Code Review / vpp.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
nat: deterministic: disallow invalid config
[vpp.git] / src / plugins / nat / nat44_cli.c
diff --git a/src/plugins/nat/nat44_cli.c b/src/plugins/nat/nat44_cli.c
index 6712b8b..7d74f36 100644 (file)
--- a/src/plugins/nat/nat44_cli.c
+++ b/src/plugins/nat/nat44_cli.c
@@ -27,8 +27,15 @@
 #include <vnet/fib/fib_table.h>
 #include <nat/nat_ha.h>
 
+
+#define UNSUPPORTED_IN_DET_OR_ED_MODE_STR \
+  "This command is unsupported in deterministic or endpoint dependent mode"
+#define UNSUPPORTED_IN_DET_OR_NON_ED_MODE_STR \
+  "This command is unsupported in deterministic or non endpoint dependent mode"
 #define UNSUPPORTED_IN_DET_MODE_STR \
   "This command is unsupported in deterministic mode"
+#define SUPPORTED_ONLY_IN_ED_MODE_STR \
+  "This command is supported only in endpoint dependent mode"
 #define SUPPORTED_ONLY_IN_DET_MODE_STR \
   "This command is supported only in deterministic mode"
 
@@ -116,16 +123,6 @@ nat_show_workers_commnad_fn (vlib_main_t * vm, unformat_input_t * input,
   return 0;
 }
 
-static clib_error_t *
-nat44_session_cleanup_command_fn (vlib_main_t * vm,
-                                 unformat_input_t * input,
-                                 vlib_cli_command_t * cmd)
-{
-  clib_error_t *error = 0;
-  nat44_force_users_cleanup ();
-  return error;
-}
-
 static clib_error_t *
 snat_set_log_level_command_fn (vlib_main_t * vm,
                               unformat_input_t * input,
@@ -212,7 +209,7 @@ done:
 }
 
 static clib_error_t *
-nat44_show_hash_commnad_fn (vlib_main_t * vm, unformat_input_t * input,
+nat44_show_hash_command_fn (vlib_main_t * vm, unformat_input_t * input,
                            vlib_cli_command_t * cmd)
 {
   snat_main_t *sm = &snat_main;
@@ -231,6 +228,7 @@ nat44_show_hash_commnad_fn (vlib_main_t * vm, unformat_input_t * input,
   vlib_cli_output (vm, "%U",
                   format_bihash_8_8, &sm->static_mapping_by_external,
                   verbose);
+  vlib_cli_output (vm, "%U", format_bihash_16_8, &sm->out2in_ed, verbose);
   vec_foreach_index (i, sm->per_thread_data)
   {
     tsm = vec_elt_at_index (sm->per_thread_data, i);
@@ -240,8 +238,6 @@ nat44_show_hash_commnad_fn (vlib_main_t * vm, unformat_input_t * input,
       {
        vlib_cli_output (vm, "%U", format_bihash_16_8, &tsm->in2out_ed,
                         verbose);
-       vlib_cli_output (vm, "%U", format_bihash_16_8, &tsm->out2in_ed,
-                        verbose);
       }
     else
       {
@@ -255,7 +251,17 @@ nat44_show_hash_commnad_fn (vlib_main_t * vm, unformat_input_t * input,
     {
       vlib_cli_output (vm, "%U", format_bihash_16_8, &nam->affinity_hash,
                       verbose);
-      vlib_cli_output (vm, "%U", format_bihash_16_8, &sm->ed_ext_ports, 0);
+    }
+
+  vlib_cli_output (vm, "-------- hash table parameters --------\n");
+  vlib_cli_output (vm, "translation buckets: %u", sm->translation_buckets);
+  vlib_cli_output (vm, "translation memory size: %U",
+                  format_memory_size, sm->translation_memory_size);
+  if (!sm->endpoint_dependent)
+    {
+      vlib_cli_output (vm, "user buckets: %u", sm->user_buckets);
+      vlib_cli_output (vm, "user memory size: %U",
+                      format_memory_size, sm->user_memory_size);
     }
   return 0;
 }
@@ -363,10 +369,7 @@ nat_set_mss_clamping_command_fn (vlib_main_t * vm, unformat_input_t * input,
       if (unformat (line_input, "disable"))
        sm->mss_clamping = 0;
       else if (unformat (line_input, "%d", &mss))
-       {
-         sm->mss_clamping = (u16) mss;
-         sm->mss_value_net = clib_host_to_net_u16 (sm->mss_clamping);
-       }
+       sm->mss_clamping = (u16) mss;
       else
        {
          error = clib_error_return (0, "unknown input '%U'",
@@ -649,16 +652,16 @@ nat44_show_summary_command_fn (vlib_main_t * vm, unformat_input_t * input,
   snat_session_t *s;
 
   if (sm->deterministic || !sm->endpoint_dependent)
-    return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
+    return clib_error_return (0, UNSUPPORTED_IN_DET_OR_NON_ED_MODE_STR);
 
-  // print session configuration values
-  vlib_cli_output (vm, "max translations: %u", sm->max_translations);
+  vlib_cli_output (vm, "max translations per thread: %u",
+                  sm->max_translations_per_thread);
   vlib_cli_output (vm, "max translations per user: %u",
                   sm->max_translations_per_user);
 
   u32 count = 0;
 
-  u64 now = vlib_time_now (sm->vlib_main);
+  u64 now = vlib_time_now (vm);
   u64 sess_timeout_time;
 
   u32 udp_sessions = 0;
@@ -683,18 +686,18 @@ nat44_show_summary_command_fn (vlib_main_t * vm, unformat_input_t * input,
             if (now >= sess_timeout_time)
               timed_out++;
 
-            switch (s->in2out.protocol)
+            switch (s->nat_proto)
               {
-              case SNAT_PROTOCOL_ICMP:
+              case NAT_PROTOCOL_ICMP:
                 icmp_sessions++;
                 break;
-              case SNAT_PROTOCOL_TCP:
+              case NAT_PROTOCOL_TCP:
                 tcp_sessions++;
                 if (s->state)
                   {
-                    if (s->tcp_close_timestamp)
+                    if (s->tcp_closed_timestamp)
                       {
-                        if (now >= s->tcp_close_timestamp)
+                        if (now >= s->tcp_closed_timestamp)
                           {
                             ++transitory_closed;
                           }
@@ -703,33 +706,18 @@ nat44_show_summary_command_fn (vlib_main_t * vm, unformat_input_t * input,
                             ++transitory_wait_closed;
                           }
                       }
-                    else
-                      {
-                        transitory++;
-                      }
+                    transitory++;
                   }
                 else
                   established++;
                 break;
-              case SNAT_PROTOCOL_UDP:
+              case NAT_PROTOCOL_UDP:
               default:
                 udp_sessions++;
                 break;
               }
           }));
           count += pool_elts (tsm->sessions);
-
-          vlib_cli_output (vm, "tid[%u] session scavenging cleared: %u",
-              tsm->thread_index, tsm->cleared);
-          vlib_cli_output (vm, "tid[%u] session scavenging cleanup runs: %u",
-              tsm->thread_index, tsm->cleanup_runs);
-
-          if (now < tsm->cleanup_timeout)
-            vlib_cli_output (vm, "tid[%u] session scavenging next run in: %f",
-              tsm->thread_index, tsm->cleanup_timeout - now);
-          else
-            vlib_cli_output (vm, "tid[%u] session scavenging next run in: 0",
-              tsm->thread_index);
         }
       /* *INDENT-ON* */
     }
@@ -744,18 +732,18 @@ nat44_show_summary_command_fn (vlib_main_t * vm, unformat_input_t * input,
         if (now >= sess_timeout_time)
           timed_out++;
 
-        switch (s->in2out.protocol)
+        switch (s->nat_proto)
           {
-          case SNAT_PROTOCOL_ICMP:
+          case NAT_PROTOCOL_ICMP:
             icmp_sessions++;
             break;
-          case SNAT_PROTOCOL_TCP:
+          case NAT_PROTOCOL_TCP:
             tcp_sessions++;
             if (s->state)
               {
-                if (s->tcp_close_timestamp)
+                if (s->tcp_closed_timestamp)
                   {
-                    if (now >= s->tcp_close_timestamp)
+                    if (now >= s->tcp_closed_timestamp)
                       {
                         ++transitory_closed;
                       }
@@ -764,15 +752,12 @@ nat44_show_summary_command_fn (vlib_main_t * vm, unformat_input_t * input,
                         ++transitory_wait_closed;
                       }
                   }
-                else
-                  {
-                    transitory++;
-                  }
+                transitory++;
               }
             else
               established++;
             break;
-          case SNAT_PROTOCOL_UDP:
+          case NAT_PROTOCOL_UDP:
           default:
             udp_sessions++;
             break;
@@ -780,17 +765,31 @@ nat44_show_summary_command_fn (vlib_main_t * vm, unformat_input_t * input,
       }));
       /* *INDENT-ON* */
       count = pool_elts (tsm->sessions);
-
-      vlib_cli_output (vm, "tid[0] session scavenging cleared: %u",
-                      tsm->cleared);
-      vlib_cli_output (vm, "tid[0] session scavenging cleanup runs: %u",
-                      tsm->cleanup_runs);
-
-      if (now < tsm->cleanup_timeout)
-       vlib_cli_output (vm, "tid[0] session scavenging next run in: %f",
-                        tsm->cleanup_timeout - now);
-      else
-       vlib_cli_output (vm, "tid[0] session scavenging next run in: 0");
+      if (sm->endpoint_dependent)
+       {
+         dlist_elt_t *oldest_elt;
+         u32 oldest_index;
+#define _(n, d)                                                          \
+  oldest_index =                                                         \
+      clib_dlist_remove_head (tsm->lru_pool, tsm->n##_lru_head_index);   \
+  if (~0 != oldest_index)                                                \
+    {                                                                    \
+      oldest_elt = pool_elt_at_index (tsm->lru_pool, oldest_index);      \
+      s = pool_elt_at_index (tsm->sessions, oldest_elt->value);          \
+      sess_timeout_time =                                                \
+          s->last_heard + (f64)nat44_session_get_timeout (sm, s);        \
+      vlib_cli_output (vm, d " LRU min session timeout %llu (now %llu)", \
+                       sess_timeout_time, now);                          \
+      clib_dlist_addhead (tsm->lru_pool, tsm->n##_lru_head_index,        \
+                          oldest_index);                                 \
+    }
+         _(tcp_estab, "established tcp");
+         _(tcp_trans, "transitory tcp");
+         _(udp, "udp");
+         _(unk_proto, "unknown protocol");
+         _(icmp, "icmp");
+#undef _
+       }
     }
 
   vlib_cli_output (vm, "total timed out sessions: %u", timed_out);
@@ -829,7 +828,7 @@ nat44_show_addresses_command_fn (vlib_main_t * vm, unformat_input_t * input,
         vlib_cli_output (vm, "  tenant VRF independent");
     #define _(N, i, n, s) \
       vlib_cli_output (vm, "  %d busy %s ports", ap->busy_##n##_ports, s);
-      foreach_snat_protocol
+      foreach_nat_protocol
     #undef _
     }
   vlib_cli_output (vm, "NAT44 twice-nat pool addresses:");
@@ -843,7 +842,7 @@ nat44_show_addresses_command_fn (vlib_main_t * vm, unformat_input_t * input,
         vlib_cli_output (vm, "  tenant VRF independent");
     #define _(N, i, n, s) \
       vlib_cli_output (vm, "  %d busy %s ports", ap->busy_##n##_ports, s);
-      foreach_snat_protocol
+      foreach_nat_protocol
     #undef _
     }
   /* *INDENT-ON* */
@@ -1008,7 +1007,7 @@ add_static_mapping_command_fn (vlib_main_t * vm,
   u32 sw_if_index = ~0;
   vnet_main_t *vnm = vnet_get_main ();
   int rv;
-  snat_protocol_t proto = ~0;
+  nat_protocol_t proto = NAT_PROTOCOL_OTHER;
   u8 proto_set = 0;
   twice_nat_type_t twice_nat = TWICE_NAT_DISABLED;
   u8 out2in_only = 0;
@@ -1044,7 +1043,7 @@ add_static_mapping_command_fn (vlib_main_t * vm,
        ;
       else if (unformat (line_input, "vrf %u", &vrf_id))
        ;
-      else if (unformat (line_input, "%U", unformat_snat_protocol, &proto))
+      else if (unformat (line_input, "%U", unformat_nat_protocol, &proto))
        proto_set = 1;
       else if (unformat (line_input, "twice-nat"))
        twice_nat = TWICE_NAT;
@@ -1068,13 +1067,24 @@ add_static_mapping_command_fn (vlib_main_t * vm,
       goto done;
     }
 
-  if (!addr_only && !proto_set)
+  if (addr_only)
     {
-      error = clib_error_return (0, "missing protocol");
+      if (proto_set)
+       {
+         error =
+           clib_error_return (0,
+                              "address only mapping doesn't support protocol");
+         goto done;
+       }
+    }
+  else if (!proto_set)
+    {
+      error = clib_error_return (0, "protocol is required");
       goto done;
     }
 
-  rv = snat_add_static_mapping (l_addr, e_addr, (u16) l_port, (u16) e_port,
+  rv = snat_add_static_mapping (l_addr, e_addr, clib_host_to_net_u16 (l_port),
+                               clib_host_to_net_u16 (e_port),
                                vrf_id, addr_only, sw_if_index, proto, is_add,
                                twice_nat, out2in_only, 0, 0);
 
@@ -1125,7 +1135,7 @@ add_identity_mapping_command_fn (vlib_main_t * vm,
   u32 sw_if_index = ~0;
   vnet_main_t *vnm = vnet_get_main ();
   int rv;
-  snat_protocol_t proto;
+  nat_protocol_t proto;
 
   if (sm->deterministic)
     return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
@@ -1145,7 +1155,7 @@ add_identity_mapping_command_fn (vlib_main_t * vm,
        ;
       else if (unformat (line_input, "vrf %u", &vrf_id))
        ;
-      else if (unformat (line_input, "%U %u", unformat_snat_protocol, &proto,
+      else if (unformat (line_input, "%U %u", unformat_nat_protocol, &proto,
                         &port))
        addr_only = 0;
       else if (unformat (line_input, "del"))
@@ -1158,9 +1168,10 @@ add_identity_mapping_command_fn (vlib_main_t * vm,
        }
     }
 
-  rv = snat_add_static_mapping (addr, addr, (u16) port, (u16) port,
-                               vrf_id, addr_only, sw_if_index, proto, is_add,
-                               0, 0, 0, 1);
+  rv =
+    snat_add_static_mapping (addr, addr, clib_host_to_net_u16 (port),
+                            clib_host_to_net_u16 (port), vrf_id, addr_only,
+                            sw_if_index, proto, is_add, 0, 0, 0, 1);
 
   switch (rv)
     {
@@ -1201,7 +1212,7 @@ add_lb_static_mapping_command_fn (vlib_main_t * vm,
   u32 l_port = 0, e_port = 0, vrf_id = 0, probability = 0, affinity = 0;
   int is_add = 1;
   int rv;
-  snat_protocol_t proto;
+  nat_protocol_t proto;
   u8 proto_set = 0;
   nat44_lb_addr_port_t *locals = 0, local;
   twice_nat_type_t twice_nat = TWICE_NAT_DISABLED;
@@ -1239,7 +1250,7 @@ add_lb_static_mapping_command_fn (vlib_main_t * vm,
       else if (unformat (line_input, "external %U:%u", unformat_ip4_address,
                         &e_addr, &e_port))
        ;
-      else if (unformat (line_input, "protocol %U", unformat_snat_protocol,
+      else if (unformat (line_input, "protocol %U", unformat_nat_protocol,
                         &proto))
        proto_set = 1;
       else if (unformat (line_input, "twice-nat"))
@@ -1316,7 +1327,7 @@ add_lb_backend_command_fn (vlib_main_t * vm,
   u32 l_port = 0, e_port = 0, vrf_id = 0, probability = 0;
   int is_add = 1;
   int rv;
-  snat_protocol_t proto;
+  nat_protocol_t proto;
   u8 proto_set = 0;
 
   if (sm->deterministic)
@@ -1338,7 +1349,7 @@ add_lb_backend_command_fn (vlib_main_t * vm,
       else if (unformat (line_input, "external %U:%u", unformat_ip4_address,
                         &e_addr, &e_port))
        ;
-      else if (unformat (line_input, "protocol %U", unformat_snat_protocol,
+      else if (unformat (line_input, "protocol %U", unformat_nat_protocol,
                         &proto))
        proto_set = 1;
       else if (unformat (line_input, "del"))
@@ -1514,11 +1525,11 @@ nat44_show_sessions_command_fn (vlib_main_t * vm, unformat_input_t * input,
 {
   unformat_input_t _line_input, *line_input = &_line_input;
   clib_error_t *error = 0;
-  snat_main_t *sm = &snat_main;
+
   snat_main_per_thread_data_t *tsm;
+  snat_main_t *sm = &snat_main;
 
-  int detail = 0, metrics = 0;
-  snat_user_t *u;
+  int detail = 0;
   int i = 0;
 
   if (sm->deterministic)
@@ -1531,8 +1542,6 @@ nat44_show_sessions_command_fn (vlib_main_t * vm, unformat_input_t * input,
     {
       if (unformat (line_input, "detail"))
        detail = 1;
-      else if (unformat (line_input, "metrics"))
-       metrics = 1;
       else
        {
          error = clib_error_return (0, "unknown input '%U'",
@@ -1543,7 +1552,11 @@ nat44_show_sessions_command_fn (vlib_main_t * vm, unformat_input_t * input,
   unformat_free (line_input);
 
 print:
-  vlib_cli_output (vm, "NAT44 sessions:");
+  if (!sm->endpoint_dependent)
+    vlib_cli_output (vm, "NAT44 sessions:");
+  else
+    vlib_cli_output (vm, "NAT44 ED sessions:");
+
   /* *INDENT-OFF* */
   vec_foreach_index (i, sm->per_thread_data)
     {
@@ -1552,19 +1565,21 @@ print:
       vlib_cli_output (vm, "-------- thread %d %s: %d sessions --------\n",
                        i, vlib_worker_threads[i].name,
                        pool_elts (tsm->sessions));
-      if (metrics)
+
+      if (!sm->endpoint_dependent)
         {
-          u64 now = vlib_time_now (sm->vlib_main);
+          snat_user_t *u;
           pool_foreach (u, tsm->users,
           ({
-            vlib_cli_output (vm, "  %U", format_snat_user_v2, tsm, u, now);
+            vlib_cli_output (vm, "  %U", format_snat_user, tsm, u, detail);
           }));
         }
       else
         {
-          pool_foreach (u, tsm->users,
+          snat_session_t *s;
+          pool_foreach (s, tsm->sessions,
           ({
-            vlib_cli_output (vm, "  %U", format_snat_user, tsm, u, detail);
+            vlib_cli_output (vm, "  %U\n", format_snat_session, tsm, s);
           }));
         }
     }
@@ -1572,6 +1587,49 @@ print:
   return error;
 }
 
+static clib_error_t *
+nat44_set_session_limit_command_fn (vlib_main_t * vm,
+                                   unformat_input_t * input,
+                                   vlib_cli_command_t * cmd)
+{
+  snat_main_t *sm = &snat_main;
+  unformat_input_t _line_input, *line_input = &_line_input;
+  clib_error_t *error = 0;
+
+  u32 session_limit = 0, vrf_id = 0;
+
+  if (sm->deterministic)
+    return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
+
+  /* Get a line of input. */
+  if (!unformat_user (input, unformat_line_input, line_input))
+    return 0;
+
+  while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
+    {
+      if (unformat (line_input, "%u", &session_limit))
+       ;
+      else if (unformat (line_input, "vrf %u", &vrf_id))
+       ;
+      else
+       {
+         error = clib_error_return (0, "unknown input '%U'",
+                                    format_unformat_error, line_input);
+         goto done;
+       }
+    }
+
+  if (!session_limit)
+    error = clib_error_return (0, "missing value of session limit");
+  else if (nat44_set_session_limit (session_limit, vrf_id))
+    error = clib_error_return (0, "nat44_set_session_limit failed");
+
+done:
+  unformat_free (line_input);
+
+  return error;
+}
+
 static clib_error_t *
 nat44_del_user_command_fn (vlib_main_t * vm,
                           unformat_input_t * input, vlib_cli_command_t * cmd)
@@ -1583,8 +1641,8 @@ nat44_del_user_command_fn (vlib_main_t * vm,
   u32 fib_index = 0;
   int rv;
 
-  if (sm->deterministic)
-    return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
+  if (sm->deterministic || sm->endpoint_dependent)
+    return clib_error_return (0, UNSUPPORTED_IN_DET_OR_ED_MODE_STR);
 
   /* Get a line of input. */
   if (!unformat_user (input, unformat_line_input, line_input))
@@ -1617,6 +1675,21 @@ done:
   return error;
 }
 
+static clib_error_t *
+nat44_clear_sessions_command_fn (vlib_main_t * vm,
+                                unformat_input_t * input,
+                                vlib_cli_command_t * cmd)
+{
+  snat_main_t *sm = &snat_main;
+  clib_error_t *error = 0;
+
+  if (sm->deterministic)
+    return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
+
+  nat44_sessions_clear ();
+  return error;
+}
+
 static clib_error_t *
 nat44_del_session_command_fn (vlib_main_t * vm,
                              unformat_input_t * input,
@@ -1628,7 +1701,7 @@ nat44_del_session_command_fn (vlib_main_t * vm,
   clib_error_t *error = 0;
   ip4_address_t addr, eh_addr;
   u32 port = 0, eh_port = 0, vrf_id = sm->outside_vrf_id;
-  snat_protocol_t proto;
+  nat_protocol_t proto;
   int rv;
 
   if (sm->deterministic)
@@ -1642,7 +1715,7 @@ nat44_del_session_command_fn (vlib_main_t * vm,
     {
       if (unformat
          (line_input, "%U:%u %U", unformat_ip4_address, &addr, &port,
-          unformat_snat_protocol, &proto))
+          unformat_nat_protocol, &proto))
        ;
       else if (unformat (line_input, "in"))
        {
@@ -1671,10 +1744,13 @@ nat44_del_session_command_fn (vlib_main_t * vm,
 
   if (is_ed)
     rv =
-      nat44_del_ed_session (sm, &addr, port, &eh_addr, eh_port,
-                           snat_proto_to_ip_proto (proto), vrf_id, is_in);
+      nat44_del_ed_session (sm, &addr, clib_host_to_net_u16 (port), &eh_addr,
+                           clib_host_to_net_u16 (eh_port),
+                           nat_proto_to_ip_proto (proto), vrf_id, is_in);
   else
-    rv = nat44_del_session (sm, &addr, port, proto, vrf_id, is_in);
+    rv =
+      nat44_del_session (sm, &addr, clib_host_to_net_u16 (port), proto,
+                        vrf_id, is_in);
 
   switch (rv)
     {
@@ -1782,8 +1858,13 @@ snat_det_map_command_fn (vlib_main_t * vm,
        }
     }
 
-  rv = snat_det_add_map (sm, &in_addr, (u8) in_plen, &out_addr, (u8) out_plen,
-                        is_add);
+  if (in_plen > 32 || out_plen > 32)
+    {
+      error = clib_error_return (0, "network prefix length must be <= 32");
+      goto done;
+    }
+
+  rv = snat_det_add_map (sm, &in_addr, in_plen, &out_addr, out_plen, is_add);
 
   if (rv)
     {
@@ -1999,7 +2080,6 @@ set_timeout_command_fn (vlib_main_t * vm,
     }
 done:
   unformat_free (line_input);
-  sm->min_timeout = nat44_minimal_timeout (sm);
   return error;
 }
 
@@ -2010,8 +2090,6 @@ nat_show_timeouts_command_fn (vlib_main_t * vm,
 {
   snat_main_t *sm = &snat_main;
 
-  // fix text
-  vlib_cli_output (vm, "min session cleanup timeout: %dsec", sm->min_timeout);
   vlib_cli_output (vm, "udp timeout: %dsec", sm->udp_timeout);
   vlib_cli_output (vm, "tcp-established timeout: %dsec",
                   sm->tcp_established_timeout);
@@ -2231,19 +2309,6 @@ VLIB_CLI_COMMAND (nat_show_timeouts_command, static) = {
   .function = nat_show_timeouts_command_fn,
 };
 
-/*?
- * @cliexpar
- * @cliexstart{nat set logging level}
- * To force garbage collection of nat sessions
- *  vpp# nat44 session cleanup
- * @cliexend
-?*/
-VLIB_CLI_COMMAND (nat44_session_cleanup_command, static) = {
-  .path = "nat44 session cleanup",
-  .function = nat44_session_cleanup_command_fn,
-  .short_help = "nat44 session cleanup",
-};
-
 /*?
  * @cliexpar
  * @cliexstart{nat set logging level}
@@ -2399,7 +2464,7 @@ VLIB_CLI_COMMAND (nat_ha_resync_command, static) = {
 VLIB_CLI_COMMAND (nat44_show_hash, static) = {
   .path = "show nat44 hash tables",
   .short_help = "show nat44 hash tables [detail|verbose]",
-  .function = nat44_show_hash_commnad_fn,
+  .function = nat44_show_hash_command_fn,
 };
 
 /*?
@@ -2506,16 +2571,19 @@ VLIB_CLI_COMMAND (nat44_show_interfaces_command, static) = {
  *  vpp# nat44 add static mapping tcp local 10.0.0.3 6303 external 4.4.4.4 3606
  * If not runnig "static mapping only" NAT plugin mode use before:
  *  vpp# nat44 add address 4.4.4.4
- * To create static mapping between local and external address use:
+ * To create address only static mapping between local and external address use:
  *  vpp# nat44 add static mapping local 10.0.0.3 external 4.4.4.4
+ * To create ICMP static mapping between local and external with ICMP echo
+ * identifier 10 use:
+ *  vpp# nat44 add static mapping icmp local 10.0.0.3 10 external 4.4.4.4 10
  * @cliexend
 ?*/
 VLIB_CLI_COMMAND (add_static_mapping_command, static) = {
   .path = "nat44 add static mapping",
   .function = add_static_mapping_command_fn,
   .short_help =
-    "nat44 add static mapping tcp|udp|icmp local <addr> [<port>] "
-    "external <addr> [<port>] [vrf <table-id>] [twice-nat|self-twice-nat] "
+    "nat44 add static mapping tcp|udp|icmp local <addr> [<port|icmp-echo-id>] "
+    "external <addr> [<port|icmp-echo-id>] [vrf <table-id>] [twice-nat|self-twice-nat] "
     "[out2in-only] [del]",
 };
 
@@ -2641,6 +2709,18 @@ VLIB_CLI_COMMAND (nat44_show_sessions_command, static) = {
   .function = nat44_show_sessions_command_fn,
 };
 
+/*?
+ * @cliexpar
+ * @cliexstart{set nat44 session limit}
+ * Set NAT44 session limit.
+ * @cliexend
+?*/
+VLIB_CLI_COMMAND (nat44_set_session_limit_command, static) = {
+  .path = "set nat44 session limit",
+  .short_help = "set nat44 session limit <limit> [vrf <table-id>]",
+  .function = nat44_set_session_limit_command_fn,
+};
+
 /*?
  * @cliexpar
  * @cliexstart{nat44 del user}
@@ -2654,6 +2734,19 @@ VLIB_CLI_COMMAND (nat44_del_user_command, static) = {
     .function = nat44_del_user_command_fn,
 };
 
+/*?
+ * @cliexpar
+ * @cliexstart{clear nat44 sessions}
+ * To clear all NAT44 sessions
+ *  vpp# clear nat44 sessions
+ * @cliexend
+?*/
+VLIB_CLI_COMMAND (nat44_clear_sessions_command, static) = {
+    .path = "clear nat44 sessions",
+    .short_help = "clear nat44 sessions",
+    .function = nat44_clear_sessions_command_fn,
+};
+
 /*?
  * @cliexpar
  * @cliexstart{nat44 del session}
Vector Packet Processing