typedef struct
{
- /* nat44 plugin features */
- u8 static_mapping_only;
- u8 connection_tracking;
-
u32 inside_vrf;
u32 outside_vrf;
#undef _
} nat_addr_and_port_alloc_alg_t;
-/* Session state */
-#define foreach_snat_session_state \
- _(0, UNKNOWN, "unknown") \
- _(1, UDP_ACTIVE, "udp-active") \
- _(2, TCP_SYN_SENT, "tcp-syn-sent") \
- _(3, TCP_ESTABLISHED, "tcp-established") \
- _(4, TCP_FIN_WAIT, "tcp-fin-wait") \
- _(5, TCP_CLOSE_WAIT, "tcp-close-wait") \
- _(6, TCP_CLOSING, "tcp-closing") \
- _(7, TCP_LAST_ACK, "tcp-last-ack") \
- _(8, TCP_CLOSED, "tcp-closed") \
- _(9, ICMP_ACTIVE, "icmp-active")
-
-typedef enum
-{
-#define _(v, N, s) SNAT_SESSION_##N = v,
- foreach_snat_session_state
-#undef _
-} snat_session_state_t;
-
#define foreach_nat_in2out_ed_error \
_ (UNSUPPORTED_PROTOCOL, "unsupported protocol") \
_ (OUT_OF_PORTS, "out of ports") \
_ (BAD_ICMP_TYPE, "unsupported ICMP type") \
_ (MAX_SESSIONS_EXCEEDED, "maximum sessions exceeded") \
_ (NON_SYN, "non-SYN packet try to create session") \
- _ (TCP_CLOSED, "drops due to TCP in transitory timeout") \
_ (TRNSL_FAILED, "couldn't translate packet")
typedef enum
NAT_OUT2IN_ED_N_ERROR,
} nat_out2in_ed_error_t;
+typedef enum
+{
+ NAT44_ED_TCP_FLAG_NONE = 0,
+ NAT44_ED_TCP_FLAG_FIN,
+ NAT44_ED_TCP_FLAG_SYN,
+ NAT44_ED_TCP_FLAG_SYNFIN,
+ NAT44_ED_TCP_FLAG_RST,
+ NAT44_ED_TCP_FLAG_FINRST,
+ NAT44_ED_TCP_FLAG_SYNRST,
+ NAT44_ED_TCP_FLAG_SYNFINRST,
+ NAT44_ED_TCP_N_FLAG,
+} nat44_ed_tcp_flag_e;
+
+typedef enum
+{
+ NAT44_ED_DIR_I2O = 0,
+ NAT44_ED_DIR_O2I,
+ NAT44_ED_N_DIR,
+} nat44_ed_dir_e;
/* Endpoint dependent TCP session state */
-#define NAT44_SES_I2O_FIN 1
-#define NAT44_SES_O2I_FIN 2
-#define NAT44_SES_I2O_FIN_ACK 4
-#define NAT44_SES_O2I_FIN_ACK 8
-#define NAT44_SES_I2O_SYN 16
-#define NAT44_SES_O2I_SYN 32
-#define NAT44_SES_RST 64
+typedef enum
+{
+ NAT44_ED_TCP_STATE_CLOSED = 0,
+ NAT44_ED_TCP_STATE_SYN_I2O,
+ NAT44_ED_TCP_STATE_SYN_O2I,
+ NAT44_ED_TCP_STATE_ESTABLISHED,
+ NAT44_ED_TCP_STATE_FIN_I2O,
+ NAT44_ED_TCP_STATE_FIN_O2I,
+ NAT44_ED_TCP_STATE_RST_TRANS,
+ NAT44_ED_TCP_STATE_FIN_TRANS,
+ NAT44_ED_TCP_STATE_FIN_REOPEN_SYN_I2O,
+ NAT44_ED_TCP_STATE_FIN_REOPEN_SYN_O2I,
+ NAT44_ED_TCP_N_STATE,
+} nat44_ed_tcp_state_e;
+
+format_function_t format_nat44_ed_tcp_state;
/* Session flags */
#define SNAT_SESSION_FLAG_STATIC_MAPPING (1 << 0)
u16 ext_host_nat_port;
/* TCP session state */
- u8 state;
- u32 i2o_fin_seq;
- u32 o2i_fin_seq;
- u64 tcp_closed_timestamp;
+ nat44_ed_tcp_state_e tcp_state;
/* per vrf sessions index */
u32 per_vrf_sessions_index;
typedef struct
{
ip4_address_t addr;
+ ip4_address_t net;
+ u32 sw_if_index;
u32 fib_index;
+ u32 addr_len;
} snat_address_t;
typedef struct
typedef struct
{
+ u8 is_resolved;
ip4_address_t l_addr;
ip4_address_t pool_addr;
u16 l_port;
u32 vrf_id;
ip_protocol_t proto;
u32 flags;
- int addr_only;
- int twice_nat;
- int out2in_only;
- int identity_nat;
- int exact;
u8 *tag;
-} snat_static_map_resolve_t;
+} snat_static_mapping_resolve_t;
+
+typedef struct
+{
+ u8 is_resolved;
+ u8 is_twice_nat;
+ u32 sw_if_index;
+} snat_address_resolve_t;
+
+typedef struct
+{
+ u32 count;
+ u32 sw_if_index;
+ ip4_address_t addr;
+} snat_fib_entry_reg_t;
typedef struct
{
/* Vector of twice NAT addresses for external hosts */
snat_address_t *twice_nat_addresses;
- /* sw_if_indices whose intfc addresses should be auto-added */
- u32 *auto_add_sw_if_indices;
- u32 *auto_add_sw_if_indices_twice_nat;
+ /* first interface address should be auto-added */
+ snat_address_resolve_t *addr_to_resolve;
/* Address and port allocation function */
nat_alloc_out_addr_and_port_function_t *alloc_addr_and_port;
/* vector of outside fibs */
nat_outside_fib_t *outside_fibs;
+ /* vector of fib entries */
+ snat_fib_entry_reg_t *fib_entry_reg;
+
/* vector of interface address static mappings to resolve. */
- snat_static_map_resolve_t *to_resolve;
+ snat_static_mapping_resolve_t *sm_to_resolve;
/* Randomize port allocation order */
u32 random_seed;
/* If forwarding is enabled */
u8 forwarding_enabled;
- /* static mapping config */
- u8 static_mapping_only;
- u8 static_mapping_connection_tracking;
-
/* Is translation memory size calculated or user defined */
u8 translation_memory_size_set;
fib_source_t fib_src_hi;
fib_source_t fib_src_low;
- /* pat - dynamic mapping enabled or conneciton tracking */
- u8 pat;
-
/* number of worker handoff frame queue elements */
u32 frame_queue_nelts;
vnet_main_t *vnet_main;
+ /* TCP session state machine table:
+ * first dimension is possible states
+ * second dimension is direction (in2out/out2in)
+ * third dimension is TCP flag (SYN, RST, FIN)
+ *
+ * value is next state to change to
+ */
+ nat44_ed_tcp_state_e tcp_state_change_table[NAT44_ED_TCP_N_STATE]
+ [NAT44_ED_N_DIR]
+ [NAT44_ED_TCP_N_FLAG];
} snat_main_t;
typedef struct
return i->flags & NAT_INTERFACE_FLAG_IS_OUTSIDE;
}
-/** \brief Check if NAT44 endpoint-dependent TCP session is closed.
- @param s NAT session
- @return true if session is closed
-*/
-always_inline bool
-nat44_is_ses_closed (snat_session_t *s)
-{
- return s->state == 0xf;
-}
-
/** \brief Check if client initiating TCP connection (received SYN from client)
@param t TCP header
@return true if client initiating TCP connection
int nat44_ed_del_output_interface (u32 sw_if_index);
int nat44_ed_add_address (ip4_address_t *addr, u32 vrf_id, u8 twice_nat);
-int nat44_ed_del_address (ip4_address_t addr, u8 delete_sm, u8 twice_nat);
+int nat44_ed_del_address (ip4_address_t addr, u8 twice_nat);
int nat44_ed_add_interface_address (u32 sw_if_index, u8 twice_nat);
int nat44_ed_del_interface_address (u32 sw_if_index, u8 twice_nat);
Code Review / vpp.git / blobdiff