- if (sm->static_mapping_only)
- {
- if (sm->static_mapping_connection_tracking)
- vlib_cli_output (vm, "NAT plugin mode: static mapping only connection "
- "tracking");
- else
- vlib_cli_output (vm, "NAT plugin mode: static mapping only");
- }
- else if (sm->deterministic)
- {
- vlib_cli_output (vm, "NAT plugin mode: deterministic mapping");
- }
- else
- {
- vlib_cli_output (vm, "NAT plugin mode: dynamic translations enabled");
- }
-
- if (verbose > 0)
- {
- pool_foreach (i, sm->interfaces,
- ({
- vlib_cli_output (vm, "%U %s", format_vnet_sw_interface_name, vnm,
- vnet_get_sw_interface (vnm, i->sw_if_index),
- (nat_interface_is_inside(i) &&
- nat_interface_is_outside(i)) ? "in out" :
- (nat_interface_is_inside(i) ? "in" : "out"));
- }));
-
- pool_foreach (i, sm->output_feature_interfaces,
- ({
- vlib_cli_output (vm, "%U output-feature %s",
- format_vnet_sw_interface_name, vnm,
- vnet_get_sw_interface (vnm, i->sw_if_index),
- (nat_interface_is_inside(i) &&
- nat_interface_is_outside(i)) ? "in out" :
- (nat_interface_is_inside(i) ? "in" : "out"));
- }));
-
- if (vec_len (sm->auto_add_sw_if_indices))
- {
- vlib_cli_output (vm, "NAT44 pool addresses interfaces:");
- vec_foreach (sw_if_index, sm->auto_add_sw_if_indices)
- {
- vlib_cli_output (vm, "%U", format_vnet_sw_interface_name, vnm,
- vnet_get_sw_interface (vnm, *sw_if_index));
- }
- }
-
- vec_foreach (ap, sm->addresses)
- {
- vlib_cli_output (vm, "%U", format_ip4_address, &ap->addr);
- if (ap->fib_index != ~0)
- vlib_cli_output (vm, " tenant VRF: %u",
- ip4_fib_get(ap->fib_index)->table_id);
- else
- vlib_cli_output (vm, " tenant VRF independent");
-#define _(N, i, n, s) \
- vlib_cli_output (vm, " %d busy %s ports", ap->busy_##n##_ports, s);
- foreach_snat_protocol
-#undef _
- }
- }
-
- if (sm->num_workers > 1)
- {
- vlib_cli_output (vm, "%d workers", vec_len (sm->workers));
- if (verbose > 0)
- {
- vec_foreach (worker, sm->workers)
- {
- vlib_worker_thread_t *w =
- vlib_worker_threads + *worker + sm->first_worker_index;
- vlib_cli_output (vm, " %s", w->name);
- }
- }
- }
-
- if (sm->deterministic)
- {
- vlib_cli_output (vm, "udp timeout: %dsec", sm->udp_timeout);
- vlib_cli_output (vm, "tcp-established timeout: %dsec",
- sm->tcp_established_timeout);
- vlib_cli_output (vm, "tcp-transitory timeout: %dsec",
- sm->tcp_transitory_timeout);
- vlib_cli_output (vm, "icmp timeout: %dsec", sm->icmp_timeout);
- vlib_cli_output (vm, "%d deterministic mappings",
- pool_elts (sm->det_maps));
- if (verbose > 0)
- {
- pool_foreach (dm, sm->det_maps,
- ({
- vlib_cli_output (vm, "in %U/%d out %U/%d\n",
- format_ip4_address, &dm->in_addr, dm->in_plen,
- format_ip4_address, &dm->out_addr, dm->out_plen);
- vlib_cli_output (vm, " outside address sharing ratio: %d\n",
- dm->sharing_ratio);
- vlib_cli_output (vm, " number of ports per inside host: %d\n",
- dm->ports_per_host);
- vlib_cli_output (vm, " sessions number: %d\n", dm->ses_num);
- if (verbose > 1)
- {
- vec_foreach_index (j, dm->sessions)
- {
- ses = vec_elt_at_index (dm->sessions, j);
- if (ses->in_port)
- vlib_cli_output (vm, " %U", format_det_map_ses, dm, ses,
- &j);
- }
- }
- }));
- }
- }
- else
- {
- if (sm->static_mapping_only && !(sm->static_mapping_connection_tracking))
- {
- vlib_cli_output (vm, "%d static mappings",
- pool_elts (sm->static_mappings));
-
- if (verbose > 0)
- {
- pool_foreach (m, sm->static_mappings,
- ({
- vlib_cli_output (vm, "%U", format_snat_static_mapping, m);
- }));
- }
- }
- else
- {
- vec_foreach (tsm, sm->per_thread_data)
- {
- users_num += pool_elts (tsm->users);
- sessions_num += pool_elts (tsm->sessions);
- }
-
- vlib_cli_output (vm, "%d users, %d outside addresses, %d active sessions,"
- " %d static mappings",
- users_num,
- vec_len (sm->addresses),
- sessions_num,
- pool_elts (sm->static_mappings));
-
- if (verbose > 0)
- {
- vlib_cli_output (vm, "%U", format_bihash_16_8, &sm->in2out_ed,
- verbose - 1);
- vlib_cli_output (vm, "%U", format_bihash_16_8, &sm->out2in_ed,
- verbose - 1);
- vec_foreach_index (j, sm->per_thread_data)
- {
- tsm = vec_elt_at_index (sm->per_thread_data, j);
-
- if (pool_elts (tsm->users) == 0)
- continue;
-
- vlib_worker_thread_t *w = vlib_worker_threads + j;
- vlib_cli_output (vm, "Thread %d (%s at lcore %u):", j, w->name,
- w->lcore_id);
- vlib_cli_output (vm, " %U", format_bihash_8_8, &tsm->in2out,
- verbose - 1);
- vlib_cli_output (vm, " %U", format_bihash_8_8, &tsm->out2in,
- verbose - 1);
- vlib_cli_output (vm, " %d list pool elements",
- pool_elts (tsm->list_pool));
-
- pool_foreach (u, tsm->users,
- ({
- vlib_cli_output (vm, " %U", format_snat_user, tsm, u,
- verbose - 1);
- }));
- }
-
- if (pool_elts (sm->static_mappings))
- {
- vlib_cli_output (vm, "static mappings:");
- pool_foreach (m, sm->static_mappings,
- ({
- vlib_cli_output (vm, "%U", format_snat_static_mapping, m);
- }));
- for (j = 0; j < vec_len (sm->to_resolve); j++)
- {
- rp = sm->to_resolve + j;
- vlib_cli_output (vm, "%U",
- format_snat_static_map_to_resolve, rp);
- }
- }
- }
- }
- }
-
- return 0;
-}
-
-VLIB_CLI_COMMAND (show_snat_command, static) = {
- .path = "show nat44",
- .short_help = "show nat44",
- .function = show_snat_command_fn,
-};
-
-
-static void
-snat_ip4_add_del_interface_address_cb (ip4_main_t * im,
- uword opaque,
- u32 sw_if_index,
- ip4_address_t * address,
- u32 address_length,
- u32 if_address_index,
- u32 is_delete)
-{
- snat_main_t *sm = &snat_main;
- snat_static_map_resolve_t *rp;
- u32 *indices_to_delete = 0;
- ip4_address_t l_addr;
- int i, j;
- int rv;
-
- for (i = 0; i < vec_len(sm->auto_add_sw_if_indices); i++)
- {
- if (sw_if_index == sm->auto_add_sw_if_indices[i])
- {
- if (!is_delete)
- {
- /* Don't trip over lease renewal, static config */
- for (j = 0; j < vec_len(sm->addresses); j++)
- if (sm->addresses[j].addr.as_u32 == address->as_u32)
- return;
-
- snat_add_address (sm, address, ~0);
- /* Scan static map resolution vector */
- for (j = 0; j < vec_len (sm->to_resolve); j++)
- {
- rp = sm->to_resolve + j;
- /* On this interface? */
- if (rp->sw_if_index == sw_if_index)
- {
- /* Indetity mapping? */
- if (rp->l_addr.as_u32 == 0)
- l_addr.as_u32 = address[0].as_u32;
- else
- l_addr.as_u32 = rp->l_addr.as_u32;
- /* Add the static mapping */
- rv = snat_add_static_mapping (l_addr,
- address[0],
- rp->l_port,
- rp->e_port,
- rp->vrf_id,
- rp->addr_only,
- ~0 /* sw_if_index */,
- rp->proto,
- rp->is_add);
- if (rv)
- clib_warning ("snat_add_static_mapping returned %d",
- rv);
- vec_add1 (indices_to_delete, j);
- }
- }
- /* If we resolved any of the outstanding static mappings */
- if (vec_len(indices_to_delete))
- {
- /* Delete them */
- for (j = vec_len(indices_to_delete)-1; j >= 0; j--)
- vec_delete(sm->to_resolve, 1, j);
- vec_free(indices_to_delete);
- }
- return;
- }
- else
- {
- (void) snat_del_address(sm, address[0], 1);
- return;
- }
- }
- }
-}
-
-
-int snat_add_interface_address (snat_main_t *sm, u32 sw_if_index, int is_del)
-{
- ip4_main_t * ip4_main = sm->ip4_main;
- ip4_address_t * first_int_addr;
- snat_static_map_resolve_t *rp;
- u32 *indices_to_delete = 0;
- int i, j;
-
- first_int_addr = ip4_interface_first_address (ip4_main, sw_if_index,
- 0 /* just want the address*/);
-
- for (i = 0; i < vec_len(sm->auto_add_sw_if_indices); i++)
- {
- if (sm->auto_add_sw_if_indices[i] == sw_if_index)
- {
- if (is_del)
- {
- /* if have address remove it */
- if (first_int_addr)
- (void) snat_del_address (sm, first_int_addr[0], 1);
- else
- {
- for (j = 0; j < vec_len (sm->to_resolve); j++)
- {
- rp = sm->to_resolve + j;
- if (rp->sw_if_index == sw_if_index)
- vec_add1 (indices_to_delete, j);
- }
- if (vec_len(indices_to_delete))
- {
- for (j = vec_len(indices_to_delete)-1; j >= 0; j--)
- vec_del1(sm->to_resolve, j);
- vec_free(indices_to_delete);
- }
- }
- vec_del1(sm->auto_add_sw_if_indices, i);
- }
- else
- return VNET_API_ERROR_VALUE_EXIST;
-
- return 0;
- }
- }
-
- if (is_del)
- return VNET_API_ERROR_NO_SUCH_ENTRY;
-
- /* add to the auto-address list */
- vec_add1(sm->auto_add_sw_if_indices, sw_if_index);
-
- /* If the address is already bound - or static - add it now */
- if (first_int_addr)
- snat_add_address (sm, first_int_addr, ~0);
-
- return 0;
-}
-
-static clib_error_t *
-snat_add_interface_address_command_fn (vlib_main_t * vm,
- unformat_input_t * input,
- vlib_cli_command_t * cmd)
-{
- snat_main_t *sm = &snat_main;
- unformat_input_t _line_input, *line_input = &_line_input;
- u32 sw_if_index;
- int rv;
- int is_del = 0;
- clib_error_t *error = 0;
-
- /* Get a line of input. */
- if (!unformat_user (input, unformat_line_input, line_input))
- return 0;
-
- while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
- {
- if (unformat (line_input, "%U", unformat_vnet_sw_interface,
- sm->vnet_main, &sw_if_index))
- ;
- else if (unformat (line_input, "del"))
- is_del = 1;
- else
- {
- error = clib_error_return (0, "unknown input '%U'",
- format_unformat_error, line_input);
- goto done;
- }
- }
-
- rv = snat_add_interface_address (sm, sw_if_index, is_del);
-
- switch (rv)
- {
- case 0:
- break;
-
- default:
- error = clib_error_return (0, "snat_add_interface_address returned %d",
- rv);
- goto done;
- }
-
-done:
- unformat_free (line_input);
-
- return error;
-}
-
-VLIB_CLI_COMMAND (snat_add_interface_address_command, static) = {
- .path = "nat44 add interface address",
- .short_help = "nat44 add interface address <interface> [del]",
- .function = snat_add_interface_address_command_fn,
-};
-
-int
-nat44_del_session (snat_main_t *sm, ip4_address_t *addr, u16 port,
- snat_protocol_t proto, u32 vrf_id, int is_in)
-{
- snat_main_per_thread_data_t *tsm;
- clib_bihash_kv_8_8_t kv, value;
- ip4_header_t ip;
- u32 fib_index = fib_table_find (FIB_PROTOCOL_IP4, vrf_id);
- snat_session_key_t key;
- snat_session_t *s;
- clib_bihash_8_8_t *t;
- snat_user_key_t u_key;
- snat_user_t *u;
-
- ip.dst_address.as_u32 = ip.src_address.as_u32 = addr->as_u32;
- if (sm->num_workers)
- tsm =
- vec_elt_at_index (sm->per_thread_data,
- sm->worker_in2out_cb (&ip, fib_index));