NAT: TCP MSS clamping

[vpp.git] / src / plugins / nat / nat.h
diff --git a/src/plugins/nat/nat.h b/src/plugins/nat/nat.h

index 97bbec2..06a6162 100644 (file)
--- a/src/plugins/nat/nat.h
+++ b/src/plugins/nat/nat.h
@@ -32,10 +32,8 @@
  
  
  #define SNAT_UDP_TIMEOUT 300
-#define SNAT_UDP_TIMEOUT_MIN 120
  #define SNAT_TCP_TRANSITORY_TIMEOUT 240
  #define SNAT_TCP_ESTABLISHED_TIMEOUT 7440
-#define SNAT_TCP_INCOMING_SYN 6
  #define SNAT_ICMP_TIMEOUT 60
  
  #define NAT_FQ_NELTS 64
@@ -98,6 +96,16 @@ typedef struct {
    };
  } snat_user_key_t;
  
+#define foreach_nat_addr_and_port_alloc_alg \
+  _(0, DEFAULT, "default")         \
+  _(1, MAPE, "map-e")              \
+  _(2, RANGE, "port-range")
+
+typedef enum {
+#define _(v, N, s) NAT_ADDR_AND_PORT_ALLOC_ALG_##N = v,
+  foreach_nat_addr_and_port_alloc_alg
+#undef _
+} nat_addr_and_port_alloc_alg_t;
  
  #define foreach_snat_protocol \
    _(UDP, 0, udp, "udp")       \
@@ -133,6 +141,8 @@ typedef enum {
  #define NAT44_SES_O2I_FIN 2
  #define NAT44_SES_I2O_FIN_ACK 4
  #define NAT44_SES_O2I_FIN_ACK 8
+#define NAT44_SES_I2O_SYN 16
+#define NAT44_SES_O2I_SYN 32
  
  #define nat44_is_ses_closed(s) s->state == 0xf
  
@@ -142,6 +152,7 @@ typedef enum {
  #define SNAT_SESSION_FLAG_TWICE_NAT            8
  #define SNAT_SESSION_FLAG_ENDPOINT_DEPENDENT   16
  #define SNAT_SESSION_FLAG_FWD_BYPASS           32
+#define SNAT_SESSION_FLAG_AFFINITY             64
  
  #define NAT_INTERFACE_FLAG_IS_INSIDE 1
  #define NAT_INTERFACE_FLAG_IS_OUTSIDE 2
@@ -172,7 +183,7 @@ typedef CLIB_PACKED(struct {
    ip4_address_t ext_host_addr;  /* 68-71 */
    u16 ext_host_port;            /* 72-73 */
  
-  /* External hos address and port after translation */
+  /* External host address and port after translation */
    ip4_address_t ext_host_nat_addr; /* 74-77 */
    u16 ext_host_nat_port;           /* 78-79 */
  
@@ -231,6 +242,8 @@ typedef struct {
    u16 port;
    u8 probability;
    u8 prefix;
+  u32 vrf_id;
+  u32 fib_index;
  } nat44_lb_addr_port_t;
  
  typedef enum {
@@ -239,6 +252,12 @@ typedef enum {
    TWICE_NAT_SELF,
  } twice_nat_type_t;
  
+typedef enum {
+  NO_LB_NAT,
+  LB_NAT,
+  AFFINITY_LB_NAT,
+} lb_nat_type_t;
+
  typedef struct {
    ip4_address_t local_addr;
    ip4_address_t external_addr;
@@ -250,9 +269,11 @@ typedef struct {
    u32 vrf_id;
    u32 fib_index;
    snat_protocol_t proto;
+  u32 affinity;
    u32 *workers;
    u8 *tag;
    nat44_lb_addr_port_t *locals;
+  u32 affinity_per_service_list_head_index;
  } snat_static_mapping_t;
  
  typedef struct {
@@ -350,10 +371,17 @@ typedef struct snat_main_s {
  
    /* Vector of outside addresses */
    snat_address_t * addresses;
+  /* Address and port allocation function */
    nat_alloc_out_addr_and_port_function_t *alloc_addr_and_port;
+  /* Address and port allocation type */
+  nat_addr_and_port_alloc_alg_t addr_and_port_alloc_alg;
+  /* Port set parameters (MAP-E) */
    u8 psid_offset;
    u8 psid_length;
    u16 psid;
+  /* Port range parameters */
+  u16 start_port;
+  u16 end_port;
  
    /* vector of outside fibs */
    nat_outside_fib_t * outside_fibs;
@@ -411,6 +439,10 @@ typedef struct snat_main_s {
    u32 tcp_transitory_timeout;
    u32 icmp_timeout;
  
+  /* TCP MSS clamping */
+  u16 mss_clamping;
+  u16 mss_value_net;
+
    /* API message ID base */
    u16 msg_id_base;
  
@@ -425,6 +457,11 @@ typedef struct snat_main_s {
    api_main_t * api_main;
  } snat_main_t;
  
+typedef struct {
+  u32 thread_index;
+  f64 now;
+} nat44_is_idle_session_ctx_t;
+
  extern snat_main_t snat_main;
  extern vlib_node_registration_t snat_in2out_node;
  extern vlib_node_registration_t snat_in2out_output_node;
@@ -449,8 +486,7 @@ extern vlib_node_registration_t nat44_ed_out2in_worker_handoff_node;
  
  void snat_free_outside_address_and_port (snat_address_t * addresses,
                                           u32 thread_index,
-                                         snat_session_key_t * k,
-                                         u32 address_index);
+                                         snat_session_key_t * k);
  
  int snat_alloc_outside_address_and_port (snat_address_t * addresses,
                                           u32 fib_index,
@@ -466,7 +502,8 @@ int snat_static_mapping_match (snat_main_t * sm,
                                 u8 by_external,
                                 u8 *is_addr_only,
                                 twice_nat_type_t *twice_nat,
-                               u8 *lb);
+                               lb_nat_type_t *lb,
+                               ip4_address_t * ext_host_addr);
  
  void snat_add_del_addr_to_fib (ip4_address_t * addr,
                                 u8 p_len,
@@ -520,6 +557,12 @@ typedef struct {
  */
  #define is_ed_session(s) (s->flags & SNAT_SESSION_FLAG_ENDPOINT_DEPENDENT)
  
+/** \brief Check if NAT session has affinity record.
+    @param s NAT session
+    @return 1 if NAT session has affinity record
+*/
+#define is_affinity_sessions(s) (s->flags & SNAT_SESSION_FLAG_AFFINITY)
+
  #define nat_interface_is_inside(i) i->flags & NAT_INTERFACE_FLAG_IS_INSIDE
  #define nat_interface_is_outside(i) i->flags & NAT_INTERFACE_FLAG_IS_OUTSIDE
  
@@ -609,11 +652,12 @@ int snat_add_interface_address(snat_main_t *sm, u32 sw_if_index, int is_del,
                                 u8 twice_nat);
  uword unformat_snat_protocol(unformat_input_t * input, va_list * args);
  u8 * format_snat_protocol(u8 * s, va_list * args);
+u8 * format_nat_addr_and_port_alloc_alg(u8 * s, va_list * args);
  int nat44_add_del_lb_static_mapping (ip4_address_t e_addr, u16 e_port,
-                                     snat_protocol_t proto, u32 vrf_id,
+                                     snat_protocol_t proto,
                                       nat44_lb_addr_port_t *locals, u8 is_add,
                                       twice_nat_type_t twice_nat, u8 out2in_only,
-                                     u8 *tag);
+                                     u8 *tag, u32 affinity);
  int nat44_del_session (snat_main_t *sm, ip4_address_t *addr, u16 port,
                         snat_protocol_t proto, u32 vrf_id, int is_in);
  int nat44_del_ed_session (snat_main_t *sm, ip4_address_t *addr, u16 port,
@@ -625,8 +669,15 @@ snat_user_t * nat_user_get_or_create (snat_main_t *sm, ip4_address_t *addr,
                                        u32 fib_index, u32 thread_index);
  snat_session_t * nat_session_alloc_or_recycle (snat_main_t *sm, snat_user_t *u,
                                                 u32 thread_index);
+snat_session_t * nat_ed_session_alloc (snat_main_t *sm, snat_user_t *u,
+                                       u32 thread_index);
  void nat_set_alloc_addr_and_port_mape (u16 psid, u16 psid_offset,
                                         u16 psid_length);
+void nat_set_alloc_addr_and_port_range (u16 start_port, u16 end_port);
  void nat_set_alloc_addr_and_port_default (void);
+int nat44_i2o_ed_is_idle_session_cb (clib_bihash_kv_16_8_t *kv, void *arg);
+int nat44_o2i_ed_is_idle_session_cb (clib_bihash_kv_16_8_t *kv, void *arg);
+int nat44_i2o_is_idle_session_cb (clib_bihash_kv_8_8_t *kv, void *arg);
+int nat44_o2i_is_idle_session_cb (clib_bihash_kv_8_8_t *kv, void *arg);
  
  #endif /* __included_snat_h__ */