* limitations under the License.
*/
-option version = "5.0.0";
+option version = "5.2.0";
import "vnet/ip/ip_types.api";
import "vnet/interface_types.api";
+import "plugins/nat/nat_types.api";
/**
* @file nat.api
* Common NAT plugin APIs
*/
-enum nat_config_flags : u8
-{
- NAT_IS_NONE = 0x00,
- NAT_IS_TWICE_NAT = 0x01,
- NAT_IS_SELF_TWICE_NAT = 0x02,
- NAT_IS_OUT2IN_ONLY = 0x04,
- NAT_IS_ADDR_ONLY = 0x08,
- NAT_IS_OUTSIDE = 0x10,
- NAT_IS_INSIDE = 0x20,
- NAT_IS_STATIC = 0x40,
- NAT_IS_EXT_HOST_VALID = 0x80,
-};
-
/** \brief Control ping from client to api server request
@param client_index - opaque cookie to identify the sender
@param context - sender context, to match reply w/ request
u32 translation_buckets;
u32 translation_memory_size;
u32 user_buckets;
- u32 user_memory_size;
+ u64 user_memory_size;
u32 max_translations_per_user;
u32 outside_vrf_id;
u32 inside_vrf_id;
u32 nat64_bib_buckets;
- u32 nat64_bib_memory_size;
+ u64 nat64_bib_memory_size;
u32 nat64_st_buckets;
- u32 nat64_st_memory_size;
+ u64 nat64_st_memory_size;
};
-/** \brief Set NAT workers
- @param client_index - opaque cookie to identify the sender
- @param context - sender context, to match reply w/ request
- @param worker_mask - NAT workers mask
-*/
-autoreply define nat_set_workers {
- u32 client_index;
- u32 context;
- u64 worker_mask;
+enum nat_log_level : u8
+{
+ NAT_LOG_NONE = 0x00,
+ NAT_LOG_ERROR = 0x01,
+ NAT_LOG_WARNING = 0x02,
+ NAT_LOG_NOTICE = 0x03,
+ NAT_LOG_INFO = 0x04,
+ NAT_LOG_DEBUG = 0x05,
};
-/** \brief Dump NAT workers
+/** \brief Run nat44 garbage collection
@param client_index - opaque cookie to identify the sender
@param context - sender context, to match reply w/ request
*/
-define nat_worker_dump {
+autoreply define nat44_session_cleanup {
u32 client_index;
u32 context;
};
-/** \brief NAT workers details response
+/** \brief NAT44 set session limit
+ @param client_index - opaque cookie to identify the sender
@param context - sender context, to match reply w/ request
- @param worker_index - worker index
- @param lcore_id - lcore ID
- @param name - worker name
+ @param session_limit - session limit
+ @param vrf_id - vrf id
*/
-define nat_worker_details {
+autoreply define nat44_set_session_limit {
+ u32 client_index;
u32 context;
- u32 worker_index;
- u32 lcore_id;
- string name;
+ u32 session_limit;
+ u32 vrf_id;
};
-/** \brief Enable/disable NAT IPFIX logging
+/** \brief Set NAT logging level
@param client_index - opaque cookie to identify the sender
@param context - sender context, to match reply w/ request
- @param domain_id - observation domain ID
- @param src_port - source port number
- @param enable - true if enable, false if disable
+ @param log_level - logging level
*/
-autoreply define nat_ipfix_enable_disable {
+autoreply define nat_set_log_level {
u32 client_index;
u32 context;
- u32 domain_id;
- u16 src_port;
- bool enable;
+ vl_api_nat_log_level_t log_level;
};
-/** \brief Set NAT virtual fragmentation reassembly
+/** \brief Set NAT workers
@param client_index - opaque cookie to identify the sender
@param context - sender context, to match reply w/ request
- @param timeout - reassembly timeout
- @param max_reass - maximum number of concurrent reassemblies
- @param max_frag - maximum number of fragmets per reassembly
- @param drop_frag - if 0 translate fragments, otherwise drop fragments
- @param is_ip6 - true if IPv6, false if IPv4
+ @param worker_mask - NAT workers mask
*/
-autoreply define nat_set_reass {
+autoreply define nat_set_workers {
u32 client_index;
u32 context;
- u32 timeout;
- u16 max_reass;
- u8 max_frag;
- u8 drop_frag;
- bool is_ip6;
+ u64 worker_mask;
};
-/** \brief Get NAT virtual fragmentation reassembly configuration
+/** \brief Dump NAT workers
@param client_index - opaque cookie to identify the sender
@param context - sender context, to match reply w/ request
*/
-define nat_get_reass {
+define nat_worker_dump {
u32 client_index;
u32 context;
};
-/** \brief Get NAT virtual fragmentation reassembly configuration reply
+/** \brief NAT workers details response
@param context - sender context, to match reply w/ request
- @param retval - return code
- @param ip4_timeout - reassembly timeout
- @param ip4_max_reass - maximum number of concurrent reassemblies
- @param ip4_max_frag - maximum number of fragmets per reassembly
- @param ip4_drop_frag - if 0 translate fragments, otherwise drop fragments
- @param ip6_timeout - reassembly timeout
- @param ip6_max_reass - maximum number of concurrent reassemblies
- @param ip6_max_frag - maximum number of fragmets per reassembly
- @param ip6_drop_frag - if 0 translate fragments, otherwise drop fragments
+ @param worker_index - worker index
+ @param lcore_id - lcore ID
+ @param name - worker name
*/
-define nat_get_reass_reply {
+define nat_worker_details {
u32 context;
- i32 retval;
- u32 ip4_timeout;
- u16 ip4_max_reass;
- u8 ip4_max_frag;
- u8 ip4_drop_frag;
- u32 ip6_timeout;
- u16 ip6_max_reass;
- u8 ip6_max_frag;
- u8 ip6_drop_frag;
+ u32 worker_index;
+ u32 lcore_id;
+ string name[64];
};
-/** \brief Dump NAT virtual fragmentation reassemblies
+/** \brief Enable/disable NAT IPFIX logging
@param client_index - opaque cookie to identify the sender
@param context - sender context, to match reply w/ request
+ @param domain_id - observation domain ID
+ @param src_port - source port number
+ @param enable - true if enable, false if disable
*/
-define nat_reass_dump {
+autoreply define nat_ipfix_enable_disable {
u32 client_index;
u32 context;
-};
-
-/** \brief NAT virtual fragmentation reassemblies response
- @param context - sender context, to match reply w/ request
- @param src_addr - source IPv4 address
- @param dst_addr - destination IPv4 address
- @param frag_id - fragment ID
- @param proto - protocol
- @param frag_n - number of cached fragments
-*/
-define nat_reass_details {
- u32 context;
- vl_api_address_t src_addr;
- vl_api_address_t dst_addr;
- u32 frag_id;
- u8 proto;
- u8 frag_n;
+ u32 domain_id;
+ u16 src_port;
+ bool enable;
};
/** \brief Set values of timeouts for NAT sessions (seconds)
* NAT44 APIs
*/
+/** \brief Del NAT44 user
+ @param client_index - opaque cookie to identify the sender
+ @param context - sender context, to match reply w/ request
+ @param ip_address - IPv4 address
+ @param fib_index - FIB index
+*/
+autoreply define nat44_del_user {
+ u32 client_index;
+ u32 context;
+ vl_api_ip4_address_t ip_address;
+ u32 fib_index;
+};
+
/** \brief Add/del NAT44 address range
@param client_index - opaque cookie to identify the sender
@param context - sender context, to match reply w/ request
u16 external_port;
vl_api_interface_index_t external_sw_if_index;
u32 vrf_id;
- string tag;
+ string tag[64];
};
/** \brief Dump NAT44 static mappings
u16 external_port;
vl_api_interface_index_t external_sw_if_index;
u32 vrf_id;
- string tag;
+ string tag[64];
};
/** \brief Add/delete NAT44 identity mapping
u16 port;
vl_api_interface_index_t sw_if_index;
u32 vrf_id;
- string tag;
+ string tag[64];
};
/** \brief Dump NAT44 identity mappings
u16 port;
vl_api_interface_index_t sw_if_index;
u32 vrf_id;
- string tag;
+ string tag[64];
};
/** \brief Add/delete NAT44 pool address from specific interfce
@param probability - probability of the internal node to be randomly matched
@param vrf_id - VRF id
*/
-typeonly manual_endian define nat44_lb_addr_port {
+typedef nat44_lb_addr_port {
vl_api_ip4_address_t addr;
u16 port;
u8 probability;
u16 external_port;
u8 protocol;
u32 affinity;
+ string tag[64];
u32 local_num;
vl_api_nat44_lb_addr_port_t locals[local_num];
- string tag;
};
/** \brief Add/delete NAT44 load-balancing static mapping rule backend
u8 protocol;
vl_api_nat_config_flags_t flags;
u32 affinity;
+ string tag[64];
u32 local_num;
vl_api_nat44_lb_addr_port_t locals[local_num];
- string tag;
};
/** \brief Delete NAT44 session
bool enabled;
};
-
-/*
- * Deterministic NAT (CGN) APIs
- */
-
-/** \brief Add/delete NAT deterministic mapping
- @param client_index - opaque cookie to identify the sender
- @param context - sender context, to match reply w/ request
- @param is_add - true if add, false if delete
- @param in_addr - inside IPv4 address
- @param in_plen - inside IPv4 address prefix length
- @param out_addr - outside IPv4 address
- @param out_plen - outside IPv4 address prefix length
-*/
-autoreply define nat_det_add_del_map {
- u32 client_index;
- u32 context;
- bool is_add;
- vl_api_ip4_address_t in_addr;
- u8 in_plen;
- vl_api_ip4_address_t out_addr;
- u8 out_plen;
-};
-
-/** \brief Get outside address and port range from inside address
- @param client_index - opaque cookie to identify the sender
- @param context - sender context, to match reply w/ request
- @param in_addr - inside IP address
-*/
-define nat_det_forward {
- u32 client_index;
- u32 context;
- vl_api_ip4_address_t in_addr;
-};
-
-/** \brief Get outside address and port range from inside address
- @param context - sender context, to match reply w/ request
- @param retval - return code
- @param out_port_lo - outside port range start
- @param out_port_hi - outside port range end
- @param out_addr - outside IPv4 address
-*/
-define nat_det_forward_reply {
- u32 context;
- i32 retval;
- u16 out_port_lo;
- u16 out_port_hi;
- vl_api_ip4_address_t out_addr;
-};
-
-/** \brief Get inside address from outside address and port
- @param client_index - opaque cookie to identify the sender
- @param context - sender context, to match reply w/ request
- @param out_port - outside port
- @param out_addr - outside IPv4 address
-*/
-define nat_det_reverse {
- u32 client_index;
- u32 context;
- u16 out_port;
- vl_api_ip4_address_t out_addr;
-};
-
-/** \brief Get inside address from outside address and port reply
- @param context - sender context, to match reply w/ request
- @param retval - return code
- @param in_addr - inside IP address
-*/
-define nat_det_reverse_reply {
- u32 context;
- i32 retval;
- vl_api_ip4_address_t in_addr;
-};
-
-/** \brief Dump NAT deterministic mappings
- @param client_index - opaque cookie to identify the sender
- @param context - sender context, to match reply w/ request
-*/
-define nat_det_map_dump {
- u32 client_index;
- u32 context;
-};
-
-/** \brief NAT users response
- @param context - sender context, to match reply w/ request
- @param in_addr - inside IPv4 address
- @param in_plen - inside IPv4 address prefix length
- @param out_addr - outside IPv4 address
- @param out_plen - outside IPv4 address prefix length
- @param sharing_ratio - outside to inside address sharing ratio
- @param ports_per_host - number of ports available to a host
- @param ses_num - number of sessions belonging to this mapping
-*/
-define nat_det_map_details {
- u32 context;
- vl_api_ip4_address_t in_addr;
- u8 in_plen;
- vl_api_ip4_address_t out_addr;
- u8 out_plen;
- u32 sharing_ratio;
- u16 ports_per_host;
- u32 ses_num;
-};
-
-/** \brief Close deterministic NAT session by outside address and port
- @param client_index - opaque cookie to identify the sender
- @param context - sender context, to match reply w/ request
- @param out_addr - outside IPv4 address
- @param out_port - outside port
- @param ext_addr - external host IPv4 address
- @param ext_port - external host port
-*/
-autoreply define nat_det_close_session_out {
- u32 client_index;
- u32 context;
- vl_api_ip4_address_t out_addr;
- u16 out_port;
- vl_api_ip4_address_t ext_addr;
- u16 ext_port;
-};
-
-/** \brief Close deterministic NAT session by inside address and port
- @param client_index - opaque cookie to identify the sender
- @param context - sender context, to match reply w/ request
- @param in_addr - inside IP address
- @param in_port - inside port
- @param ext_addr - external host IP address
- @param ext_port - external host port
-*/
-autoreply define nat_det_close_session_in {
- u32 client_index;
- u32 context;
- vl_api_ip4_address_t in_addr;
- u16 in_port;
- vl_api_ip4_address_t ext_addr;
- u16 ext_port;
-};
-
-/** \brief Dump determinstic NAT sessions
- @param client_index - opaque cookie to identify the sender
- @param context - sender context, to match reply w/ request
- @param user_addr - address of an inside user whose sessions to dump
-*/
-define nat_det_session_dump {
- u32 client_index;
- u32 context;
- vl_api_ip4_address_t user_addr;
-};
-
-/** \brief Deterministic NAT sessions reply
- @param context - sender context, to match reply w/ request
- @param in_port - inside port
- @param ext_addr - external host IPv4 address
- @param ext_port - external host port
- @param out_port - outside NAT port
- @param state - session state
- @param expire - session expiration timestamp
-*/
-define nat_det_session_details {
- u32 context;
- u16 in_port;
- vl_api_ip4_address_t ext_addr;
- u16 ext_port;
- u16 out_port;
- u8 state;
- u32 expire;
-};
-
/*
* NAT64 APIs
*/
bool is_add;
vl_api_interface_index_t sw_if_index;
};
-
-/*
- * DS-Lite APIs
- */
-
-/** \brief Add/delete address range to DS-Lite pool
- @param client_index - opaque cookie to identify the sender
- @param context - sender context, to match reply w/ request
- @param start_addr - start IPv4 address of the range
- @param end_addr - end IPv4 address of the range
- @param is_add - true if add, false if delete
-*/
-autoreply define dslite_add_del_pool_addr_range {
- u32 client_index;
- u32 context;
- vl_api_ip4_address_t start_addr;
- vl_api_ip4_address_t end_addr;
- bool is_add;
-};
-
-/** \brief Dump DS-Lite addresses
- @param client_index - opaque cookie to identify the sender
- @param context - sender context, to match reply w/ request
-*/
-define dslite_address_dump {
- u32 client_index;
- u32 context;
-};
-
-/** \brief DS-Lite address details response
- @param context - sender context, to match reply w/ request
- @param ip_address - IPv4 address
-*/
-define dslite_address_details {
- u32 context;
- vl_api_ip4_address_t ip_address;
-};
-
-/** \brief Set AFTR IPv6 and IPv4 addresses
- @param client_index - opaque cookie to identify the sender
- @param context - sender context, to match reply w/ request
- @param ip4_addr - IPv4 address
- @param ip6_addr - IPv6 address
-*/
-autoreply define dslite_set_aftr_addr {
- u32 client_index;
- u32 context;
- vl_api_ip4_address_t ip4_addr;
- vl_api_ip6_address_t ip6_addr;
-};
-
-/** \brief Get AFTR IPv6 and IPv4 addresses
- @param client_index - opaque cookie to identify the sender
- @param context - sender context, to match reply w/ request
-*/
-define dslite_get_aftr_addr {
- u32 client_index;
- u32 context;
-};
-
-/** \brief Response to get AFTR IPv6 and IPv4 addresses
- @param context - sender context, to match reply w/ request
- @param retval - return code
- @param ip4_addr - IPv4 address
- @param ip6_addr - IPv6 address
-*/
-define dslite_get_aftr_addr_reply {
- u32 context;
- i32 retval;
- vl_api_ip4_address_t ip4_addr;
- vl_api_ip6_address_t ip6_addr;
-};
-
-/** \brief Set B4 IPv6 and IPv4 addresses
- @param client_index - opaque cookie to identify the sender
- @param context - sender context, to match reply w/ request
- @param ip4_addr - IPv4 address
- @param ip6_addr - IPv6 address
-*/
-autoreply define dslite_set_b4_addr {
- u32 client_index;
- u32 context;
- vl_api_ip4_address_t ip4_addr;
- vl_api_ip6_address_t ip6_addr;
-};
-
-/** \brief Get B4 IPv6 and IPv4 addresses
- @param client_index - opaque cookie to identify the sender
- @param context - sender context, to match reply w/ request
-*/
-define dslite_get_b4_addr {
- u32 client_index;
- u32 context;
-};
-
-/** \brief Response to get B4 IPv6 and IPv4 addresses
- @param context - sender context, to match reply w/ request
- @param retval - return code
- @param ip4_addr - IPv4 address
- @param ip6_addr - IPv6 address
-*/
-define dslite_get_b4_addr_reply {
- u32 context;
- i32 retval;
- vl_api_ip4_address_t ip4_addr;
- vl_api_ip6_address_t ip6_addr;
-};
-
-/*
- * NAT66 APIs
- */
-/** \brief Enable/disable NAT66 feature on the interface
- @param client_index - opaque cookie to identify the sender
- @param context - sender context, to match reply w/ request
- @param is_add - true if add, false if delete
- @param flags - flag NAT_IS_INSIDE if interface is inside or
- interface is outside,
- @param sw_if_index - software index of the interface
-*/
-autoreply define nat66_add_del_interface {
- u32 client_index;
- u32 context;
- bool is_add;
- vl_api_nat_config_flags_t flags;
- vl_api_interface_index_t sw_if_index;
-};
-
-/** \brief Dump interfaces with NAT66 feature
- @param client_index - opaque cookie to identify the sender
- @param context - sender context, to match reply w/ request
-*/
-define nat66_interface_dump {
- u32 client_index;
- u32 context;
-};
-
-/** \brief NAT66 interface details response
- @param context - sender context, to match reply w/ request
- @param flags - flag NAT_IS_INSIDE if interface is inside or
- interface is outside,
- @param sw_if_index - software index of the interface
-*/
-define nat66_interface_details {
- u32 context;
- vl_api_nat_config_flags_t flags;
- vl_api_interface_index_t sw_if_index;
-};
-
-/** \brief Add/delete 1:1 NAT66
- @param client_index - opaque cookie to identify the sender
- @param context - sender context, to match reply w/ request
- @param is_add - true if add, false if delete
- @param local_ip_address - local IPv6 address
- @param external_ip_address - external IPv6 address
- @param vrf_id - VRF id of tenant
-*/
-autoreply define nat66_add_del_static_mapping {
- u32 client_index;
- u32 context;
- bool is_add;
- vl_api_ip6_address_t local_ip_address;
- vl_api_ip6_address_t external_ip_address;
- u32 vrf_id;
-};
-
-/** \brief Dump NAT66 static mappings
- @param client_index - opaque cookie to identify the sender
- @param context - sender context, to match reply w/ request
-*/
-define nat66_static_mapping_dump {
- u32 client_index;
- u32 context;
-};
-
-/** \brief NAT66 static mapping details response
- @param context - sender context, to match reply w/ request
- @param local_ip_address - local IPv6 address
- @param external_ip_address - external IPv6 address
- @param vrf_id - VRF id of tenant
- @param total_bytes - count of bytes sent through static mapping
- @param total_pkts - count of pakets sent through static mapping
-*/
-define nat66_static_mapping_details {
- u32 context;
- vl_api_ip6_address_t local_ip_address;
- vl_api_ip6_address_t external_ip_address;
- u32 vrf_id;
- u64 total_bytes;
- u64 total_pkts;
-};