/*
- * Copyright (c) 2016 Cisco and/or its affiliates.
+ * Copyright (c) 2020 Cisco and/or its affiliates.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at:
#include <nat/lib/lib.h>
#include <nat/lib/inlines.h>
-/* default session timeouts */
-#define SNAT_UDP_TIMEOUT 300
-#define SNAT_TCP_TRANSITORY_TIMEOUT 240
-#define SNAT_TCP_ESTABLISHED_TIMEOUT 7440
-#define SNAT_ICMP_TIMEOUT 60
-
/* number of worker handoff frame queue elements */
#define NAT_FQ_NELTS 64
NAT_NEXT_IN2OUT_ED_OUTPUT_SLOW_PATH,
NAT_NEXT_OUT2IN_ED_FAST_PATH,
NAT_NEXT_OUT2IN_ED_SLOW_PATH,
+ NAT_NEXT_OUT2IN_ED_HANDOFF,
NAT_NEXT_IN2OUT_CLASSIFY,
NAT_NEXT_OUT2IN_CLASSIFY,
NAT_N_NEXT,
NAT_IN2OUT_ED_N_ERROR,
} nat_in2out_ed_error_t;
+#define foreach_nat44_handoff_error \
+_(CONGESTION_DROP, "congestion drop") \
+_(SAME_WORKER, "same worker") \
+_(DO_HANDOFF, "do handoff")
+
+typedef enum
+{
+#define _(sym,str) NAT44_HANDOFF_ERROR_##sym,
+ foreach_nat44_handoff_error
+#undef _
+ NAT44_HANDOFF_N_ERROR,
+} nat44_handoff_error_t;
+
#define foreach_nat_out2in_ed_error \
_(UNSUPPORTED_PROTOCOL, "unsupported protocol") \
_(OUT_OF_PORTS, "out of ports") \
#define SNAT_SESSION_FLAG_ENDPOINT_DEPENDENT 16
#define SNAT_SESSION_FLAG_FWD_BYPASS 32
#define SNAT_SESSION_FLAG_AFFINITY 64
-#define SNAT_SESSION_FLAG_OUTPUT_FEATURE 128
-#define SNAT_SESSION_FLAG_EXACT_ADDRESS 256
+#define SNAT_SESSION_FLAG_EXACT_ADDRESS 128
/* NAT interface flags */
#define NAT_INTERFACE_FLAG_IS_INSIDE 1
u32 ed_hairpin_dst_node_index;
u32 ed_hairpin_src_node_index;
+ nat44_config_t rconfig;
+ //nat44_config_t cconfig;
+
/* If forwarding is enabled */
u8 forwarding_enabled;
u32 inside_vrf_id;
u32 inside_fib_index;
- /* values of various timeouts */
- u32 udp_timeout;
- u32 tcp_transitory_timeout;
- u32 tcp_established_timeout;
- u32 icmp_timeout;
+ nat_timeouts_t timeouts;
/* TCP MSS clamping */
u16 mss_clamping;
ip4_main_t *ip4_main;
ip_lookup_main_t *ip4_lookup_main;
+ fib_source_t fib_src_hi;
+ fib_source_t fib_src_low;
+
/* nat44 plugin enabled */
u8 enabled;
nat_protocol_t proto, u32 vrf_id,
u8 probability, u8 is_add);
-clib_error_t *snat_api_init (vlib_main_t * vm, snat_main_t * sm);
+clib_error_t *nat44_api_hookup (vlib_main_t * vm);
/**
* @brief Set NAT plugin workers
* @return 0 on success, non-zero value otherwise
*/
int nat44_update_session_limit (u32 session_limit, u32 vrf_id);
-/**
- * @brief Free NAT44 ED session data (lookup keys, external address port)
- *
- * @param s NAT session
- * @param thread_index thread index
- * @param is_ha is HA event
- */
-void
-nat44_free_session_data (snat_main_t * sm, snat_session_t * s,
- u32 thread_index, u8 is_ha);
/**
* @brief Initialize NAT44 data
*/
void nat44_db_free (snat_main_per_thread_data_t * tsm);
+/**
+ * @brief Delete specific NAT44 EI user and his sessions
+ *
+ * @param addr IPv4 address
+ * @param fib_index FIB table index
+ */
+int nat44_ei_user_del (ip4_address_t * addr, u32 fib_index);
+
+/**
+ * @brief Free all NAT44 sessions
+ */
void nat44_sessions_clear ();
/**
void snat_add_del_addr_to_fib (ip4_address_t * addr,
u8 p_len, u32 sw_if_index, int is_add);
+void
+nat_ha_sadd_cb (ip4_address_t * in_addr, u16 in_port,
+ ip4_address_t * out_addr, u16 out_port,
+ ip4_address_t * eh_addr, u16 eh_port,
+ ip4_address_t * ehn_addr, u16 ehn_port, u8 proto,
+ u32 fib_index, u16 flags, u32 thread_index);
+
+void
+nat_ha_sdel_cb (ip4_address_t * out_addr, u16 out_port,
+ ip4_address_t * eh_addr, u16 eh_port, u8 proto, u32 fib_index,
+ u32 ti);
+
+void
+nat_ha_sref_cb (ip4_address_t * out_addr, u16 out_port,
+ ip4_address_t * eh_addr, u16 eh_port, u8 proto, u32 fib_index,
+ u32 total_pkts, u64 total_bytes, u32 thread_index);
+
+void
+nat_ha_sadd_ed_cb (ip4_address_t * in_addr, u16 in_port,
+ ip4_address_t * out_addr, u16 out_port,
+ ip4_address_t * eh_addr, u16 eh_port,
+ ip4_address_t * ehn_addr, u16 ehn_port, u8 proto,
+ u32 fib_index, u16 flags, u32 thread_index);
+
+void
+nat_ha_sdel_ed_cb (ip4_address_t * out_addr, u16 out_port,
+ ip4_address_t * eh_addr, u16 eh_port, u8 proto,
+ u32 fib_index, u32 ti);
+
+void
+nat_ha_sdel_ed_cb (ip4_address_t * out_addr, u16 out_port,
+ ip4_address_t * eh_addr, u16 eh_port, u8 proto,
+ u32 fib_index, u32 ti);
+
+void
+nat_ha_sref_ed_cb (ip4_address_t * out_addr, u16 out_port,
+ ip4_address_t * eh_addr, u16 eh_port, u8 proto,
+ u32 fib_index, u32 total_pkts, u64 total_bytes,
+ u32 thread_index);
+
/*
* Why is this here? Because we don't need to touch this layer to
* simply reply to an icmp. We need to change id to a unique