- sm->worker_in2out_cb = snat_get_worker_in2out_cb;
- sm->worker_out2in_cb = snat_get_worker_out2in_cb;
- sm->in2out_node_index = snat_in2out_node.index;
- sm->in2out_output_node_index = snat_in2out_output_node.index;
- sm->out2in_node_index = snat_out2in_node.index;
- if (!static_mapping_only ||
- (static_mapping_only && static_mapping_connection_tracking))
- {
- sm->icmp_match_in2out_cb = icmp_match_in2out_slow;
- sm->icmp_match_out2in_cb = icmp_match_out2in_slow;
-
- vec_foreach (tsm, sm->per_thread_data)
- {
- clib_bihash_init_8_8 (&tsm->in2out, "in2out", translation_buckets,
- translation_memory_size);
-
- clib_bihash_init_8_8 (&tsm->out2in, "out2in", translation_buckets,
- translation_memory_size);
-
- clib_bihash_init_8_8 (&tsm->user_hash, "users", user_buckets,
- user_memory_size);
- }
-
- clib_bihash_init_16_8 (&sm->in2out_ed, "in2out-ed",
- translation_buckets, translation_memory_size);
-
- clib_bihash_init_16_8 (&sm->out2in_ed, "out2in-ed",
- translation_buckets, translation_memory_size);
- }
- else
- {
- sm->icmp_match_in2out_cb = icmp_match_in2out_fast;
- sm->icmp_match_out2in_cb = icmp_match_out2in_fast;
- }
- clib_bihash_init_8_8 (&sm->static_mapping_by_local,
- "static_mapping_by_local", static_mapping_buckets,
- static_mapping_memory_size);
-
- clib_bihash_init_8_8 (&sm->static_mapping_by_external,
- "static_mapping_by_external", static_mapping_buckets,
- static_mapping_memory_size);
- }
-
- return 0;
-}
-
-VLIB_CONFIG_FUNCTION (snat_config, "nat");
-
-u8 * format_snat_session_state (u8 * s, va_list * args)
-{
- u32 i = va_arg (*args, u32);
- u8 *t = 0;
-
- switch (i)
- {
-#define _(v, N, str) case SNAT_SESSION_##N: t = (u8 *) str; break;
- foreach_snat_session_state
-#undef _
- default:
- t = format (t, "unknown");
- }
- s = format (s, "%s", t);
- return s;
-}
-
-u8 * format_snat_key (u8 * s, va_list * args)
-{
- snat_session_key_t * key = va_arg (*args, snat_session_key_t *);
-
- s = format (s, "%U proto %U port %d fib %d",
- format_ip4_address, &key->addr,
- format_snat_protocol, key->protocol,
- clib_net_to_host_u16 (key->port), key->fib_index);
- return s;
-}
-
-u8 * format_snat_session (u8 * s, va_list * args)
-{
- snat_main_t * sm __attribute__((unused)) = va_arg (*args, snat_main_t *);
- snat_session_t * sess = va_arg (*args, snat_session_t *);
-
- if (snat_is_unk_proto_session (sess))
- {
- s = format (s, " i2o %U proto %u fib %u\n",
- format_ip4_address, &sess->in2out.addr,
- clib_net_to_host_u16 (sess->in2out.port),
- sess->in2out.fib_index);
- s = format (s, " o2i %U proto %u fib %u\n",
- format_ip4_address, &sess->out2in.addr,
- clib_net_to_host_u16 (sess->out2in.port),
- sess->out2in.fib_index);
- }
- else
- {
- s = format (s, " i2o %U\n", format_snat_key, &sess->in2out);
- s = format (s, " o2i %U\n", format_snat_key, &sess->out2in);
- }
- if (is_twice_nat_session (sess))
- {
- s = format (s, " external host o2i %U:%d i2o %U:%d\n",
- format_ip4_address, &sess->ext_host_addr,
- clib_net_to_host_u16 (sess->ext_host_port),
- format_ip4_address, &sess->ext_host_nat_addr,
- clib_net_to_host_u16 (sess->ext_host_nat_port));
- }
- else
- {
- if (sess->ext_host_addr.as_u32)
- s = format (s, " external host %U\n",
- format_ip4_address, &sess->ext_host_addr);
- }
- s = format (s, " last heard %.2f\n", sess->last_heard);
- s = format (s, " total pkts %d, total bytes %lld\n",
- sess->total_pkts, sess->total_bytes);
- if (snat_is_session_static (sess))
- s = format (s, " static translation\n");
- else
- s = format (s, " dynamic translation\n");
- if (sess->flags & SNAT_SESSION_FLAG_LOAD_BALANCING)
- s = format (s, " load-balancing\n");
- if (is_twice_nat_session (sess))
- s = format (s, " twice-nat\n");
-
- return s;
-}
-
-u8 * format_snat_user (u8 * s, va_list * args)
-{
- snat_main_per_thread_data_t * sm = va_arg (*args, snat_main_per_thread_data_t *);
- snat_user_t * u = va_arg (*args, snat_user_t *);
- int verbose = va_arg (*args, int);
- dlist_elt_t * head, * elt;
- u32 elt_index, head_index;
- u32 session_index;
- snat_session_t * sess;
-
- s = format (s, "%U: %d dynamic translations, %d static translations\n",
- format_ip4_address, &u->addr, u->nsessions, u->nstaticsessions);
-
- if (verbose == 0)
- return s;
-
- if (u->nsessions || u->nstaticsessions)
- {
- head_index = u->sessions_per_user_list_head_index;
- head = pool_elt_at_index (sm->list_pool, head_index);
-
- elt_index = head->next;
- elt = pool_elt_at_index (sm->list_pool, elt_index);
- session_index = elt->value;
-
- while (session_index != ~0)
- {
- sess = pool_elt_at_index (sm->sessions, session_index);
-
- s = format (s, " %U\n", format_snat_session, sm, sess);
-
- elt_index = elt->next;
- elt = pool_elt_at_index (sm->list_pool, elt_index);
- session_index = elt->value;
- }
- }
-
- return s;
-}
-
-u8 * format_snat_static_mapping (u8 * s, va_list * args)
-{
- snat_static_mapping_t *m = va_arg (*args, snat_static_mapping_t *);
- nat44_lb_addr_port_t *local;
-
- if (m->addr_only)
- s = format (s, "local %U external %U vrf %d %s",
- format_ip4_address, &m->local_addr,
- format_ip4_address, &m->external_addr,
- m->vrf_id, m->twice_nat ? "twice-nat" : "");
- else
- {
- if (vec_len (m->locals))
- {
- s = format (s, "%U vrf %d external %U:%d %s",
- format_snat_protocol, m->proto,
- m->vrf_id,
- format_ip4_address, &m->external_addr, m->external_port,
- m->twice_nat ? "twice-nat" : "");
- vec_foreach (local, m->locals)
- s = format (s, "\n local %U:%d probability %d\%",
- format_ip4_address, &local->addr, local->port,
- local->probability);
- }
- else
- s = format (s, "%U local %U:%d external %U:%d vrf %d %s",
- format_snat_protocol, m->proto,
- format_ip4_address, &m->local_addr, m->local_port,
- format_ip4_address, &m->external_addr, m->external_port,
- m->vrf_id, m->twice_nat ? "twice-nat" : "");
- }
- return s;
-}
-
-u8 * format_snat_static_map_to_resolve (u8 * s, va_list * args)
-{
- snat_static_map_resolve_t *m = va_arg (*args, snat_static_map_resolve_t *);
- vnet_main_t *vnm = vnet_get_main();
-
- if (m->addr_only)
- s = format (s, "local %U external %U vrf %d",
- format_ip4_address, &m->l_addr,
- format_vnet_sw_interface_name, vnm,
- vnet_get_sw_interface (vnm, m->sw_if_index),
- m->vrf_id);
- else
- s = format (s, "%U local %U:%d external %U:%d vrf %d",
- format_snat_protocol, m->proto,
- format_ip4_address, &m->l_addr, m->l_port,
- format_vnet_sw_interface_name, vnm,
- vnet_get_sw_interface (vnm, m->sw_if_index), m->e_port,
- m->vrf_id);
-
- return s;
-}
-
-u8 * format_det_map_ses (u8 * s, va_list * args)
-{
- snat_det_map_t * det_map = va_arg (*args, snat_det_map_t *);
- ip4_address_t in_addr, out_addr;
- u32 in_offset, out_offset;
- snat_det_session_t * ses = va_arg (*args, snat_det_session_t *);
- u32 * i = va_arg (*args, u32 *);
-
- u32 user_index = *i / SNAT_DET_SES_PER_USER;
- in_addr.as_u32 = clib_host_to_net_u32 (
- clib_net_to_host_u32(det_map->in_addr.as_u32) + user_index);
- in_offset = clib_net_to_host_u32(in_addr.as_u32) -
- clib_net_to_host_u32(det_map->in_addr.as_u32);
- out_offset = in_offset / det_map->sharing_ratio;
- out_addr.as_u32 = clib_host_to_net_u32(
- clib_net_to_host_u32(det_map->out_addr.as_u32) + out_offset);
- s = format (s, "in %U:%d out %U:%d external host %U:%d state: %U expire: %d\n",
- format_ip4_address, &in_addr,
- clib_net_to_host_u16 (ses->in_port),
- format_ip4_address, &out_addr,
- clib_net_to_host_u16 (ses->out.out_port),
- format_ip4_address, &ses->out.ext_host_addr,
- clib_net_to_host_u16 (ses->out.ext_host_port),
- format_snat_session_state, ses->state,
- ses->expire);
-
- return s;
-}
-
-static clib_error_t *
-show_snat_command_fn (vlib_main_t * vm,
- unformat_input_t * input,
- vlib_cli_command_t * cmd)
-{
- int verbose = 0;
- snat_main_t * sm = &snat_main;
- snat_user_t * u;
- snat_static_mapping_t *m;
- snat_interface_t *i;
- snat_address_t * ap;
- vnet_main_t *vnm = vnet_get_main();
- snat_main_per_thread_data_t *tsm;
- u32 users_num = 0, sessions_num = 0, *worker, *sw_if_index;
- uword j = 0;
- snat_static_map_resolve_t *rp;
- snat_det_map_t * dm;
- snat_det_session_t * ses;
-
- if (unformat (input, "detail"))
- verbose = 1;
- else if (unformat (input, "verbose"))
- verbose = 2;
-
- if (sm->static_mapping_only)
- {
- if (sm->static_mapping_connection_tracking)
- vlib_cli_output (vm, "NAT plugin mode: static mapping only connection "
- "tracking");
- else
- vlib_cli_output (vm, "NAT plugin mode: static mapping only");
- }
- else if (sm->deterministic)
- {
- vlib_cli_output (vm, "NAT plugin mode: deterministic mapping");
- }
- else
- {
- vlib_cli_output (vm, "NAT plugin mode: dynamic translations enabled");
- }
-
- if (verbose > 0)
- {
- pool_foreach (i, sm->interfaces,
- ({
- vlib_cli_output (vm, "%U %s", format_vnet_sw_interface_name, vnm,
- vnet_get_sw_interface (vnm, i->sw_if_index),
- (nat_interface_is_inside(i) &&
- nat_interface_is_outside(i)) ? "in out" :
- (nat_interface_is_inside(i) ? "in" : "out"));
- }));
-
- pool_foreach (i, sm->output_feature_interfaces,
- ({
- vlib_cli_output (vm, "%U output-feature %s",
- format_vnet_sw_interface_name, vnm,
- vnet_get_sw_interface (vnm, i->sw_if_index),
- (nat_interface_is_inside(i) &&
- nat_interface_is_outside(i)) ? "in out" :
- (nat_interface_is_inside(i) ? "in" : "out"));
- }));
-
- if (vec_len (sm->auto_add_sw_if_indices))
- {
- vlib_cli_output (vm, "NAT44 pool addresses interfaces:");
- vec_foreach (sw_if_index, sm->auto_add_sw_if_indices)
- {
- vlib_cli_output (vm, "%U", format_vnet_sw_interface_name, vnm,
- vnet_get_sw_interface (vnm, *sw_if_index));
- }
- }
-
- if (vec_len (sm->auto_add_sw_if_indices_twice_nat))
- {
- vlib_cli_output (vm, "NAT44 twice-nat pool addresses interfaces:");
- vec_foreach (sw_if_index, sm->auto_add_sw_if_indices_twice_nat)
- {
- vlib_cli_output (vm, "%U", format_vnet_sw_interface_name, vnm,
- vnet_get_sw_interface (vnm, *sw_if_index));
- }
- }
-
- vlib_cli_output (vm, "NAT44 pool addresses:");
- vec_foreach (ap, sm->addresses)
- {
- vlib_cli_output (vm, "%U", format_ip4_address, &ap->addr);
- if (ap->fib_index != ~0)
- vlib_cli_output (vm, " tenant VRF: %u",
- ip4_fib_get(ap->fib_index)->table_id);
- else
- vlib_cli_output (vm, " tenant VRF independent");
-#define _(N, i, n, s) \
- vlib_cli_output (vm, " %d busy %s ports", ap->busy_##n##_ports, s);
- foreach_snat_protocol
-#undef _
- }
-
- vlib_cli_output (vm, "NAT44 twice-nat pool addresses:");
- vec_foreach (ap, sm->twice_nat_addresses)
- {
- vlib_cli_output (vm, "%U", format_ip4_address, &ap->addr);
- if (ap->fib_index != ~0)
- vlib_cli_output (vm, " tenant VRF: %u",
- ip4_fib_get(ap->fib_index)->table_id);
- else
- vlib_cli_output (vm, " tenant VRF independent");
-#define _(N, i, n, s) \
- vlib_cli_output (vm, " %d busy %s ports", ap->busy_##n##_ports, s);
- foreach_snat_protocol
-#undef _
- }
- }
-
- if (sm->num_workers > 1)
- {
- vlib_cli_output (vm, "%d workers", vec_len (sm->workers));
- if (verbose > 0)
- {
- vec_foreach (worker, sm->workers)
- {
- vlib_worker_thread_t *w =
- vlib_worker_threads + *worker + sm->first_worker_index;
- vlib_cli_output (vm, " %s", w->name);
- }
- }
- }
-
- if (sm->deterministic)
- {
- vlib_cli_output (vm, "udp timeout: %dsec", sm->udp_timeout);
- vlib_cli_output (vm, "tcp-established timeout: %dsec",
- sm->tcp_established_timeout);
- vlib_cli_output (vm, "tcp-transitory timeout: %dsec",
- sm->tcp_transitory_timeout);
- vlib_cli_output (vm, "icmp timeout: %dsec", sm->icmp_timeout);
- vlib_cli_output (vm, "%d deterministic mappings",
- pool_elts (sm->det_maps));
- if (verbose > 0)
- {
- pool_foreach (dm, sm->det_maps,
- ({
- vlib_cli_output (vm, "in %U/%d out %U/%d\n",
- format_ip4_address, &dm->in_addr, dm->in_plen,
- format_ip4_address, &dm->out_addr, dm->out_plen);
- vlib_cli_output (vm, " outside address sharing ratio: %d\n",
- dm->sharing_ratio);
- vlib_cli_output (vm, " number of ports per inside host: %d\n",
- dm->ports_per_host);
- vlib_cli_output (vm, " sessions number: %d\n", dm->ses_num);
- if (verbose > 1)
- {
- vec_foreach_index (j, dm->sessions)
- {
- ses = vec_elt_at_index (dm->sessions, j);
- if (ses->in_port)
- vlib_cli_output (vm, " %U", format_det_map_ses, dm, ses,
- &j);
- }
- }
- }));
- }
- }
- else
- {
- if (sm->static_mapping_only && !(sm->static_mapping_connection_tracking))
- {
- vlib_cli_output (vm, "%d static mappings",
- pool_elts (sm->static_mappings));
-
- if (verbose > 0)
- {
- pool_foreach (m, sm->static_mappings,
- ({
- vlib_cli_output (vm, "%U", format_snat_static_mapping, m);
- }));
- }
- }