#include <nat/nat.h>
#include <nat/nat_ipfix_logging.h>
#include <nat/nat_det.h>
+#include <nat/nat_inlines.h>
#include <vnet/fib/fib_table.h>
#define UNSUPPORTED_IN_DET_MODE_STR \
return error;
}
+static clib_error_t *
+nat44_show_hash_commnad_fn (vlib_main_t * vm, unformat_input_t * input,
+ vlib_cli_command_t * cmd)
+{
+ snat_main_t *sm = &snat_main;
+ snat_main_per_thread_data_t *tsm;
+ int i;
+ int verbose = 0;
+
+ if (unformat (input, "detail"))
+ verbose = 1;
+ else if (unformat (input, "verbose"))
+ verbose = 2;
+
+ vlib_cli_output (vm, "%U", format_bihash_16_8, &sm->in2out_ed, verbose);
+ vlib_cli_output (vm, "%U", format_bihash_16_8, &sm->out2in_ed, verbose);
+ vlib_cli_output (vm, "%U", format_bihash_8_8, &sm->static_mapping_by_local,
+ verbose);
+ vlib_cli_output (vm, "%U",
+ format_bihash_8_8, &sm->static_mapping_by_external,
+ verbose);
+ vec_foreach_index (i, sm->per_thread_data)
+ {
+ tsm = vec_elt_at_index (sm->per_thread_data, i);
+ vlib_cli_output (vm, "-------- thread %d %s --------\n",
+ i, vlib_worker_threads[i].name);
+ vlib_cli_output (vm, "%U", format_bihash_8_8, &tsm->in2out, verbose);
+ vlib_cli_output (vm, "%U", format_bihash_8_8, &tsm->out2in, verbose);
+ vlib_cli_output (vm, "%U", format_bihash_8_8, &tsm->user_hash, verbose);
+ }
+
+ return 0;
+}
+
static clib_error_t *
nat44_set_alloc_addr_and_port_alg_command_fn (vlib_main_t * vm,
unformat_input_t * input,
count = (end_host_order - start_host_order) + 1;
if (count > 1024)
- clib_warning ("%U - %U, %d addresses...",
+ nat_log_info ("%U - %U, %d addresses...",
format_ip4_address, &start_addr,
format_ip4_address, &end_addr, count);
int rv;
snat_protocol_t proto = ~0;
u8 proto_set = 0;
- u8 twice_nat = 0;
+ twice_nat_type_t twice_nat = TWICE_NAT_DISABLED;
u8 out2in_only = 0;
if (sm->deterministic)
else if (unformat (line_input, "%U", unformat_snat_protocol, &proto))
proto_set = 1;
else if (unformat (line_input, "twice-nat"))
- twice_nat = 1;
+ twice_nat = TWICE_NAT;
+ else if (unformat (line_input, "self-twice-nat"))
+ twice_nat = TWICE_NAT_SELF;
else if (unformat (line_input, "out2in-only"))
out2in_only = 1;
else if (unformat (line_input, "del"))
snat_protocol_t proto;
u8 proto_set = 0;
nat44_lb_addr_port_t *locals = 0, local;
- u8 twice_nat = 0;
+ twice_nat_type_t twice_nat = TWICE_NAT_DISABLED;
u8 out2in_only = 0;
if (sm->deterministic)
&proto))
proto_set = 1;
else if (unformat (line_input, "twice-nat"))
- twice_nat = 1;
+ twice_nat = TWICE_NAT;
+ else if (unformat (line_input, "self-twice-nat"))
+ twice_nat = TWICE_NAT_SELF;
else if (unformat (line_input, "out2in-only"))
out2in_only = 1;
else if (unformat (line_input, "del"))
{
tsm = vec_elt_at_index (sm->per_thread_data, i);
+ vlib_cli_output (vm, "-------- thread %d %s --------\n",
+ i, vlib_worker_threads[i].name);
pool_foreach (u, tsm->users,
({
vlib_cli_output (vm, " %U", format_snat_user, tsm, u, verbose);
{
snat_main_t *sm = &snat_main;
unformat_input_t _line_input, *line_input = &_line_input;
- int is_in = 0;
+ int is_in = 0, is_ed = 0;
clib_error_t *error = 0;
- ip4_address_t addr;
- u32 port = 0, vrf_id = sm->outside_vrf_id;
+ ip4_address_t addr, eh_addr;
+ u32 port = 0, eh_port = 0, vrf_id = sm->outside_vrf_id;
snat_protocol_t proto;
int rv;
is_in = 1;
vrf_id = sm->inside_vrf_id;
}
+ else if (unformat (line_input, "out"))
+ {
+ is_in = 0;
+ vrf_id = sm->outside_vrf_id;
+ }
else if (unformat (line_input, "vrf %u", &vrf_id))
;
+ else
+ if (unformat
+ (line_input, "external-host %U:%u", unformat_ip4_address,
+ &eh_addr, &eh_port))
+ is_ed = 1;
else
{
error = clib_error_return (0, "unknown input '%U'",
}
}
- rv = nat44_del_session (sm, &addr, port, proto, vrf_id, is_in);
+ if (is_ed)
+ rv =
+ nat44_del_ed_session (sm, &addr, port, &eh_addr, eh_port,
+ snat_proto_to_ip_proto (proto), vrf_id, is_in);
+ else
+ rv = nat44_del_session (sm, &addr, port, proto, vrf_id, is_in);
switch (rv)
{
.function = nat44_set_alloc_addr_and_port_alg_command_fn,
};
+/*?
+ * @cliexpar
+ * @cliexstart{show nat44 hash tables}
+ * Show NAT44 hash tables
+ * @cliexend
+?*/
+VLIB_CLI_COMMAND (nat44_show_hash, static) = {
+ .path = "show nat44 hash tables",
+ .short_help = "show nat44 hash tables [detail|verbose]",
+ .function = nat44_show_hash_commnad_fn,
+};
+
/*?
* @cliexpar
* @cliexstart{nat44 add address}
.function = add_static_mapping_command_fn,
.short_help =
"nat44 add static mapping tcp|udp|icmp local <addr> [<port>] "
- "external <addr> [<port>] [vrf <table-id>] [twice-nat] [out2in-only] [del]",
+ "external <addr> [<port>] [vrf <table-id>] [twice-nat|self-twice-nat] "
+ "[out2in-only] [del]",
};
/*?
.function = add_lb_static_mapping_command_fn,
.short_help =
"nat44 add load-balancing static mapping protocol tcp|udp "
- "external <addr>:<port> local <addr>:<port> probability <n> [twice-nat] "
- "[vrf <table-id>] [out2in-only] [del]",
+ "external <addr>:<port> local <addr>:<port> probability <n> "
+ "[twice-nat|self-twice-nat] [vrf <table-id>] [out2in-only] [del]",
};
/*?
?*/
VLIB_CLI_COMMAND (nat44_del_session_command, static) = {
.path = "nat44 del session",
- .short_help = "nat44 del session in|out <addr>:<port> tcp|udp|icmp [vrf <id>]",
+ .short_help = "nat44 del session in|out <addr>:<port> tcp|udp|icmp [vrf <id>] [external-host <addr>:<port>]",
.function = nat44_del_session_command_fn,
};