#include <nat/nat44-ed/nat44_ed_inlines.h>
#include <nat/nat44-ed/nat44_ed_affinity.h>
+#define NAT44_ED_EXPECTED_ARGUMENT "expected required argument(s)"
+
static clib_error_t *
-nat44_enable_command_fn (vlib_main_t * vm,
- unformat_input_t * input, vlib_cli_command_t * cmd)
+nat44_ed_enable_disable_command_fn (vlib_main_t *vm, unformat_input_t *input,
+ vlib_cli_command_t *cmd)
{
snat_main_t *sm = &snat_main;
unformat_input_t _line_input, *line_input = &_line_input;
clib_error_t *error = 0;
nat44_config_t c = { 0 };
- u8 mode_set = 0;
+ u8 enable_set = 0, enable = 0, mode_set = 0;
- if (sm->enabled)
- return clib_error_return (0, "nat44 already enabled");
-
- /* Get a line of input. */
if (!unformat_user (input, unformat_line_input, line_input))
- {
- if (nat44_plugin_enable (c) != 0)
- return clib_error_return (0, "nat44 enable failed");
- return 0;
- }
+ return clib_error_return (0, NAT44_ED_EXPECTED_ARGUMENT);
while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
{
else if (unformat (line_input, "inside-vrf %u", &c.inside_vrf));
else if (unformat (line_input, "outside-vrf %u", &c.outside_vrf));
else if (unformat (line_input, "sessions %u", &c.sessions));
+ else if (!enable_set)
+ {
+ enable_set = 1;
+ if (unformat (line_input, "disable"))
+ ;
+ else if (unformat (line_input, "enable"))
+ enable = 1;
+ }
else
{
error = clib_error_return (0, "unknown input '%U'",
}
}
- if (!c.sessions)
+ if (!enable_set)
{
- error = clib_error_return (0, "number of sessions is required");
+ error = clib_error_return (0, "expected enable | disable");
goto done;
}
- if (nat44_plugin_enable (c) != 0)
- error = clib_error_return (0, "nat44 enable failed");
-done:
- unformat_free (line_input);
- return error;
-}
-
-static clib_error_t *
-nat44_disable_command_fn (vlib_main_t * vm,
- unformat_input_t * input, vlib_cli_command_t * cmd)
-{
- snat_main_t *sm = &snat_main;
- clib_error_t *error = 0;
+ if (enable)
+ {
+ if (sm->enabled)
+ {
+ error = clib_error_return (0, "already enabled");
+ goto done;
+ }
- if (!sm->enabled)
- return clib_error_return (0, "nat44 already disabled");
+ if (nat44_plugin_enable (c) != 0)
+ error = clib_error_return (0, "enable failed");
+ }
+ else
+ {
+ if (!sm->enabled)
+ {
+ error = clib_error_return (0, "already disabled");
+ goto done;
+ }
- if (nat44_plugin_disable () != 0)
- error = clib_error_return (0, "nat44 disable failed");
+ if (nat44_plugin_disable () != 0)
+ error = clib_error_return (0, "disable failed");
+ }
+done:
+ unformat_free (line_input);
return error;
}
/* Get a line of input. */
if (!unformat_user (input, unformat_line_input, line_input))
- return 0;
+ return clib_error_return (0, NAT44_ED_EXPECTED_ARGUMENT);
while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
{
}
static clib_error_t *
-nat_show_workers_commnad_fn (vlib_main_t * vm, unformat_input_t * input,
- vlib_cli_command_t * cmd)
+nat_show_workers_command_fn (vlib_main_t *vm, unformat_input_t *input,
+ vlib_cli_command_t *cmd)
{
snat_main_t *sm = &snat_main;
u32 *worker;
/* Get a line of input. */
if (!unformat_user (input, unformat_line_input, line_input))
- return 0;
+ return clib_error_return (0, NAT44_ED_EXPECTED_ARGUMENT);
if (!unformat (line_input, "%d", &log_level))
{
vlib_cli_command_t * cmd)
{
unformat_input_t _line_input, *line_input = &_line_input;
- u32 domain_id = 0;
- u32 src_port = 0;
- u8 enable = 1;
- int rv = 0;
clib_error_t *error = 0;
- /* Get a line of input. */
+ u32 domain_id = 0, src_port = 0;
+ u8 enable_set = 0, enable = 0;
+
if (!unformat_user (input, unformat_line_input, line_input))
- {
- rv = nat_ipfix_logging_enable_disable (enable, domain_id,
- (u16) src_port);
- if (rv)
- return clib_error_return (0, "ipfix logging enable failed");
- return 0;
- }
+ return clib_error_return (0, NAT44_ED_EXPECTED_ARGUMENT);
while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
{
;
else if (unformat (line_input, "src-port %d", &src_port))
;
- else if (unformat (line_input, "disable"))
- enable = 0;
+ else if (!enable_set)
+ {
+ enable_set = 1;
+ if (unformat (line_input, "disable"))
+ ;
+ else if (unformat (line_input, "enable"))
+ enable = 1;
+ }
else
{
error = clib_error_return (0, "unknown input '%U'",
}
}
- rv = nat_ipfix_logging_enable_disable (enable, domain_id, (u16) src_port);
+ if (!enable_set)
+ {
+ error = clib_error_return (0, "expected enable | disable");
+ goto done;
+ }
- if (rv)
+ if (nat_ipfix_logging_enable_disable (enable, domain_id, (u16) src_port))
{
error = clib_error_return (0, "ipfix logging enable failed");
goto done;
else if (unformat (input, "verbose"))
verbose = 2;
- vlib_cli_output (vm, "%U", format_bihash_8_8, &sm->static_mapping_by_local,
- verbose);
- vlib_cli_output (vm, "%U",
- format_bihash_8_8, &sm->static_mapping_by_external,
- verbose);
- vlib_cli_output (vm, "%U", format_bihash_16_8, &sm->flow_hash, verbose);
+ vlib_cli_output (vm, "%U", format_bihash_16_8, &sm->flow_hash, verbose);
vec_foreach_index (i, sm->per_thread_data)
{
vlib_cli_output (vm, "-------- thread %d %s --------\n",
vlib_cli_output (vm, "%U", format_bihash_16_8, &sm->flow_hash, verbose);
}
- vlib_cli_output (vm, "%U", format_bihash_16_8, &nam->affinity_hash,
- verbose);
+ vlib_cli_output (vm, "%U", format_bihash_16_8, &nam->affinity_hash, verbose);
vlib_cli_output (vm, "-------- hash table parameters --------\n");
vlib_cli_output (vm, "translation buckets: %u", sm->translation_buckets);
/* Get a line of input. */
if (!unformat_user (input, unformat_line_input, line_input))
- return 0;
+ return clib_error_return (0, NAT44_ED_EXPECTED_ARGUMENT);
while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
{
/* Get a line of input. */
if (!unformat_user (input, unformat_line_input, line_input))
- return 0;
+ return clib_error_return (0, NAT44_ED_EXPECTED_ARGUMENT);
while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
{
for (i = 0; i < count; i++)
{
if (is_add)
- rv = snat_add_address (sm, &this_addr, vrf_id, twice_nat);
+ {
+ rv = nat44_ed_add_address (&this_addr, vrf_id, twice_nat);
+ }
else
- rv = snat_del_address (sm, this_addr, 0, twice_nat);
+ {
+ rv = nat44_ed_del_address (this_addr, 0, twice_nat);
+ }
switch (rv)
{
snat_session_t *s;
u32 oldest_index;
-#define _(n, d) \
- oldest_index = \
- clib_dlist_remove_head (tsm->lru_pool, tsm->n##_lru_head_index); \
- if (~0 != oldest_index) \
- { \
- oldest_elt = pool_elt_at_index (tsm->lru_pool, oldest_index); \
- s = pool_elt_at_index (tsm->sessions, oldest_elt->value); \
- sess_timeout_time = \
- s->last_heard + (f64)nat44_session_get_timeout (sm, s); \
- vlib_cli_output (vm, d " LRU min session timeout %llu (now %llu)", \
- sess_timeout_time, now); \
- clib_dlist_addhead (tsm->lru_pool, tsm->n##_lru_head_index, \
- oldest_index); \
- }
- _(tcp_estab, "established tcp");
- _(tcp_trans, "transitory tcp");
- _(udp, "udp");
- _(unk_proto, "unknown protocol");
- _(icmp, "icmp");
+ if (tsm->lru_pool)
+ {
+#define _(n, d) \
+ oldest_index = \
+ clib_dlist_remove_head (tsm->lru_pool, tsm->n##_lru_head_index); \
+ if (~0 != oldest_index) \
+ { \
+ oldest_elt = pool_elt_at_index (tsm->lru_pool, oldest_index); \
+ s = pool_elt_at_index (tsm->sessions, oldest_elt->value); \
+ sess_timeout_time = \
+ s->last_heard + (f64) nat44_session_get_timeout (sm, s); \
+ vlib_cli_output (vm, d " LRU min session timeout %llu (now %llu)", \
+ sess_timeout_time, now); \
+ clib_dlist_addhead (tsm->lru_pool, tsm->n##_lru_head_index, \
+ oldest_index); \
+ }
+ _ (tcp_estab, "established tcp");
+ _ (tcp_trans, "transitory tcp");
+ _ (udp, "udp");
+ _ (unk_proto, "unknown protocol");
+ _ (icmp, "icmp");
#undef _
+ }
}
static clib_error_t *
u32 udp_sessions = 0;
u32 tcp_sessions = 0;
u32 icmp_sessions = 0;
+ u32 other_sessions = 0;
u32 timed_out = 0;
u32 transitory = 0;
if (now >= sess_timeout_time)
timed_out++;
- switch (s->nat_proto)
- {
- case NAT_PROTOCOL_ICMP:
- icmp_sessions++;
- break;
- case NAT_PROTOCOL_TCP:
- tcp_sessions++;
- if (s->state)
- {
- if (s->tcp_closed_timestamp)
- {
- if (now >= s->tcp_closed_timestamp)
- {
- ++transitory_closed;
- }
- else
- {
- ++transitory_wait_closed;
- }
- }
- transitory++;
- }
- else
- established++;
- break;
- case NAT_PROTOCOL_UDP:
- default:
- udp_sessions++;
- break;
- }
- }
- nat44_show_lru_summary (vm, tsm, now, sess_timeout_time);
- count += pool_elts (tsm->sessions);
- }
+ switch (s->proto)
+ {
+ case IP_PROTOCOL_ICMP:
+ icmp_sessions++;
+ break;
+ case IP_PROTOCOL_TCP:
+ tcp_sessions++;
+ if (s->state)
+ {
+ if (s->tcp_closed_timestamp)
+ {
+ if (now >= s->tcp_closed_timestamp)
+ {
+ ++transitory_closed;
+ }
+ else
+ {
+ ++transitory_wait_closed;
+ }
+ }
+ transitory++;
+ }
+ else
+ established++;
+ break;
+ case IP_PROTOCOL_UDP:
+ udp_sessions++;
+ break;
+ default:
+ ++other_sessions;
+ break;
+ }
+ }
+ nat44_show_lru_summary (vm, tsm, now, sess_timeout_time);
+ count += pool_elts (tsm->sessions);
+ }
}
else
{
if (now >= sess_timeout_time)
timed_out++;
- switch (s->nat_proto)
- {
- case NAT_PROTOCOL_ICMP:
- icmp_sessions++;
- break;
- case NAT_PROTOCOL_TCP:
- tcp_sessions++;
- if (s->state)
- {
- if (s->tcp_closed_timestamp)
- {
- if (now >= s->tcp_closed_timestamp)
- {
- ++transitory_closed;
- }
- else
- {
- ++transitory_wait_closed;
- }
- }
- transitory++;
- }
- else
- established++;
- break;
- case NAT_PROTOCOL_UDP:
- default:
- udp_sessions++;
- break;
- }
+ switch (s->proto)
+ {
+ case IP_PROTOCOL_ICMP:
+ icmp_sessions++;
+ break;
+ case IP_PROTOCOL_TCP:
+ tcp_sessions++;
+ if (s->state)
+ {
+ if (s->tcp_closed_timestamp)
+ {
+ if (now >= s->tcp_closed_timestamp)
+ {
+ ++transitory_closed;
+ }
+ else
+ {
+ ++transitory_wait_closed;
+ }
+ }
+ transitory++;
+ }
+ else
+ established++;
+ break;
+ case IP_PROTOCOL_UDP:
+ udp_sessions++;
+ break;
+ default:
+ ++other_sessions;
+ break;
+ }
}
nat44_show_lru_summary (vm, tsm, now, sess_timeout_time);
count = pool_elts (tsm->sessions);
transitory_closed);
vlib_cli_output (vm, "total udp sessions: %u", udp_sessions);
vlib_cli_output (vm, "total icmp sessions: %u", icmp_sessions);
+ vlib_cli_output (vm, "total other sessions: %u", other_sessions);
return 0;
}
fib_table_get(ap->fib_index, FIB_PROTOCOL_IP4)->ft_table_id);
else
vlib_cli_output (vm, " tenant VRF independent");
- #define _(N, i, n, s) \
- vlib_cli_output (vm, " %d busy %s ports", ap->busy_##n##_ports, s);
- foreach_nat_protocol
- #undef _
}
vlib_cli_output (vm, "NAT44 twice-nat pool addresses:");
vec_foreach (ap, sm->twice_nat_addresses)
fib_table_get(ap->fib_index, FIB_PROTOCOL_IP4)->ft_table_id);
else
vlib_cli_output (vm, " tenant VRF independent");
- #define _(N, i, n, s) \
- vlib_cli_output (vm, " %d busy %s ports", ap->busy_##n##_ports, s);
- foreach_nat_protocol
- #undef _
}
return 0;
}
u32 *inside_sw_if_indices = 0;
u32 *outside_sw_if_indices = 0;
u8 is_output_feature = 0;
- int is_del = 0;
- int i;
+ int i, rv, is_del = 0;
sw_if_index = ~0;
/* Get a line of input. */
if (!unformat_user (input, unformat_line_input, line_input))
- return 0;
+ return clib_error_return (0, NAT44_ED_EXPECTED_ARGUMENT);
while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
{
sw_if_index = inside_sw_if_indices[i];
if (is_output_feature)
{
- if (snat_interface_add_del_output_feature
- (sw_if_index, 1, is_del))
+ if (is_del)
+ {
+ rv = nat44_ed_del_output_interface (sw_if_index);
+ }
+ else
+ {
+ rv = nat44_ed_add_output_interface (sw_if_index);
+ }
+ if (rv)
{
error = clib_error_return (0, "%s %U failed",
is_del ? "del" : "add",
}
else
{
- if (snat_interface_add_del (sw_if_index, 1, is_del))
+ if (is_del)
+ {
+ rv = nat44_ed_del_interface (sw_if_index, 1);
+ }
+ else
+ {
+ rv = nat44_ed_add_interface (sw_if_index, 1);
+ }
+ if (rv)
{
error = clib_error_return (0, "%s %U failed",
is_del ? "del" : "add",
sw_if_index = outside_sw_if_indices[i];
if (is_output_feature)
{
- if (snat_interface_add_del_output_feature
- (sw_if_index, 0, is_del))
+ if (is_del)
+ {
+ rv = nat44_ed_del_output_interface (sw_if_index);
+ }
+ else
+ {
+ rv = nat44_ed_add_output_interface (sw_if_index);
+ }
+ if (rv)
{
error = clib_error_return (0, "%s %U failed",
is_del ? "del" : "add",
}
else
{
- if (snat_interface_add_del (sw_if_index, 0, is_del))
+ if (is_del)
+ {
+ rv = nat44_ed_del_interface (sw_if_index, 0);
+ }
+ else
+ {
+ rv = nat44_ed_add_interface (sw_if_index, 0);
+ }
+ if (rv)
{
error = clib_error_return (0, "%s %U failed",
is_del ? "del" : "add",
vlib_cli_output (vm, "NAT44 interfaces:");
pool_foreach (i, sm->interfaces)
{
- vlib_cli_output (vm, " %U %s", format_vnet_sw_if_index_name, vnm,
- i->sw_if_index,
- (nat_interface_is_inside(i) &&
- nat_interface_is_outside(i)) ? "in out" :
- (nat_interface_is_inside(i) ? "in" : "out"));
+ vlib_cli_output (vm, " %U %s", format_vnet_sw_if_index_name, vnm,
+ i->sw_if_index,
+ (nat44_ed_is_interface_inside (i) &&
+ nat44_ed_is_interface_outside (i)) ?
+ "in out" :
+ (nat44_ed_is_interface_inside (i) ? "in" : "out"));
}
pool_foreach (i, sm->output_feature_interfaces)
{
- vlib_cli_output (vm, " %U output-feature %s",
- format_vnet_sw_if_index_name, vnm,
- i->sw_if_index,
- (nat_interface_is_inside(i) &&
- nat_interface_is_outside(i)) ? "in out" :
- (nat_interface_is_inside(i) ? "in" : "out"));
+ vlib_cli_output (vm, " %U output-feature %s",
+ format_vnet_sw_if_index_name, vnm, i->sw_if_index,
+ (nat44_ed_is_interface_inside (i) &&
+ nat44_ed_is_interface_outside (i)) ?
+ "in out" :
+ (nat44_ed_is_interface_inside (i) ? "in" : "out"));
}
return 0;
vlib_cli_command_t * cmd)
{
unformat_input_t _line_input, *line_input = &_line_input;
+ vnet_main_t *vnm = vnet_get_main ();
clib_error_t *error = 0;
- ip4_address_t l_addr, e_addr, exact_addr;
+ ip4_address_t l_addr, e_addr, pool_addr;
u32 l_port = 0, e_port = 0, vrf_id = ~0;
- int is_add = 1, addr_only = 1, rv, exact = 0;
+ u8 l_port_set = 0, e_port_set = 0;
+ int is_add = 1, rv;
+ u32 flags = 0;
u32 sw_if_index = ~0;
- vnet_main_t *vnm = vnet_get_main ();
- nat_protocol_t proto = NAT_PROTOCOL_OTHER;
- u8 proto_set = 0;
- twice_nat_type_t twice_nat = TWICE_NAT_DISABLED;
- u8 out2in_only = 0;
+ ip_protocol_t proto = 0;
- /* Get a line of input. */
if (!unformat_user (input, unformat_line_input, line_input))
- return 0;
+ return clib_error_return (0, NAT44_ED_EXPECTED_ARGUMENT);
while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
{
if (unformat (line_input, "local %U %u", unformat_ip4_address, &l_addr,
&l_port))
- addr_only = 0;
+ {
+ l_port_set = 1;
+ }
else
if (unformat (line_input, "local %U", unformat_ip4_address, &l_addr))
;
else if (unformat (line_input, "external %U %u", unformat_ip4_address,
&e_addr, &e_port))
- addr_only = 0;
+ {
+ e_port_set = 1;
+ }
else if (unformat (line_input, "external %U", unformat_ip4_address,
&e_addr))
;
else if (unformat (line_input, "external %U %u",
unformat_vnet_sw_interface, vnm, &sw_if_index,
&e_port))
- addr_only = 0;
+ {
+ flags |= NAT_SM_FLAG_SWITCH_ADDRESS;
+ e_port_set = 1;
+ }
else if (unformat (line_input, "external %U",
unformat_vnet_sw_interface, vnm, &sw_if_index))
- ;
+ {
+ flags |= NAT_SM_FLAG_SWITCH_ADDRESS;
+ }
else if (unformat (line_input, "exact %U", unformat_ip4_address,
- &exact_addr))
- exact = 1;
+ &pool_addr))
+ {
+ flags |= NAT_SM_FLAG_EXACT_ADDRESS;
+ }
else if (unformat (line_input, "vrf %u", &vrf_id))
;
- else if (unformat (line_input, "%U", unformat_nat_protocol, &proto))
- proto_set = 1;
- else if (unformat (line_input, "twice-nat"))
- twice_nat = TWICE_NAT;
+ else if (unformat (line_input, "%U", unformat_ip_protocol, &proto))
+ ;
else if (unformat (line_input, "self-twice-nat"))
- twice_nat = TWICE_NAT_SELF;
+ {
+ flags |= NAT_SM_FLAG_SELF_TWICE_NAT;
+ }
+ else if (unformat (line_input, "twice-nat"))
+ {
+ flags |= NAT_SM_FLAG_TWICE_NAT;
+ }
else if (unformat (line_input, "out2in-only"))
- out2in_only = 1;
+ {
+ flags |= NAT_SM_FLAG_OUT2IN_ONLY;
+ }
else if (unformat (line_input, "del"))
- is_add = 0;
+ {
+ is_add = 0;
+ }
else
{
error = clib_error_return (0, "unknown input: '%U'",
}
}
- if (twice_nat && addr_only)
+ if (l_port_set != e_port_set)
{
- error = clib_error_return (0, "twice NAT only for 1:1 NAPT");
+ error = clib_error_return (0, "Either both ports are set or none.");
goto done;
}
- if (addr_only)
+ if (!l_port_set)
{
- if (proto_set)
- {
- error =
- clib_error_return (0,
- "address only mapping doesn't support protocol");
- goto done;
- }
+ flags |= NAT_SM_FLAG_ADDR_ONLY;
}
- else if (!proto_set)
+ else
{
- error = clib_error_return (0, "protocol is required");
- goto done;
+ l_port = clib_host_to_net_u16 (l_port);
+ e_port = clib_host_to_net_u16 (e_port);
}
- rv = snat_add_static_mapping (
- l_addr, e_addr, clib_host_to_net_u16 (l_port),
- clib_host_to_net_u16 (e_port), vrf_id, addr_only, sw_if_index, proto,
- is_add, twice_nat, out2in_only, 0, 0, exact_addr, exact);
+ // TODO: specific pool_addr for both pool & twice nat pool ?
+
+ if (is_add)
+ {
+ rv =
+ nat44_ed_add_static_mapping (l_addr, e_addr, l_port, e_port, proto,
+ vrf_id, sw_if_index, flags, pool_addr, 0);
+ }
+ else
+ {
+ rv = nat44_ed_del_static_mapping (l_addr, e_addr, l_port, e_port, proto,
+ vrf_id, sw_if_index, flags);
+ }
+
+ // TODO: fix returns
switch (rv)
{
return error;
}
+// TODO: either delete this bullshit or update it
static clib_error_t *
add_identity_mapping_command_fn (vlib_main_t * vm,
unformat_input_t * input,
vlib_cli_command_t * cmd)
{
unformat_input_t _line_input, *line_input = &_line_input;
- clib_error_t *error = 0;
- ip4_address_t addr, pool_addr = { 0 };
- u32 port = 0, vrf_id = ~0;
- int is_add = 1;
- int addr_only = 1;
- u32 sw_if_index = ~0;
vnet_main_t *vnm = vnet_get_main ();
- int rv;
- nat_protocol_t proto;
+ clib_error_t *error = 0;
- addr.as_u32 = 0;
+ int rv, is_add = 1, port_set = 0;
+ u32 sw_if_index, port, flags, vrf_id = ~0;
+ ip_protocol_t proto;
+ ip4_address_t addr;
+
+ flags = NAT_SM_FLAG_IDENTITY_NAT;
/* Get a line of input. */
if (!unformat_user (input, unformat_line_input, line_input))
- return 0;
+ return clib_error_return (0, NAT44_ED_EXPECTED_ARGUMENT);
while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
{
;
else if (unformat (line_input, "external %U",
unformat_vnet_sw_interface, vnm, &sw_if_index))
- ;
+ {
+ flags |= NAT_SM_FLAG_SWITCH_ADDRESS;
+ }
else if (unformat (line_input, "vrf %u", &vrf_id))
;
- else if (unformat (line_input, "%U %u", unformat_nat_protocol, &proto,
+ else if (unformat (line_input, "%U %u", unformat_ip_protocol, &proto,
&port))
- addr_only = 0;
+ {
+ port_set = 1;
+ }
else if (unformat (line_input, "del"))
- is_add = 0;
+ {
+ is_add = 0;
+ }
else
{
error = clib_error_return (0, "unknown input: '%U'",
}
}
- rv = snat_add_static_mapping (
- addr, addr, clib_host_to_net_u16 (port), clib_host_to_net_u16 (port),
- vrf_id, addr_only, sw_if_index, proto, is_add, 0, 0, 0, 1, pool_addr, 0);
+ if (!port_set)
+ {
+ flags |= NAT_SM_FLAG_ADDR_ONLY;
+ }
+ else
+ {
+ port = clib_host_to_net_u16 (port);
+ }
+
+ if (is_add)
+ {
+
+ rv = nat44_ed_add_static_mapping (addr, addr, port, port, proto, vrf_id,
+ sw_if_index, flags, addr, 0);
+ }
+ else
+ {
+ rv = nat44_ed_del_static_mapping (addr, addr, port, port, proto, vrf_id,
+ sw_if_index, flags);
+ }
+
+ // TODO: fix returns
switch (rv)
{
clib_error_t *error = 0;
ip4_address_t l_addr, e_addr;
u32 l_port = 0, e_port = 0, vrf_id = 0, probability = 0, affinity = 0;
- int is_add = 1;
- int rv;
- nat_protocol_t proto;
u8 proto_set = 0;
+ ip_protocol_t proto;
nat44_lb_addr_port_t *locals = 0, local;
- twice_nat_type_t twice_nat = TWICE_NAT_DISABLED;
- u8 out2in_only = 0;
+ int rv, is_add = 1;
+ u32 flags = 0;
/* Get a line of input. */
if (!unformat_user (input, unformat_line_input, line_input))
- return 0;
+ return clib_error_return (0, NAT44_ED_EXPECTED_ARGUMENT);
while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
{
else if (unformat (line_input, "external %U:%u", unformat_ip4_address,
&e_addr, &e_port))
;
- else if (unformat (line_input, "protocol %U", unformat_nat_protocol,
+ else if (unformat (line_input, "protocol %U", unformat_ip_protocol,
&proto))
- proto_set = 1;
+ {
+ proto_set = 1;
+ }
else if (unformat (line_input, "twice-nat"))
- twice_nat = TWICE_NAT;
+ {
+ flags |= NAT_SM_FLAG_TWICE_NAT;
+ }
else if (unformat (line_input, "self-twice-nat"))
- twice_nat = TWICE_NAT_SELF;
+ {
+ flags |= NAT_SM_FLAG_SELF_TWICE_NAT;
+ }
else if (unformat (line_input, "out2in-only"))
- out2in_only = 1;
+ {
+ flags |= NAT_SM_FLAG_OUT2IN_ONLY;
+ }
else if (unformat (line_input, "del"))
- is_add = 0;
+ {
+ is_add = 0;
+ }
else if (unformat (line_input, "affinity %u", &affinity))
;
else
goto done;
}
- rv = nat44_add_del_lb_static_mapping (e_addr, (u16) e_port, proto, locals,
- is_add, twice_nat, out2in_only, 0,
- affinity);
+ if (is_add)
+ {
+ rv = nat44_ed_add_lb_static_mapping (e_addr, (u16) e_port, proto, locals,
+ flags, 0, affinity);
+ }
+ else
+ {
+ rv = nat44_ed_del_lb_static_mapping (e_addr, (u16) e_port, proto, flags);
+ }
switch (rv)
{
u32 l_port = 0, e_port = 0, vrf_id = 0, probability = 0;
int is_add = 1;
int rv;
- nat_protocol_t proto;
+ ip_protocol_t proto;
u8 proto_set = 0;
/* Get a line of input. */
if (!unformat_user (input, unformat_line_input, line_input))
- return 0;
+ return clib_error_return (0, NAT44_ED_EXPECTED_ARGUMENT);
while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
{
else if (unformat (line_input, "external %U:%u", unformat_ip4_address,
&e_addr, &e_port))
;
- else if (unformat (line_input, "protocol %U", unformat_nat_protocol,
+ else if (unformat (line_input, "protocol %U", unformat_ip_protocol,
&proto))
proto_set = 1;
else if (unformat (line_input, "del"))
goto done;
}
- rv =
- nat44_lb_static_mapping_add_del_local (e_addr, (u16) e_port, l_addr,
- l_port, proto, vrf_id, probability,
- is_add);
+ rv = nat44_ed_add_del_lb_static_mapping_local (
+ e_addr, (u16) e_port, l_addr, l_port, proto, vrf_id, probability, is_add);
switch (rv)
{
unformat_input_t * input,
vlib_cli_command_t * cmd)
{
- snat_main_t *sm = &snat_main;
unformat_input_t _line_input, *line_input = &_line_input;
- u32 sw_if_index;
- int rv;
- int is_del = 0;
+ snat_main_t *sm = &snat_main;
clib_error_t *error = 0;
+ int rv, is_del = 0;
u8 twice_nat = 0;
+ u32 sw_if_index;
- /* Get a line of input. */
if (!unformat_user (input, unformat_line_input, line_input))
- return 0;
+ return clib_error_return (0, NAT44_ED_EXPECTED_ARGUMENT);
while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
{
sm->vnet_main, &sw_if_index))
;
else if (unformat (line_input, "twice-nat"))
- twice_nat = 1;
+ {
+ twice_nat = 1;
+ }
else if (unformat (line_input, "del"))
- is_del = 1;
+ {
+ is_del = 1;
+ }
else
{
error = clib_error_return (0, "unknown input '%U'",
}
}
- rv = snat_add_interface_address (sm, sw_if_index, is_del, twice_nat);
-
- switch (rv)
+ if (!is_del)
{
- case 0:
- break;
-
- default:
- error = clib_error_return (0, "snat_add_interface_address returned %d",
- rv);
- goto done;
+ rv = nat44_ed_add_interface_address (sw_if_index, twice_nat);
+ if (rv)
+ {
+ error = clib_error_return (0, "add address returned %d", rv);
+ }
+ }
+ else
+ {
+ rv = nat44_ed_del_interface_address (sw_if_index, twice_nat);
+ if (rv)
+ {
+ error = clib_error_return (0, "del address returned %d", rv);
+ }
}
done:
clib_error_t *error = 0;
snat_main_per_thread_data_t *tsm;
snat_main_t *sm = &snat_main;
-
- int i = 0;
+ ip4_address_t i2o_sa, i2o_da, o2i_sa, o2i_da;
+ u8 filter_i2o_sa = 0, filter_i2o_da = 0;
+ u8 filter_o2i_sa = 0, filter_o2i_da = 0;
+ u16 i2o_sp, i2o_dp, o2i_sp, o2i_dp;
+ u8 filter_i2o_sp = 0, filter_i2o_dp = 0;
+ u8 filter_o2i_sp = 0, filter_o2i_dp = 0;
+ nat_protocol_t proto;
+ u8 filter_proto = 0;
+ u8 had_input = 1, filtering = 0;
+ int i = 0, showed_sessions;
if (!unformat_user (input, unformat_line_input, line_input))
- goto print;
+ {
+ had_input = 0;
+ goto print;
+ }
while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
{
- error = clib_error_return (0, "unknown input '%U'",
- format_unformat_error, line_input);
- break;
+ if (unformat (line_input, "filter i2o saddr %U", unformat_ip4_address,
+ &i2o_sa))
+ filter_i2o_sa = filtering = 1;
+ else if (unformat (line_input, "filter i2o daddr %U",
+ unformat_ip4_address, &i2o_da))
+ filter_i2o_da = filtering = 1;
+ else if (unformat (line_input, "filter o2i saddr %U",
+ unformat_ip4_address, &o2i_sa))
+ filter_o2i_sa = filtering = 1;
+ else if (unformat (line_input, "filter o2i daddr %U",
+ unformat_ip4_address, &o2i_da))
+ filter_o2i_da = filtering = 1;
+ else if (unformat (line_input, "filter i2o sport %u", &i2o_sp))
+ filter_i2o_sp = filtering = 1;
+ else if (unformat (line_input, "filter i2o dport %u", &i2o_dp))
+ filter_i2o_dp = filtering = 1;
+ else if (unformat (line_input, "filter o2i sport %u", &o2i_sp))
+ filter_o2i_sp = filtering = 1;
+ else if (unformat (line_input, "filter o2i dport %u", &o2i_dp))
+ filter_o2i_dp = filtering = 1;
+ else if (unformat (line_input, "filter i2o proto %U",
+ unformat_nat_protocol, &proto))
+ filter_proto = filtering = 1;
+ else if (unformat (line_input, "filter o2i proto %U",
+ unformat_nat_protocol, &proto))
+ filter_proto = filtering = 1;
+ else
+ {
+ error = clib_error_return (0, "unknown input '%U'",
+ format_unformat_error, line_input);
+ goto done;
+ }
}
- unformat_free (line_input);
print:
- vlib_cli_output (vm, "NAT44 ED sessions:");
+ vlib_cli_output (vm, "NAT44 ED sessions:");
vec_foreach_index (i, sm->per_thread_data)
{
i, vlib_worker_threads[i].name,
pool_elts (tsm->sessions));
- snat_session_t *s;
- pool_foreach (s, tsm->sessions)
- {
- vlib_cli_output (vm, " %U\n", format_snat_session, tsm, s);
- }
+ showed_sessions = 0;
+ snat_session_t *s;
+ pool_foreach (s, tsm->sessions)
+ {
+ if (filtering)
+ {
+ if (filter_i2o_sa && i2o_sa.as_u32 != s->i2o.match.saddr.as_u32)
+ continue;
+ if (filter_i2o_da && i2o_da.as_u32 != s->i2o.match.daddr.as_u32)
+ continue;
+ if (filter_o2i_sa && o2i_sa.as_u32 != s->o2i.match.saddr.as_u32)
+ continue;
+ if (filter_o2i_da && o2i_da.as_u32 != s->o2i.match.daddr.as_u32)
+ continue;
+ if (filter_i2o_sp &&
+ i2o_sp != clib_net_to_host_u16 (s->i2o.match.sport))
+ continue;
+ if (filter_i2o_dp &&
+ i2o_dp != clib_net_to_host_u16 (s->i2o.match.dport))
+ continue;
+ if (filter_o2i_sp &&
+ o2i_sp != clib_net_to_host_u16 (s->o2i.match.sport))
+ continue;
+ if (filter_o2i_dp &&
+ o2i_dp != clib_net_to_host_u16 (s->o2i.match.dport))
+ continue;
+ if (filter_proto && proto != s->nat_proto)
+ continue;
+ showed_sessions++;
+ }
+ vlib_cli_output (vm, " %U\n", format_snat_session, tsm, s);
+ }
+ if (filtering)
+ {
+ vlib_cli_output (vm,
+ "Showed: %d, Filtered: %d of total %d "
+ "sessions of thread %d\n\n",
+ showed_sessions,
+ pool_elts (tsm->sessions) - showed_sessions,
+ pool_elts (tsm->sessions), i);
+ }
}
+
+done:
+ if (had_input)
+ unformat_free (line_input);
return error;
}
u32 session_limit = 0, vrf_id = 0;
- /* Get a line of input. */
if (!unformat_user (input, unformat_line_input, line_input))
- return 0;
+ return clib_error_return (0, NAT44_ED_EXPECTED_ARGUMENT);
while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
{
u32 port = 0, eh_port = 0, vrf_id = sm->outside_vrf_id;
clib_error_t *error = 0;
ip4_address_t addr, eh_addr;
- nat_protocol_t proto;
+ ip_protocol_t proto;
int is_in = 0;
int rv;
- /* Get a line of input. */
if (!unformat_user (input, unformat_line_input, line_input))
- return 0;
+ return clib_error_return (0, NAT44_ED_EXPECTED_ARGUMENT);
while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
{
- if (unformat
- (line_input, "%U:%u %U", unformat_ip4_address, &addr, &port,
- unformat_nat_protocol, &proto))
+ if (unformat (line_input, "%U:%u %U", unformat_ip4_address, &addr, &port,
+ unformat_ip_protocol, &proto))
;
else if (unformat (line_input, "in"))
{
}
}
- rv =
- nat44_del_ed_session (sm, &addr, clib_host_to_net_u16 (port), &eh_addr,
- clib_host_to_net_u16 (eh_port),
- nat_proto_to_ip_proto (proto), vrf_id, is_in);
+ rv = nat44_ed_del_session (sm, &addr, clib_host_to_net_u16 (port), &eh_addr,
+ clib_host_to_net_u16 (eh_port), proto, vrf_id,
+ is_in);
switch (rv)
{
{
snat_main_t *sm = &snat_main;
unformat_input_t _line_input, *line_input = &_line_input;
- u8 forwarding_enable;
- u8 forwarding_enable_set = 0;
clib_error_t *error = 0;
- /* Get a line of input. */
+ u8 enable_set = 0, enable = 0;
+
if (!unformat_user (input, unformat_line_input, line_input))
- return clib_error_return (0, "'enable' or 'disable' expected");
+ return clib_error_return (0, NAT44_ED_EXPECTED_ARGUMENT);
while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
{
- if (!forwarding_enable_set && unformat (line_input, "enable"))
+ if (!enable_set)
{
- forwarding_enable = 1;
- forwarding_enable_set = 1;
- }
- else if (!forwarding_enable_set && unformat (line_input, "disable"))
- {
- forwarding_enable = 0;
- forwarding_enable_set = 1;
+ enable_set = 1;
+ if (unformat (line_input, "disable"))
+ ;
+ else if (unformat (line_input, "enable"))
+ enable = 1;
}
else
{
}
}
- if (!forwarding_enable_set)
- {
- error = clib_error_return (0, "'enable' or 'disable' expected");
- goto done;
- }
-
- sm->forwarding_enabled = forwarding_enable;
+ if (!enable_set)
+ error = clib_error_return (0, "expected enable | disable");
+ else
+ sm->forwarding_enabled = enable;
done:
unformat_free (line_input);
-
return error;
}
unformat_input_t _line_input, *line_input = &_line_input;
clib_error_t *error = 0;
- /* Get a line of input. */
if (!unformat_user (input, unformat_line_input, line_input))
- return 0;
+ return clib_error_return (0, NAT44_ED_EXPECTED_ARGUMENT);
while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
{
unformat_input_t _line_input, *line_input = &_line_input;
clib_error_t *error = 0;
u32 frame_queue_nelts = 0;
- /* Get a line of input. */
+
if (!unformat_user (input, unformat_line_input, line_input))
- return 0;
+ return clib_error_return (0, NAT44_ED_EXPECTED_ARGUMENT);
+
while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
{
if (unformat (line_input, "%u", &frame_queue_nelts))
error = clib_error_return (0, "frame_queue_nelts cannot be zero");
goto done;
}
- if (snat_set_frame_queue_nelts (frame_queue_nelts) != 0)
+ if (nat44_ed_set_frame_queue_nelts (frame_queue_nelts) != 0)
{
error = clib_error_return (0, "snat_set_frame_queue_nelts failed");
goto done;
/*?
* @cliexpar
- * @cliexstart{nat44 enable}
+ * @cliexstart{nat44}
* Enable nat44 plugin
- * To enable nat44, use:
- * vpp# nat44 enable sessions <n>
- * To enable nat44 static mapping only, use:
- * vpp# nat44 enable sessions <n> static-mapping
- * To enable nat44 static mapping with connection tracking, use:
- * vpp# nat44 enable sessions <n> static-mapping connection-tracking
- * To set inside-vrf outside-vrf, use:
- * vpp# nat44 enable sessions <n> inside-vrf <id> outside-vrf <id>
- * @cliexend
-?*/
-VLIB_CLI_COMMAND (nat44_enable_command, static) = {
- .path = "nat44 enable",
- .short_help =
- "nat44 enable sessions <max-number> [static-mappig-only "
- "[connection-tracking]] [inside-vrf <vrf-id>] [outside-vrf <vrf-id>]",
- .function = nat44_enable_command_fn,
-};
-
-/*?
- * @cliexpar
- * @cliexstart{nat44 disable}
- * Disable nat44 plugin
- * To disable nat44, use:
+ * To enable nat44-ed, use:
+ * vpp# nat44 enable
+ * To disable nat44-ed, use:
* vpp# nat44 disable
+ * To enable nat44-ed static mapping with connection tracking, use:
+ * vpp# nat44-ed enable static-mapping connection-tracking
+ * To set inside-vrf outside-vrf, use:
+ * vpp# nat44 enable inside-vrf <id> outside-vrf <id>
* @cliexend
?*/
-VLIB_CLI_COMMAND (nat44_disable_command, static) = {
- .path = "nat44 disable",
- .short_help = "nat44 disable",
- .function = nat44_disable_command_fn,
+VLIB_CLI_COMMAND (nat44_ed_enable_disable_command, static) = {
+ .path = "nat44",
+ .short_help = "nat44 <enable [sessions <max-number>] [static-mapping-only "
+ "connection-tracking] [inside-vrf <vrf-id>] "
+ "[outside-vrf <vrf-id>]>|disable",
+ .function = nat44_ed_enable_disable_command_fn,
};
/*?
VLIB_CLI_COMMAND (nat_show_workers_command, static) = {
.path = "show nat workers",
.short_help = "show nat workers",
- .function = nat_show_workers_commnad_fn,
+ .function = nat_show_workers_command_fn,
};
/*?
VLIB_CLI_COMMAND (snat_ipfix_logging_enable_disable_command, static) = {
.path = "nat ipfix logging",
.function = snat_ipfix_logging_enable_disable_command_fn,
- .short_help = "nat ipfix logging [domain <domain-id>] [src-port <port>] [disable]",
+ .short_help = "nat ipfix logging disable|<enable [domain <domain-id>] "
+ "[src-port <port>]>",
};
/*?
?*/
VLIB_CLI_COMMAND (nat44_show_sessions_command, static) = {
.path = "show nat44 sessions",
- .short_help = "show nat44 sessions [detail|metrics]",
+ .short_help = "show nat44 sessions [filter {i2o | o2i} {saddr <ip4-addr> "
+ "| sport <n> | daddr <ip4-addr> | dport <n> | proto <proto>} "
+ "[filter .. [..]]]",
.function = nat44_show_sessions_command_fn,
};