
984 (vl_api_snat_interface_dump_t * mp)
986 unix_shared_memory_queue_t *q;
987 snat_main_t * sm = &snat_main;
988 snat_interface_t * i;
990 q = vl_api_client_index_to_input_queue (mp->client_index);
994 pool_foreach (i, sm->interfaces,
996 send_snat_interface_details(i, q, mp->context);
1000 static void *vl_api_snat_interface_dump_t_print
1001 (vl_api_snat_interface_dump_t *mp, void * handle)
1005 s = format (0, "SCRIPT: snat_interface_dump ");
1010 vl_api_snat_add_static_mapping_t_handler
1011 (vl_api_snat_add_static_mapping_t * mp)
1013 snat_main_t * sm = &snat_main;
1014 vl_api_snat_add_static_mapping_reply_t * rmp;
1015 ip4_address_t local_addr, external_addr;
1016 u16 local_port = 0, external_port = 0;
1017 u32 vrf_id, external_sw_if_index;
1019 snat_protocol_t proto;
1021 if (mp->is_ip4 != 1)
1023 rv = VNET_API_ERROR_UNIMPLEMENTED;
1027 memcpy (&local_addr.as_u8, mp->local_ip_address, 4);
1028 memcpy (&external_addr.as_u8, mp->external_ip_address, 4);
1029 if (mp->addr_only == 0)
1031 local_port = clib_net_to_host_u16 (mp->local_port);
1032 external_port = clib_net_to_host_u16 (mp->external_port);
1034 vrf_id = clib_net_to_host_u32 (mp->vrf_id);
1035 external_sw_if_index = clib_net_to_host_u32 (mp->external_sw_if_index);
1036 proto = ip_proto_to_snat_proto (mp->protocol);
1038 rv = snat_add_static_mapping(local_addr, external_addr, local_port,
1039 external_port, vrf_id, mp->addr_only,
1040 external_sw_if_index, proto, mp->is_add);
1043 REPLY_MACRO (VL_API_SNAT_ADD_ADDRESS_RANGE_REPLY);
1046 static void *vl_api_snat_add_static_mapping_t_print
1047 (vl_api_snat_add_static_mapping_t *mp, void * handle)
1051 s = format (0, "SCRIPT: snat_add_static_mapping ");
1052 s = format (s, "protocol %d local_addr %U external_addr %U ",
1054 format_ip4_address, mp->local_ip_address,
1055 format_ip4_address, mp->external_ip_address);
1057 if (mp->addr_only == 0)
1058 s = format (s, "local_port %d external_port %d ",
1059 clib_net_to_host_u16 (mp->local_port),
1060 clib_net_to_host_u16 (mp->external_port));
1062 if (mp->vrf_id != ~0)
1063 s = format (s, "vrf %d", clib_net_to_host_u32 (mp->vrf_id));
1065 if (mp->external_sw_if_index != ~0)
1066 s = format (s, "external_sw_if_index %d",
1067 clib_net_to_host_u32 (mp->external_sw_if_index));
1072 send_snat_static_mapping_details
1073 (snat_static_mapping_t * m, unix_shared_memory_queue_t * q, u32 context)
1075 vl_api_snat_static_mapping_details_t *rmp;
1076 snat_main_t * sm = &snat_main;
1078 rmp = vl_msg_api_alloc (sizeof (*rmp));
1079 memset (rmp, 0, sizeof (*rmp));
1080 rmp->_vl_msg_id = ntohs (VL_API_SNAT_STATIC_MAPPING_DETAILS+sm->msg_id_base);
1082 rmp->addr_only = m->addr_only;
1083 clib_memcpy (rmp->local_ip_address, &(m->local_addr), 4);
1084 clib_memcpy (rmp->external_ip_address, &(m->external_addr), 4);
1085 rmp->local_port = htons (m->local_port);
1086 rmp->external_port = htons (m->external_port);
1087 rmp->external_sw_if_index = ~0;
1088 rmp->vrf_id = htonl (m->vrf_id);
1089 rmp->protocol = snat_proto_to_ip_proto (m->proto);
1090 rmp->context = context;
1092 vl_msg_api_send_shmem (q, (u8 *) & rmp);
1096 send_snat_static_map_resolve_details
1097 (snat_static_map_resolve_t * m, unix_shared_memory_queue_t * q, u32 context)
1099 vl_api_snat_static_mapping_details_t *rmp;
1100 snat_main_t * sm = &snat_main;
1102 rmp = vl_msg_api_alloc (sizeof (*rmp));
1103 memset (rmp, 0, sizeof (*rmp));
1104 rmp->_vl_msg_id = ntohs (VL_API_SNAT_STATIC_MAPPING_DETAILS+sm->msg_id_base);
1106 rmp->addr_only = m->addr_only;
1107 clib_memcpy (rmp->local_ip_address, &(m->l_addr), 4);
1108 rmp->local_port = htons (m->l_port);
1109 rmp->external_port = htons (m->e_port);
1110 rmp->external_sw_if_index = htonl (m->sw_if_index);
1111 rmp->vrf_id = htonl (m->vrf_id);
1112 rmp->protocol = snat_proto_to_ip_proto (m->proto);
1113 rmp->context = context;
1115 vl_msg_api_send_shmem (q, (u8 *) & rmp);
1119 vl_api_snat_static_mapping_dump_t_handler
1120 (vl_api_snat_static_mapping_dump_t * mp)
1122 unix_shared_memory_queue_t *q;
1123 snat_main_t * sm = &snat_main;
1124 snat_static_mapping_t * m;
1125 snat_static_map_resolve_t *rp;
1128 q = vl_api_client_index_to_input_queue (mp->client_index);
1132 pool_foreach (m, sm->static_mappings,
1134 send_snat_static_mapping_details (m, q, mp->context);
1137 for (j = 0; j < vec_len (sm->to_resolve); j++)
1139 rp = sm->to_resolve + j;
1140 send_snat_static_map_resolve_details (rp, q, mp->context);
1144 static void *vl_api_snat_static_mapping_dump_t_print
1145 (vl_api_snat_static_mapping_dump_t *mp, void * handle)
1149 s = format (0, "SCRIPT: snat_static_mapping_dump ");
1155 vl_api_snat_control_ping_t_handler
1156 (vl_api_snat_control_ping_t * mp)
1158 vl_api_snat_control_ping_reply_t *rmp;
1159 snat_main_t * sm = &snat_main;
1162 REPLY_MACRO2(VL_API_SNAT_CONTROL_PING_REPLY,
1164 rmp->vpe_pid = ntohl (getpid());
1168 static void *vl_api_snat_control_ping_t_print
1169 (vl_api_snat_control_ping_t *mp, void * handle)
1173 s = format (0, "SCRIPT: snat_control_ping ");
1179 vl_api_snat_show_config_t_handler
1180 (vl_api_snat_show_config_t * mp)
1182 vl_api_snat_show_config_reply_t *rmp;
1183 snat_main_t * sm = &snat_main;
1186 REPLY_MACRO2(VL_API_SNAT_SHOW_CONFIG_REPLY,
1188 rmp->translation_buckets = htonl (sm->translation_buckets);
1189 rmp->translation_memory_size = htonl (sm->translation_memory_size);
1190 rmp->user_buckets = htonl (sm->user_buckets);
1191 rmp->user_memory_size = htonl (sm->user_memory_size);
1192 rmp->max_translations_per_user = htonl (sm->max_translations_per_user);
1193 rmp->outside_vrf_id = htonl (sm->outside_vrf_id);
1194 rmp->inside_vrf_id = htonl (sm->inside_vrf_id);
1195 rmp->static_mapping_only = sm->static_mapping_only;
1196 rmp->static_mapping_connection_tracking =
1197 sm->static_mapping_connection_tracking;
1201 static void *vl_api_snat_show_config_t_print
1202 (vl_api_snat_show_config_t *mp, void * handle)
1206 s = format (0, "SCRIPT: snat_show_config ");
1212 vl_api_snat_set_workers_t_handler
1213 (vl_api_snat_set_workers_t * mp)
1215 snat_main_t * sm = &snat_main;
1216 vl_api_snat_set_workers_reply_t * rmp;
1219 u64 mask = clib_net_to_host_u64 (mp->worker_mask);
1221 if (sm->num_workers < 2)
1223 rv = VNET_API_ERROR_FEATURE_DISABLED;
1227 bitmap = clib_bitmap_set_multiple (bitmap, 0, mask, BITS (mask));
1228 rv = snat_set_workers(bitmap);
1229 clib_bitmap_free (bitmap);
1232 REPLY_MACRO (VL_API_SNAT_SET_WORKERS_REPLY);
1235 static void *vl_api_snat_set_workers_t_print
1236 (vl_api_snat_set_workers_t *mp, void * handle)
1242 u64 mask = clib_net_to_host_u64 (mp->worker_mask);
1244 s = format (0, "SCRIPT: snat_set_workers ");
1245 bitmap = clib_bitmap_set_multiple (bitmap, 0, mask, BITS (mask));
1246 clib_bitmap_foreach (i, bitmap,
1249 s = format (s, "%d", i);
1251 s = format (s, ",%d", i);
1254 clib_bitmap_free (bitmap);
1259 send_snat_worker_details
1260 (u32 worker_index, unix_shared_memory_queue_t * q, u32 context)
1262 vl_api_snat_worker_details_t *rmp;
1263 snat_main_t * sm = &snat_main;
1264 vlib_worker_thread_t *w =
1265 vlib_worker_threads + worker_index + sm->first_worker_index;
1267 rmp = vl_msg_api_alloc (sizeof (*rmp));
1268 memset (rmp, 0, sizeof (*rmp));
1269 rmp->_vl_msg_id = ntohs (VL_API_SNAT_WORKER_DETAILS+sm->msg_id_base);
1270 rmp->context = context;
1271 rmp->worker_index = htonl (worker_index);
1272 rmp->lcore_id = htonl (w->lcore_id);
1273 strncpy ((char *) rmp->name, (char *) w->name, ARRAY_LEN (rmp->name) - 1);
1275 vl_msg_api_send_shmem (q, (u8 *) & rmp);
1279 vl_api_snat_worker_dump_t_handler
1280 (vl_api_snat_worker_dump_t * mp)
1282 unix_shared_memory_queue_t *q;
1283 snat_main_t * sm = &snat_main;
1286 q = vl_api_client_index_to_input_queue (mp->client_index);
1290 vec_foreach (worker_index, sm->workers)
1292 send_snat_worker_details(*worker_index, q, mp->context);
1296 static void *vl_api_snat_worker_dump_t_print
1297 (vl_api_snat_worker_dump_t *mp, void * handle)
1301 s = format (0, "SCRIPT: snat_worker_dump ");
1306 static int snat_add_interface_address(snat_main_t *sm,
1311 vl_api_snat_add_del_interface_addr_t_handler
1312 (vl_api_snat_add_del_interface_addr_t * mp)
1314 snat_main_t * sm = &snat_main;
1315 vl_api_snat_add_del_interface_addr_reply_t * rmp;
1316 u8 is_del = mp->is_add == 0;
1317 u32 sw_if_index = ntohl(mp->sw_if_index);
1320 VALIDATE_SW_IF_INDEX(mp);
1322 rv = snat_add_interface_address (sm, sw_if_index, is_del);
1324 BAD_SW_IF_INDEX_LABEL;
1326 REPLY_MACRO(VL_API_SNAT_ADD_DEL_INTERFACE_ADDR_REPLY);
1329 static void *vl_api_snat_add_del_interface_addr_t_print
1330 (vl_api_snat_add_del_interface_addr_t * mp, void *handle)
1334 s = format (0, "SCRIPT: snat_add_del_interface_addr ");
1335 s = format (s, "sw_if_index %d %s",
1336 clib_host_to_net_u32(mp->sw_if_index),
1337 mp->is_add ? "" : "del");
1343 send_snat_interface_addr_details
1344 (u32 sw_if_index, unix_shared_memory_queue_t * q, u32 context)
1346 vl_api_snat_interface_addr_details_t *rmp;
1347 snat_main_t * sm = &snat_main;
1349 rmp = vl_msg_api_alloc (sizeof (*rmp));
1350 memset (rmp, 0, sizeof (*rmp));
1351 rmp->_vl_msg_id = ntohs (VL_API_SNAT_INTERFACE_ADDR_DETAILS+sm->msg_id_base);
1352 rmp->sw_if_index = ntohl (sw_if_index);
1353 rmp->context = context;
1355 vl_msg_api_send_shmem (q, (u8 *) & rmp);
1359 vl_api_snat_interface_addr_dump_t_handler
1360 (vl_api_snat_interface_addr_dump_t * mp)
1362 unix_shared_memory_queue_t *q;
1363 snat_main_t * sm = &snat_main;
1366 q = vl_api_client_index_to_input_queue (mp->client_index);
1370 vec_foreach (i, sm->auto_add_sw_if_indices)
1371 send_snat_interface_addr_details(*i, q, mp->context);
1374 static void *vl_api_snat_interface_addr_dump_t_print
1375 (vl_api_snat_interface_addr_dump_t *mp, void * handle)
1379 s = format (0, "SCRIPT: snat_interface_addr_dump ");
1385 vl_api_snat_ipfix_enable_disable_t_handler
1386 (vl_api_snat_ipfix_enable_disable_t * mp)
1388 snat_main_t * sm = &snat_main;
1389 vl_api_snat_ipfix_enable_disable_reply_t * rmp;
1392 rv = snat_ipfix_logging_enable_disable(mp->enable,
1393 clib_host_to_net_u32 (mp->domain_id),
1394 clib_host_to_net_u16 (mp->src_port));
1396 REPLY_MACRO (VL_API_SNAT_IPFIX_ENABLE_DISABLE_REPLY);
1399 static void *vl_api_snat_ipfix_enable_disable_t_print
1400 (vl_api_snat_ipfix_enable_disable_t *mp, void * handle)
1404 s = format (0, "SCRIPT: snat_ipfix_enable_disable ");
1406 s = format (s, "domain %d ", clib_net_to_host_u32 (mp->domain_id));
1408 s = format (s, "src_port %d ", clib_net_to_host_u16 (mp->src_port));
1410 s = format (s, "disable ");
1416 send_snat_user_details
1417 (snat_user_t * u, unix_shared_memory_queue_t * q, u32 context)
1419 vl_api_snat_user_details_t * rmp;
1420 snat_main_t * sm = &snat_main;
1421 ip4_fib_t * fib_table;
1423 rmp = vl_msg_api_alloc (sizeof (*rmp));
1424 memset (rmp, 0, sizeof (*rmp));
1425 rmp->_vl_msg_id = ntohs (VL_API_SNAT_USER_DETAILS+sm->msg_id_base);
1427 fib_table = ip4_fib_get(u->fib_index);
1428 rmp->vrf_id = ntohl (fib_table->table_id);
1431 clib_memcpy(rmp->ip_address, &(u->addr), 4);
1432 rmp->nsessions = ntohl (u->nsessions);
1433 rmp->nstaticsessions = ntohl (u->nstaticsessions);
1434 rmp->context = context;
1436 vl_msg_api_send_shmem (q, (u8 *) & rmp);
1440 vl_api_snat_user_dump_t_handler
1441 (vl_api_snat_user_dump_t * mp)
1443 unix_shared_memory_queue_t *q;
1444 snat_main_t * sm = &snat_main;
1445 snat_main_per_thread_data_t * tsm;
1448 q = vl_api_client_index_to_input_queue (mp->client_index);
1452 vec_foreach (tsm, sm->per_thread_data)
1453 vec_foreach (u, tsm->users)
1454 send_snat_user_details (u, q, mp->context);
1457 static void *vl_api_snat_user_dump_t_print
1458 (vl_api_snat_user_dump_t *mp, void * handle)
1462 s = format (0, "SCRIPT: snat_user_dump ");
1468 send_snat_user_session_details
1469 (snat_session_t * s, unix_shared_memory_queue_t * q, u32 context)
1471 vl_api_snat_user_session_details_t * rmp;
1472 snat_main_t * sm = &snat_main;
1474 rmp = vl_msg_api_alloc (sizeof(*rmp));
1475 memset (rmp, 0, sizeof (*rmp));
1476 rmp->_vl_msg_id = ntohs (VL_API_SNAT_USER_SESSION_DETAILS+sm->msg_id_base);
1478 clib_memcpy(rmp->outside_ip_address, (&s->out2in.addr), 4);
1479 rmp->outside_port = s->out2in.port;
1480 clib_memcpy(rmp->inside_ip_address, (&s->in2out.addr), 4);
1481 rmp->inside_port = s->in2out.port;
1482 rmp->protocol = ntohs(snat_proto_to_ip_proto(s->in2out.protocol));
1483 rmp->is_static = s->flags & SNAT_SESSION_FLAG_STATIC_MAPPING ? 1 : 0;
1484 rmp->last_heard = clib_host_to_net_u64((u64)s->last_heard);
1485 rmp->total_bytes = clib_host_to_net_u64(s->total_bytes);
1486 rmp->total_pkts = ntohl(s->total_pkts);
1487 rmp->context = context;
1489 vl_msg_api_send_shmem (q, (u8 *) & rmp);
1493 vl_api_snat_user_session_dump_t_handler
1494 (vl_api_snat_user_session_dump_t * mp)
1496 unix_shared_memory_queue_t *q;
1497 snat_main_t * sm = &snat_main;
1498 snat_main_per_thread_data_t *tsm;
1500 clib_bihash_kv_8_8_t key, value;
1501 snat_user_key_t ukey;
1503 u32 session_index, head_index, elt_index;
1504 dlist_elt_t * head, * elt;
1506 q = vl_api_client_index_to_input_queue (mp->client_index);
1510 clib_memcpy (&ukey.addr, mp->ip_address, 4);
1511 ukey.fib_index = ip4_fib_index_from_table_id (ntohl(mp->vrf_id));
1512 key.key = ukey.as_u64;
1513 if (!clib_bihash_search_8_8 (&sm->worker_by_in, &key, &value))
1514 tsm = vec_elt_at_index (sm->per_thread_data, value.value);
1516 tsm = vec_elt_at_index (sm->per_thread_data, sm->num_workers);
1517 if (clib_bihash_search_8_8 (&sm->user_hash, &key, &value))
1519 u = pool_elt_at_index (tsm->users, value.value);
1520 if (!u->nsessions && !u->nstaticsessions)
1523 head_index = u->sessions_per_user_list_head_index;
1524 head = pool_elt_at_index (tsm->list_pool, head_index);
1525 elt_index = head->next;
1526 elt = pool_elt_at_index (tsm->list_pool, elt_index);
1527 session_index = elt->value;
1528 while (session_index != ~0)
1530 s = pool_elt_at_index (tsm->sessions, session_index);
1532 send_snat_user_session_details (s, q, mp->context);
1534 elt_index = elt->next;
1535 elt = pool_elt_at_index (tsm->list_pool, elt_index);
1536 session_index = elt->value;
1540 static void *vl_api_snat_user_session_dump_t_print
1541 (vl_api_snat_user_session_dump_t *mp, void * handle)
1545 s = format (0, "SCRIPT: snat_user_session_dump ");
1546 s = format (s, "ip_address %U vrf_id %d\n",
1547 format_ip4_address, mp->ip_address,
1548 clib_net_to_host_u32 (mp->vrf_id));
1553 /* List of message types that this plugin understands */
1554 #define foreach_snat_plugin_api_msg \
1555 _(SNAT_ADD_ADDRESS_RANGE, snat_add_address_range) \
1556 _(SNAT_INTERFACE_ADD_DEL_FEATURE, snat_interface_add_del_feature) \
1557 _(SNAT_ADD_STATIC_MAPPING, snat_add_static_mapping) \
1558 _(SNAT_CONTROL_PING, snat_control_ping) \
1559 _(SNAT_STATIC_MAPPING_DUMP, snat_static_mapping_dump) \
1560 _(SNAT_SHOW_CONFIG, snat_show_config) \
1561 _(SNAT_ADDRESS_DUMP, snat_address_dump) \
1562 _(SNAT_INTERFACE_DUMP, snat_interface_dump) \
1563 _(SNAT_SET_WORKERS, snat_set_workers) \
1564 _(SNAT_WORKER_DUMP, snat_worker_dump) \
1565 _(SNAT_ADD_DEL_INTERFACE_ADDR, snat_add_del_interface_addr) \
1566 _(SNAT_INTERFACE_ADDR_DUMP, snat_interface_addr_dump) \
1567 _(SNAT_IPFIX_ENABLE_DISABLE, snat_ipfix_enable_disable) \
1568 _(SNAT_USER_DUMP, snat_user_dump) \
1569 _(SNAT_USER_SESSION_DUMP, snat_user_session_dump)
1571 /* Set up the API message handling tables */
1572 static clib_error_t *
1573 snat_plugin_api_hookup (vlib_main_t *vm)
1575 snat_main_t * sm __attribute__ ((unused)) = &snat_main;
1577 vl_msg_api_set_handlers((VL_API_##N + sm->msg_id_base), \
1579 vl_api_##n##_t_handler, \
1581 vl_api_##n##_t_endian, \
1582 vl_api_##n##_t_print, \
1583 sizeof(vl_api_##n##_t), 1);
1584 foreach_snat_plugin_api_msg;
1590 #define vl_msg_name_crc_list
1591 #include <snat/snat_all_api_h.h>
1592 #undef vl_msg_name_crc_list
1595 setup_message_id_table (snat_main_t * sm, api_main_t * am)
1597 #define _(id,n,crc) \
1598 vl_msg_api_add_msg_name_crc (am, #n "_" #crc, id + sm->msg_id_base);
1599 foreach_vl_msg_name_crc_snat;
1603 static void plugin_custom_dump_configure (snat_main_t * sm)
1605 #define _(n,f) sm->api_main->msg_print_handlers \
1606 [VL_API_##n + sm->msg_id_base] \
1607 = (void *) vl_api_##f##_t_print;
1608 foreach_snat_plugin_api_msg;
1614 snat_ip4_add_del_interface_address_cb (ip4_main_t * im,
1617 ip4_address_t * address,
1619 u32 if_address_index,
1622 static clib_error_t * snat_init (vlib_main_t * vm)
1624 snat_main_t * sm = &snat_main;
1625 clib_error_t * error = 0;
1626 ip4_main_t * im = &ip4_main;
1627 ip_lookup_main_t * lm = &im->lookup_main;
1630 vlib_thread_registration_t *tr;
1631 vlib_thread_main_t *tm = vlib_get_thread_main ();
1634 ip4_add_del_interface_address_callback_t cb4;
1636 name = format (0, "snat_%08x%c", api_version, 0);
1638 /* Ask for a correctly-sized block of API message decode slots */
1639 sm->msg_id_base = vl_msg_api_get_msg_ids
1640 ((char *) name, VL_MSG_FIRST_AVAILABLE);
1643 sm->vnet_main = vnet_get_main();
1645 sm->ip4_lookup_main = lm;
1646 sm->api_main = &api_main;
1647 sm->first_worker_index = 0;
1648 sm->next_worker = 0;
1649 sm->num_workers = 0;
1651 sm->fq_in2out_index = ~0;
1652 sm->fq_out2in_index = ~0;
1654 p = hash_get_mem (tm->thread_registrations_by_name, "workers");
1657 tr = (vlib_thread_registration_t *) p[0];
1660 sm->num_workers = tr->count;
1661 sm->first_worker_index = tr->first_index;
1665 /* Use all available workers by default */
1666 if (sm->num_workers > 1)
1668 for (i=0; i < sm->num_workers; i++)
1669 bitmap = clib_bitmap_set (bitmap, i, 1);
1670 snat_set_workers(bitmap);
1671 clib_bitmap_free (bitmap);
1674 error = snat_plugin_api_hookup (vm);
1676 /* Add our API messages to the global name_crc hash table */
1677 setup_message_id_table (sm, &api_main);
1679 plugin_custom_dump_configure (sm);
1682 /* Set up the interface address add/del callback */
1683 cb4.function = snat_ip4_add_del_interface_address_cb;
1684 cb4.function_opaque = 0;
1686 vec_add1 (im->add_del_interface_address_callbacks, cb4);
1688 /* Init IPFIX logging */
1689 snat_ipfix_logging_init(vm);
1694 VLIB_INIT_FUNCTION (snat_init);
1696 void snat_free_outside_address_and_port (snat_main_t * sm,
1697 snat_session_key_t * k,
1701 u16 port_host_byte_order = clib_net_to_host_u16 (k->port);
1703 ASSERT (address_index < vec_len (sm->addresses));
1705 a = sm->addresses + address_index;
1707 switch (k->protocol)
1709 #define _(N, i, n, s) \
1710 case SNAT_PROTOCOL_##N: \
1711 ASSERT (clib_bitmap_get_no_check (a->busy_##n##_port_bitmap, \
1712 port_host_byte_order) == 1); \
1713 clib_bitmap_set_no_check (a->busy_##n##_port_bitmap, \
1714 port_host_byte_order, 0); \
1715 a->busy_##n##_ports--; \
1717 foreach_snat_protocol
1720 clib_warning("unknown_protocol");
1726 * @brief Match SNAT static mapping.
1728 * @param sm SNAT main.
1729 * @param match Address and port to match.
1730 * @param mapping External or local address and port of the matched mapping.
1731 * @param by_external If 0 match by local address otherwise match by external
1734 * @returns 0 if match found otherwise 1.
1736 int snat_static_mapping_match (snat_main_t * sm,
1737 snat_session_key_t match,
1738 snat_session_key_t * mapping,
1741 clib_bihash_kv_8_8_t kv, value;
1742 snat_static_mapping_t *m;
1743 snat_session_key_t m_key;
1744 clib_bihash_8_8_t *mapping_hash = &sm->static_mapping_by_local;
1747 mapping_hash = &sm->static_mapping_by_external;
1749 m_key.addr = match.addr;
1750 m_key.port = clib_net_to_host_u16 (match.port);
1751 m_key.protocol = match.protocol;
1752 m_key.fib_index = match.fib_index;
1754 kv.key = m_key.as_u64;
1756 if (clib_bihash_search_8_8 (mapping_hash, &kv, &value))
1758 /* Try address only mapping */
1761 kv.key = m_key.as_u64;
1762 if (clib_bihash_search_8_8 (mapping_hash, &kv, &value))
1766 m = pool_elt_at_index (sm->static_mappings, value.value);
1770 mapping->addr = m->local_addr;
1771 /* Address only mapping doesn't change port */
1772 mapping->port = m->addr_only ? match.port
1773 : clib_host_to_net_u16 (m->local_port);
1774 mapping->fib_index = m->fib_index;
1778 mapping->addr = m->external_addr;
1779 /* Address only mapping doesn't change port */
1780 mapping->port = m->addr_only ? match.port
1781 : clib_host_to_net_u16 (m->external_port);
1782 mapping->fib_index = sm->outside_fib_index;
1788 int snat_alloc_outside_address_and_port (snat_main_t * sm,
1789 snat_session_key_t * k,
1790 u32 * address_indexp)
1796 for (i = 0; i < vec_len (sm->addresses); i++)
1798 a = sm->addresses + i;
1799 switch (k->protocol)
1801 #define _(N, j, n, s) \
1802 case SNAT_PROTOCOL_##N: \
1803 if (a->busy_##n##_ports < (65535-1024)) \
1807 portnum = random_u32 (&sm->random_seed); \
1808 portnum &= 0xFFFF; \
1809 if (portnum < 1024) \
1811 if (clib_bitmap_get_no_check (a->busy_##n##_port_bitmap, portnum)) \
1813 clib_bitmap_set_no_check (a->busy_##n##_port_bitmap, portnum, 1); \
1814 a->busy_##n##_ports++; \
1815 k->addr = a->addr; \
1816 k->port = clib_host_to_net_u16(portnum); \
1817 *address_indexp = i; \
1822 foreach_snat_protocol
1825 clib_warning("unknown protocol");
1830 /* Totally out of translations to use... */
1831 snat_ipfix_logging_addresses_exhausted(0);
1836 static clib_error_t *
1837 add_address_command_fn (vlib_main_t * vm,
1838 unformat_input_t * input,
1839 vlib_cli_command_t * cmd)
1841 unformat_input_t _line_input, *line_input = &_line_input;
1842 snat_main_t * sm = &snat_main;
1843 ip4_address_t start_addr, end_addr, this_addr;
1844 u32 start_host_order, end_host_order;
1848 clib_error_t *error = 0;
1850 /* Get a line of input. */
1851 if (!unformat_user (input, unformat_line_input, line_input))
1854 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1856 if (unformat (line_input, "%U - %U",
1857 unformat_ip4_address, &start_addr,
1858 unformat_ip4_address, &end_addr))
1860 else if (unformat (line_input, "%U", unformat_ip4_address, &start_addr))
1861 end_addr = start_addr;
1862 else if (unformat (line_input, "del"))
1866 error = clib_error_return (0, "unknown input '%U'",
1867 format_unformat_error, line_input);
1872 if (sm->static_mapping_only)
1874 error = clib_error_return (0, "static mapping only mode");
1878 start_host_order = clib_host_to_net_u32 (start_addr.as_u32);
1879 end_host_order = clib_host_to_net_u32 (end_addr.as_u32);
1881 if (end_host_order < start_host_order)
1883 error = clib_error_return (0, "end address less than start address");
1887 count = (end_host_order - start_host_order) + 1;
1890 clib_warning ("%U - %U, %d addresses...",
1891 format_ip4_address, &start_addr,
1892 format_ip4_address, &end_addr,
1895 this_addr = start_addr;
1897 for (i = 0; i < count; i++)
1900 snat_add_address (sm, &this_addr);
1902 rv = snat_del_address (sm, this_addr, 0);
1906 case VNET_API_ERROR_NO_SUCH_ENTRY:
1907 error = clib_error_return (0, "S-NAT address not exist.");
1909 case VNET_API_ERROR_UNSPECIFIED:
1910 error = clib_error_return (0, "S-NAT address used in static mapping.");
1916 increment_v4_address (&this_addr);
1920 unformat_free (line_input);
1925 VLIB_CLI_COMMAND (add_address_command, static) = {
1926 .path = "snat add address",
1927 .short_help = "snat add addresses <ip4-range-start> [- <ip4-range-end>] [del]",
1928 .function = add_address_command_fn,
1931 static clib_error_t *
1932 snat_feature_command_fn (vlib_main_t * vm,
1933 unformat_input_t * input,
1934 vlib_cli_command_t * cmd)
1936 unformat_input_t _line_input, *line_input = &_line_input;
1937 vnet_main_t * vnm = vnet_get_main();
1938 clib_error_t * error = 0;
1940 u32 * inside_sw_if_indices = 0;
1941 u32 * outside_sw_if_indices = 0;
1947 /* Get a line of input. */
1948 if (!unformat_user (input, unformat_line_input, line_input))
1951 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1953 if (unformat (line_input, "in %U", unformat_vnet_sw_interface,
1955 vec_add1 (inside_sw_if_indices, sw_if_index);
1956 else if (unformat (line_input, "out %U", unformat_vnet_sw_interface,
1958 vec_add1 (outside_sw_if_indices, sw_if_index);
1959 else if (unformat (line_input, "del"))
1963 error = clib_error_return (0, "unknown input '%U'",
1964 format_unformat_error, line_input);
1969 if (vec_len (inside_sw_if_indices))
1971 for (i = 0; i < vec_len(inside_sw_if_indices); i++)
1973 sw_if_index = inside_sw_if_indices[i];
1974 snat_interface_add_del (sw_if_index, 1, is_del);
1978 if (vec_len (outside_sw_if_indices))
1980 for (i = 0; i < vec_len(outside_sw_if_indices); i++)
1982 sw_if_index = outside_sw_if_indices[i];
1983 snat_interface_add_del (sw_if_index, 0, is_del);
1988 unformat_free (line_input);
1989 vec_free (inside_sw_if_indices);
1990 vec_free (outside_sw_if_indices);
1995 VLIB_CLI_COMMAND (set_interface_snat_command, static) = {
1996 .path = "set interface snat",
1997 .function = snat_feature_command_fn,
1998 .short_help = "set interface snat in <intfc> out <intfc> [del]",
2002 unformat_snat_protocol (unformat_input_t * input, va_list * args)
2004 u32 *r = va_arg (*args, u32 *);
2007 #define _(N, i, n, s) else if (unformat (input, s)) *r = SNAT_PROTOCOL_##N;
2008 foreach_snat_protocol
2016 format_snat_protocol (u8 * s, va_list * args)
2018 u32 i = va_arg (*args, u32);
2023 #define _(N, j, n, str) case SNAT_PROTOCOL_##N: t = (u8 *) str; break;
2024 foreach_snat_protocol
2027 s = format (s, "unknown");
2029 s = format (s, "%s", t);
2033 static clib_error_t *
2034 add_static_mapping_command_fn (vlib_main_t * vm,
2035 unformat_input_t * input,
2036 vlib_cli_command_t * cmd)
2038 unformat_input_t _line_input, *line_input = &_line_input;
2039 clib_error_t * error = 0;
2040 ip4_address_t l_addr, e_addr;
2041 u32 l_port = 0, e_port = 0, vrf_id = ~0;
2044 u32 sw_if_index = ~0;
2045 vnet_main_t * vnm = vnet_get_main();
2047 snat_protocol_t proto;
2050 /* Get a line of input. */
2051 if (!unformat_user (input, unformat_line_input, line_input))
2054 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
2056 if (unformat (line_input, "local %U %u", unformat_ip4_address, &l_addr,
2059 else if (unformat (line_input, "local %U", unformat_ip4_address, &l_addr))
2061 else if (unformat (line_input, "external %U %u", unformat_ip4_address,
2064 else if (unformat (line_input, "external %U", unformat_ip4_address,
2067 else if (unformat (line_input, "external %U %u",
2068 unformat_vnet_sw_interface, vnm, &sw_if_index,
2072 else if (unformat (line_input, "external %U",
2073 unformat_vnet_sw_interface, vnm, &sw_if_index))
2075 else if (unformat (line_input, "vrf %u", &vrf_id))
2077 else if (unformat (line_input, "%U", unformat_snat_protocol, &proto))
2079 else if (unformat (line_input, "del"))
2083 error = clib_error_return (0, "unknown input: '%U'",
2084 format_unformat_error, line_input);
2089 if (!addr_only && !proto_set)
2091 error = clib_error_return (0, "missing protocol");
2095 rv = snat_add_static_mapping(l_addr, e_addr, (u16) l_port, (u16) e_port,
2096 vrf_id, addr_only, sw_if_index, proto, is_add);
2100 case VNET_API_ERROR_INVALID_VALUE:
2101 error = clib_error_return (0, "External port already in use.");
2103 case VNET_API_ERROR_NO_SUCH_ENTRY:
2105 error = clib_error_return (0, "External addres must be allocated.");
2107 error = clib_error_return (0, "Mapping not exist.");
2109 case VNET_API_ERROR_NO_SUCH_FIB:
2110 error = clib_error_return (0, "No such VRF id.");
2112 case VNET_API_ERROR_VALUE_EXIST:
2113 error = clib_error_return (0, "Mapping already exist.");
2120 unformat_free (line_input);
2127 * @cliexstart{snat add static mapping}
2128 * Static mapping allows hosts on the external network to initiate connection
2129 * to to the local network host.
2130 * To create static mapping between local host address 10.0.0.3 port 6303 and
2131 * external address 4.4.4.4 port 3606 for TCP protocol use:
2132 * vpp# snat add static mapping local tcp 10.0.0.3 6303 external 4.4.4.4 3606
2133 * If not runnig "static mapping only" S-NAT plugin mode use before:
2134 * vpp# snat add address 4.4.4.4
2135 * To create static mapping between local and external address use:
2136 * vpp# snat add static mapping local 10.0.0.3 external 4.4.4.4
2139 VLIB_CLI_COMMAND (add_static_mapping_command, static) = {
2140 .path = "snat add static mapping",
2141 .function = add_static_mapping_command_fn,
2143 "snat add static mapping local tcp|udp|icmp <addr> [<port>] external <addr> [<port>] [vrf <table-id>] [del]",
2146 static clib_error_t *
2147 set_workers_command_fn (vlib_main_t * vm,
2148 unformat_input_t * input,
2149 vlib_cli_command_t * cmd)
2151 unformat_input_t _line_input, *line_input = &_line_input;
2154 clib_error_t *error = 0;
2156 /* Get a line of input. */
2157 if (!unformat_user (input, unformat_line_input, line_input))
2160 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
2162 if (unformat (line_input, "%U", unformat_bitmap_list, &bitmap))
2166 error = clib_error_return (0, "unknown input '%U'",
2167 format_unformat_error, line_input);
2174 error = clib_error_return (0, "List of workers must be specified.");
2178 rv = snat_set_workers(bitmap);
2180 clib_bitmap_free (bitmap);
2184 case VNET_API_ERROR_INVALID_WORKER:
2185 error = clib_error_return (0, "Invalid worker(s).");
2187 case VNET_API_ERROR_FEATURE_DISABLED:
2188 error = clib_error_return (0,
2189 "Supported only if 2 or more workes available.");
2196 unformat_free (line_input);
2203 * @cliexstart{set snat workers}
2204 * Set SNAT workers if 2 or more workers available, use:
2205 * vpp# set snat workers 0-2,5
2208 VLIB_CLI_COMMAND (set_workers_command, static) = {
2209 .path = "set snat workers",
2210 .function = set_workers_command_fn,
2212 "set snat workers <workers-list>",
2215 static clib_error_t *
2216 snat_ipfix_logging_enable_disable_command_fn (vlib_main_t * vm,
2217 unformat_input_t * input,
2218 vlib_cli_command_t * cmd)
2220 unformat_input_t _line_input, *line_input = &_line_input;
2225 clib_error_t *error = 0;
2227 /* Get a line of input. */
2228 if (!unformat_user (input, unformat_line_input, line_input))
2231 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
2233 if (unformat (line_input, "domain %d", &domain_id))
2235 else if (unformat (line_input, "src-port %d", &src_port))
2237 else if (unformat (line_input, "disable"))
2241 error = clib_error_return (0, "unknown input '%U'",
2242 format_unformat_error, line_input);
2247 rv = snat_ipfix_logging_enable_disable (enable, domain_id, (u16) src_port);
2251 error = clib_error_return (0, "ipfix logging enable failed");
2256 unformat_free (line_input);
2263 * @cliexstart{snat ipfix logging}
2264 * To enable SNAT IPFIX logging use:
2265 * vpp# snat ipfix logging
2266 * To set IPFIX exporter use:
2267 * vpp# set ipfix exporter collector 10.10.10.3 src 10.10.10.1
2270 VLIB_CLI_COMMAND (snat_ipfix_logging_enable_disable_command, static) = {
2271 .path = "snat ipfix logging",
2272 .function = snat_ipfix_logging_enable_disable_command_fn,
2273 .short_help = "snat ipfix logging [domain <domain-id>] [src-port <port>] [disable]",
2276 static clib_error_t *
2277 snat_config (vlib_main_t * vm, unformat_input_t * input)
2279 snat_main_t * sm = &snat_main;
2280 u32 translation_buckets = 1024;
2281 u32 translation_memory_size = 128<<20;
2282 u32 user_buckets = 128;
2283 u32 user_memory_size = 64<<20;
2284 u32 max_translations_per_user = 100;
2285 u32 outside_vrf_id = 0;
2286 u32 inside_vrf_id = 0;
2287 u32 static_mapping_buckets = 1024;
2288 u32 static_mapping_memory_size = 64<<20;
2289 u8 static_mapping_only = 0;
2290 u8 static_mapping_connection_tracking = 0;
2291 vlib_thread_main_t *tm = vlib_get_thread_main ();
2293 while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
2295 if (unformat (input, "translation hash buckets %d", &translation_buckets))
2297 else if (unformat (input, "translation hash memory %d",
2298 &translation_memory_size));
2299 else if (unformat (input, "user hash buckets %d", &user_buckets))
2301 else if (unformat (input, "user hash memory %d",
2304 else if (unformat (input, "max translations per user %d",
2305 &max_translations_per_user))
2307 else if (unformat (input, "outside VRF id %d",
2310 else if (unformat (input, "inside VRF id %d",
2313 else if (unformat (input, "static mapping only"))
2315 static_mapping_only = 1;
2316 if (unformat (input, "connection tracking"))
2317 static_mapping_connection_tracking = 1;
2320 return clib_error_return (0, "unknown input '%U'",
2321 format_unformat_error, input);
2324 /* for show commands, etc. */
2325 sm->translation_buckets = translation_buckets;
2326 sm->translation_memory_size = translation_memory_size;
2327 sm->user_buckets = user_buckets;
2328 sm->user_memory_size = user_memory_size;
2329 sm->max_translations_per_user = max_translations_per_user;
2330 sm->outside_vrf_id = outside_vrf_id;
2331 sm->outside_fib_index = fib_table_find_or_create_and_lock (FIB_PROTOCOL_IP4,
2333 sm->inside_vrf_id = inside_vrf_id;
2334 sm->inside_fib_index = fib_table_find_or_create_and_lock (FIB_PROTOCOL_IP4,
2336 sm->static_mapping_only = static_mapping_only;
2337 sm->static_mapping_connection_tracking = static_mapping_connection_tracking;
2339 if (!static_mapping_only ||
2340 (static_mapping_only && static_mapping_connection_tracking))
2342 clib_bihash_init_8_8 (&sm->worker_by_in, "worker-by-in", user_buckets,
2345 clib_bihash_init_8_8 (&sm->worker_by_out, "worker-by-out", user_buckets,
2348 vec_validate (sm->per_thread_data, tm->n_vlib_mains - 1);
2350 clib_bihash_init_8_8 (&sm->in2out, "in2out", translation_buckets,
2351 translation_memory_size);
2353 clib_bihash_init_8_8 (&sm->out2in, "out2in", translation_buckets,
2354 translation_memory_size);
2356 clib_bihash_init_8_8 (&sm->user_hash, "users", user_buckets,
2359 clib_bihash_init_8_8 (&sm->static_mapping_by_local,
2360 "static_mapping_by_local", static_mapping_buckets,
2361 static_mapping_memory_size);
2363 clib_bihash_init_8_8 (&sm->static_mapping_by_external,
2364 "static_mapping_by_external", static_mapping_buckets,
2365 static_mapping_memory_size);
2369 VLIB_CONFIG_FUNCTION (snat_config, "snat");
2371 u8 * format_snat_key (u8 * s, va_list * args)
2373 snat_session_key_t * key = va_arg (*args, snat_session_key_t *);
2374 char * protocol_string = "unknown";
2375 static char *protocol_strings[] = {
2381 if (key->protocol < ARRAY_LEN(protocol_strings))
2382 protocol_string = protocol_strings[key->protocol];
2384 s = format (s, "%U proto %s port %d fib %d",
2385 format_ip4_address, &key->addr, protocol_string,
2386 clib_net_to_host_u16 (key->port), key->fib_index);
2390 u8 * format_snat_session (u8 * s, va_list * args)
2392 snat_main_t * sm __attribute__((unused)) = va_arg (*args, snat_main_t *);
2393 snat_session_t * sess = va_arg (*args, snat_session_t *);
2395 s = format (s, " i2o %U\n", format_snat_key, &sess->in2out);
2396 s = format (s, " o2i %U\n", format_snat_key, &sess->out2in);
2397 s = format (s, " last heard %.2f\n", sess->last_heard);
2398 s = format (s, " total pkts %d, total bytes %lld\n",
2399 sess->total_pkts, sess->total_bytes);
2400 if (snat_is_session_static (sess))
2401 s = format (s, " static translation\n");
2403 s = format (s, " dynamic translation\n");
2408 u8 * format_snat_user (u8 * s, va_list * args)
2410 snat_main_per_thread_data_t * sm = va_arg (*args, snat_main_per_thread_data_t *);
2411 snat_user_t * u = va_arg (*args, snat_user_t *);
2412 int verbose = va_arg (*args, int);
2413 dlist_elt_t * head, * elt;
2414 u32 elt_index, head_index;
2416 snat_session_t * sess;
2418 s = format (s, "%U: %d dynamic translations, %d static translations\n",
2419 format_ip4_address, &u->addr, u->nsessions, u->nstaticsessions);
2424 if (u->nsessions || u->nstaticsessions)
2426 head_index = u->sessions_per_user_list_head_index;
2427 head = pool_elt_at_index (sm->list_pool, head_index);
2429 elt_index = head->next;
2430 elt = pool_elt_at_index (sm->list_pool, elt_index);
2431 session_index = elt->value;
2433 while (session_index != ~0)
2435 sess = pool_elt_at_index (sm->sessions, session_index);
2437 s = format (s, " %U\n", format_snat_session, sm, sess);
2439 elt_index = elt->next;
2440 elt = pool_elt_at_index (sm->list_pool, elt_index);
2441 session_index = elt->value;
2448 u8 * format_snat_static_mapping (u8 * s, va_list * args)
2450 snat_static_mapping_t *m = va_arg (*args, snat_static_mapping_t *);
2453 s = format (s, "local %U external %U vrf %d",
2454 format_ip4_address, &m->local_addr,
2455 format_ip4_address, &m->external_addr,
2458 s = format (s, "%U local %U:%d external %U:%d vrf %d",
2459 format_snat_protocol, m->proto,
2460 format_ip4_address, &m->local_addr, m->local_port,
2461 format_ip4_address, &m->external_addr, m->external_port,
2467 u8 * format_snat_static_map_to_resolve (u8 * s, va_list * args)
2469 snat_static_map_resolve_t *m = va_arg (*args, snat_static_map_resolve_t *);
2470 vnet_main_t *vnm = vnet_get_main();
2473 s = format (s, "local %U external %U vrf %d",
2474 format_ip4_address, &m->l_addr,
2475 format_vnet_sw_interface_name, vnm,
2476 vnet_get_sw_interface (vnm, m->sw_if_index),
2479 s = format (s, "%U local %U:%d external %U:%d vrf %d",
2480 format_snat_protocol, m->proto,
2481 format_ip4_address, &m->l_addr, m->l_port,
2482 format_vnet_sw_interface_name, vnm,
2483 vnet_get_sw_interface (vnm, m->sw_if_index), m->e_port,
2489 static clib_error_t *
2490 show_snat_command_fn (vlib_main_t * vm,
2491 unformat_input_t * input,
2492 vlib_cli_command_t * cmd)
2495 snat_main_t * sm = &snat_main;
2497 snat_static_mapping_t *m;
2498 snat_interface_t *i;
2499 snat_address_t * ap;
2500 vnet_main_t *vnm = vnet_get_main();
2501 snat_main_per_thread_data_t *tsm;
2502 u32 users_num = 0, sessions_num = 0, *worker, *sw_if_index;
2504 snat_static_map_resolve_t *rp;
2506 if (unformat (input, "detail"))
2508 else if (unformat (input, "verbose"))
2511 if (sm->static_mapping_only)
2513 if (sm->static_mapping_connection_tracking)
2514 vlib_cli_output (vm, "SNAT mode: static mapping only connection "
2517 vlib_cli_output (vm, "SNAT mode: static mapping only");
2521 vlib_cli_output (vm, "SNAT mode: dynamic translations enabled");
2526 pool_foreach (i, sm->interfaces,
2528 vlib_cli_output (vm, "%U %s", format_vnet_sw_interface_name, vnm,
2529 vnet_get_sw_interface (vnm, i->sw_if_index),
2530 i->is_inside ? "in" : "out");
2533 if (vec_len (sm->auto_add_sw_if_indices))
2535 vlib_cli_output (vm, "SNAT pool addresses interfaces:");
2536 vec_foreach (sw_if_index, sm->auto_add_sw_if_indices)
2538 vlib_cli_output (vm, "%U", format_vnet_sw_interface_name, vnm,
2539 vnet_get_sw_interface (vnm, *sw_if_index));
2543 vec_foreach (ap, sm->addresses)
2545 vlib_cli_output (vm, "%U", format_ip4_address, &ap->addr);
2546 #define _(N, i, n, s) \
2547 vlib_cli_output (vm, " %d busy %s ports", ap->busy_##n##_ports, s);
2548 foreach_snat_protocol
2553 if (sm->num_workers > 1)
2555 vlib_cli_output (vm, "%d workers", vec_len (sm->workers));
2558 vec_foreach (worker, sm->workers)
2560 vlib_worker_thread_t *w =
2561 vlib_worker_threads + *worker + sm->first_worker_index;
2562 vlib_cli_output (vm, " %s", w->name);
2567 if (sm->static_mapping_only && !(sm->static_mapping_connection_tracking))
2569 vlib_cli_output (vm, "%d static mappings",
2570 pool_elts (sm->static_mappings));
2574 pool_foreach (m, sm->static_mappings,
2576 vlib_cli_output (vm, "%U", format_snat_static_mapping, m);
2582 vec_foreach (tsm, sm->per_thread_data)
2584 users_num += pool_elts (tsm->users);
2585 sessions_num += pool_elts (tsm->sessions);
2588 vlib_cli_output (vm, "%d users, %d outside addresses, %d active sessions,"
2589 " %d static mappings",
2591 vec_len (sm->addresses),
2593 pool_elts (sm->static_mappings));
2597 vlib_cli_output (vm, "%U", format_bihash_8_8, &sm->in2out,
2599 vlib_cli_output (vm, "%U", format_bihash_8_8, &sm->out2in,
2601 vlib_cli_output (vm, "%U", format_bihash_8_8, &sm->worker_by_in,
2603 vlib_cli_output (vm, "%U", format_bihash_8_8, &sm->worker_by_out,
2605 vec_foreach_index (j, sm->per_thread_data)
2607 tsm = vec_elt_at_index (sm->per_thread_data, j);
2609 if (pool_elts (tsm->users) == 0)
2612 vlib_worker_thread_t *w = vlib_worker_threads + j;
2613 vlib_cli_output (vm, "Thread %d (%s at lcore %u):", j, w->name,
2615 vlib_cli_output (vm, " %d list pool elements",
2616 pool_elts (tsm->list_pool));
2618 pool_foreach (u, tsm->users,
2620 vlib_cli_output (vm, " %U", format_snat_user, tsm, u,
2625 if (pool_elts (sm->static_mappings) || vec_len (sm->to_resolve))
2627 vlib_cli_output (vm, "static mappings:");
2628 pool_foreach (m, sm->static_mappings,
2630 vlib_cli_output (vm, "%U", format_snat_static_mapping, m);
2632 for (j = 0; j < vec_len (sm->to_resolve); j++)
2634 rp = sm->to_resolve + j;
2635 vlib_cli_output (vm, "%U", format_snat_static_map_to_resolve,
2645 VLIB_CLI_COMMAND (show_snat_command, static) = {
2646 .path = "show snat",
2647 .short_help = "show snat",
2648 .function = show_snat_command_fn,
2653 snat_ip4_add_del_interface_address_cb (ip4_main_t * im,
2656 ip4_address_t * address,
2658 u32 if_address_index,
2661 snat_main_t *sm = &snat_main;
2662 snat_static_map_resolve_t *rp;
2663 u32 *indices_to_delete = 0;
2667 for (i = 0; i < vec_len(sm->auto_add_sw_if_indices); i++)
2669 if (sw_if_index == sm->auto_add_sw_if_indices[i])
2673 /* Don't trip over lease renewal, static config */
2674 for (j = 0; j < vec_len(sm->addresses); j++)
2675 if (sm->addresses[j].addr.as_u32 == address->as_u32)
2678 snat_add_address (sm, address);
2679 /* Scan static map resolution vector */
2680 for (j = 0; j < vec_len (sm->to_resolve); j++)
2682 rp = sm->to_resolve + j;
2683 /* On this interface? */
2684 if (rp->sw_if_index == sw_if_index)
2686 /* Add the static mapping */
2687 rv = snat_add_static_mapping (rp->l_addr,
2693 ~0 /* sw_if_index */,
2697 clib_warning ("snat_add_static_mapping returned %d",
2699 vec_add1 (indices_to_delete, j);
2702 /* If we resolved any of the outstanding static mappings */
2703 if (vec_len(indices_to_delete))
2706 for (j = vec_len(indices_to_delete)-1; j >= 0; j--)
2707 vec_delete(sm->to_resolve, 1, j);
2708 vec_free(indices_to_delete);
2714 (void) snat_del_address(sm, address[0], 1);
2722 static int snat_add_interface_address (snat_main_t *sm,
2726 ip4_main_t * ip4_main = sm->ip4_main;
2727 ip4_address_t * first_int_addr;
2728 snat_static_map_resolve_t *rp;
2729 u32 *indices_to_delete = 0;
2732 first_int_addr = ip4_interface_first_address (ip4_main, sw_if_index,
2733 0 /* just want the address*/);
2735 for (i = 0; i < vec_len(sm->auto_add_sw_if_indices); i++)
2737 if (sm->auto_add_sw_if_indices[i] == sw_if_index)
2741 /* if have address remove it */
2743 (void) snat_del_address (sm, first_int_addr[0], 1);
2746 for (j = 0; j < vec_len (sm->to_resolve); j++)
2748 rp = sm->to_resolve + j;
2749 if (rp->sw_if_index == sw_if_index)
2750 vec_add1 (indices_to_delete, j);
2752 if (vec_len(indices_to_delete))
2754 for (j = vec_len(indices_to_delete)-1; j >= 0; j--)
2755 vec_del1(sm->to_resolve, j);
2756 vec_free(indices_to_delete);
2759 vec_del1(sm->auto_add_sw_if_indices, i);
2762 return VNET_API_ERROR_VALUE_EXIST;
2769 return VNET_API_ERROR_NO_SUCH_ENTRY;
2771 /* add to the auto-address list */
2772 vec_add1(sm->auto_add_sw_if_indices, sw_if_index);
2774 /* If the address is already bound - or static - add it now */
2776 snat_add_address (sm, first_int_addr);
2781 static clib_error_t *
2782 snat_add_interface_address_command_fn (vlib_main_t * vm,
2783 unformat_input_t * input,
2784 vlib_cli_command_t * cmd)
2786 snat_main_t *sm = &snat_main;
2787 unformat_input_t _line_input, *line_input = &_line_input;
2791 clib_error_t *error = 0;
2793 /* Get a line of input. */
2794 if (!unformat_user (input, unformat_line_input, line_input))
2797 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
2799 if (unformat (line_input, "%U", unformat_vnet_sw_interface,
2800 sm->vnet_main, &sw_if_index))
2802 else if (unformat (line_input, "del"))
2806 error = clib_error_return (0, "unknown input '%U'",
2807 format_unformat_error, line_input);
2812 rv = snat_add_interface_address (sm, sw_if_index, is_del);
2820 error = clib_error_return (0, "snat_add_interface_address returned %d",
2826 unformat_free (line_input);
2831 VLIB_CLI_COMMAND (snat_add_interface_address_command, static) = {
2832 .path = "snat add interface address",
2833 .short_help = "snat add interface address <interface> [del]",
2834 .function = snat_add_interface_address_command_fn,
Code Review / vpp.git / blob