NAT_NEXT_ICMP_ERROR,
NAT_NEXT_IN2OUT_ED_FAST_PATH,
NAT_NEXT_IN2OUT_ED_SLOW_PATH,
+ NAT_NEXT_IN2OUT_ED_OUTPUT_FAST_PATH,
NAT_NEXT_IN2OUT_ED_OUTPUT_SLOW_PATH,
NAT_NEXT_OUT2IN_ED_FAST_PATH,
NAT_NEXT_OUT2IN_ED_SLOW_PATH,
#define SNAT_SESSION_FLAG_FWD_BYPASS 32
#define SNAT_SESSION_FLAG_AFFINITY 64
#define SNAT_SESSION_FLAG_OUTPUT_FEATURE 128
+#define SNAT_SESSION_FLAG_EXACT_ADDRESS 256
/* NAT interface flags */
#define NAT_INTERFACE_FLAG_IS_INSIDE 1
#define NAT_INTERFACE_FLAG_IS_OUTSIDE 2
/* Static mapping flags */
-#define NAT_STATIC_MAPPING_FLAG_ADDR_ONLY 1
-#define NAT_STATIC_MAPPING_FLAG_OUT2IN_ONLY 2
-#define NAT_STATIC_MAPPING_FLAG_IDENTITY_NAT 4
-#define NAT_STATIC_MAPPING_FLAG_LB 8
+#define NAT_STATIC_MAPPING_FLAG_ADDR_ONLY 1
+#define NAT_STATIC_MAPPING_FLAG_OUT2IN_ONLY 2
+#define NAT_STATIC_MAPPING_FLAG_IDENTITY_NAT 4
+#define NAT_STATIC_MAPPING_FLAG_LB 8
+#define NAT_STATIC_MAPPING_FLAG_EXACT_ADDRESS 16
+
+/* *INDENT-OFF* */
+typedef CLIB_PACKED(struct
+{
+ // number of sessions in this vrf
+ u32 ses_count;
+
+ u32 rx_fib_index;
+ u32 tx_fib_index;
+
+ // is this vrf expired
+ u8 expired;
+}) per_vrf_sessions_t;
+/* *INDENT-ON* */
/* *INDENT-OFF* */
typedef CLIB_PACKED(struct
/* user index */
u32 user_index;
+
+ /* per vrf sessions index */
+ u32 per_vrf_sessions_index;
+
}) snat_session_t;
/* *INDENT-ON* */
-
typedef struct
{
ip4_address_t addr;
/* *INDENT-ON* */
} snat_address_t;
+typedef struct
+{
+ u32 fib_index;
+ u32 ref_count;
+} nat_fib_t;
+
typedef struct
{
u32 fib_index;
typedef struct
{
+ /* prefered pool address */
+ ip4_address_t pool_addr;
/* local IP address */
ip4_address_t local_addr;
/* external IP address */
typedef struct
{
ip4_address_t l_addr;
+ ip4_address_t pool_addr;
u16 l_port;
u16 e_port;
u32 sw_if_index;
int is_add;
int out2in_only;
int identity_nat;
+ int exact;
u8 *tag;
} snat_static_map_resolve_t;
/* real thread index */
u32 thread_index;
+ per_vrf_sessions_t *per_vrf_sessions_vec;
+
} snat_main_per_thread_data_t;
struct snat_main_s;
u16 start_port;
u16 end_port;
+ /* vector of fibs */
+ nat_fib_t *fibs;
+
/* vector of outside fibs */
nat_outside_fib_t *outside_fibs;
u8 out2in_dpo;
u8 endpoint_dependent;
+ /* Is translation memory size calculated or user defined */
+ u8 translation_memory_size_set;
+
u32 translation_buckets;
uword translation_memory_size;
u32 max_translations_per_thread;
*/
#define is_affinity_sessions(s) (s->flags & SNAT_SESSION_FLAG_AFFINITY)
+/** \brief Check if exact pool address should be used.
+ @param s SNAT session
+ @return 1 if exact pool address or 0
+*/
+#define is_exact_address_session(s) (s->flags & SNAT_SESSION_FLAG_EXACT_ADDRESS)
+
/** \brief Check if NAT interface is inside.
@param i NAT interface
@return 1 if inside interface
*/
#define is_lb_static_mapping(sm) (sm->flags & NAT_STATIC_MAPPING_FLAG_LB)
+/** \brief Check if exact pool address should be used.
+ @param s SNAT session
+ @return 1 if exact pool address or 0
+*/
+#define is_exact_address(s) (s->flags & NAT_STATIC_MAPPING_FLAG_EXACT_ADDRESS)
+
/** \brief Check if client initiating TCP connection (received SYN from client)
@param t TCP header
@return 1 if client initiating TCP connection
* @param out2in_only if 1 rule match only out2in direction
* @param tag opaque string tag
* @param identity_nat identity NAT
+ * @param pool_addr pool IPv4 address
+ * @param exact 1 = exact pool address
*
* @return 0 on success, non-zero value otherwise
*/
int addr_only, u32 sw_if_index,
nat_protocol_t proto, int is_add,
twice_nat_type_t twice_nat, u8 out2in_only,
- u8 * tag, u8 identity_nat);
+ u8 * tag, u8 identity_nat,
+ ip4_address_t pool_addr, int exact);
/**
* @brief Add/delete static mapping with load-balancing (multiple backends)
*/
int nat44_set_session_limit (u32 session_limit, u32 vrf_id);
+/**
+ * @brief Update NAT44 session limit flushing all data (session limit, vrf id)
+ *
+ * @param session_limit Session limit
+ * @param vrf_id VRF id
+ * @return 0 on success, non-zero value otherwise
+ */
+int nat44_update_session_limit (u32 session_limit, u32 vrf_id);
/**
* @brief Free NAT44 ED session data (lookup keys, external address port)
*
u16 port_per_thread,
u32 snat_thread_index);
+void expire_per_vrf_sessions (u32 fib_index);
+
/**
* @brief Match NAT44 static mapping.
*
- * @param key address and port to match
- * @param addr external/local address of the matched mapping
- * @param port port of the matched mapping
- * @param fib_index fib index of the matched mapping
- * @param by_external if 0 match by local address otherwise match by external
- * address
- * @param is_addr_only 1 if matched mapping is address only
- * @param twice_nat matched mapping is twice NAT type
- * @param lb 1 if matched mapping is load-balanced
- * @param ext_host_addr external host address
+ * @param key address and port to match
+ * @param addr external/local address of the matched mapping
+ * @param port port of the matched mapping
+ * @param fib_index fib index of the matched mapping
+ * @param by_external if 0 match by local address otherwise match by external
+ * address
+ * @param is_addr_only 1 if matched mapping is address only
+ * @param twice_nat matched mapping is twice NAT type
+ * @param lb 1 if matched mapping is load-balanced
+ * @param ext_host_addr external host address
+ * @param is_identity_nat 1 if indentity mapping
+ * @param out if !=0 set to pointer of the mapping structure
*
* @returns 0 if match found otherwise 1.
*/
twice_nat_type_t * twice_nat,
lb_nat_type_t * lb,
ip4_address_t * ext_host_addr,
- u8 * is_identity_nat);
+ u8 * is_identity_nat,
+ snat_static_mapping_t ** out);
/**
* @brief Add/del NAT address to FIB.
Code Review / vpp.git / blobdiff