#include <nat/nat_det.h>
#include <nat/nat64.h>
#include <nat/nat_inlines.h>
+#include <nat/nat44/inlines.h>
#include <nat/nat_affinity.h>
#include <vnet/fib/fib_table.h>
#include <nat/nat_ha.h>
return 0;
}
+static clib_error_t *
+snat_set_log_level_command_fn (vlib_main_t * vm,
+ unformat_input_t * input,
+ vlib_cli_command_t * cmd)
+{
+ unformat_input_t _line_input, *line_input = &_line_input;
+ snat_main_t *sm = &snat_main;
+ u8 log_level = SNAT_LOG_NONE;
+ clib_error_t *error = 0;
+
+ /* Get a line of input. */
+ if (!unformat_user (input, unformat_line_input, line_input))
+ return 0;
+
+ if (!unformat (line_input, "%d", &log_level))
+ {
+ error = clib_error_return (0, "unknown input '%U'",
+ format_unformat_error, line_input);
+ goto done;
+ }
+ if (log_level > SNAT_LOG_DEBUG)
+ {
+ error = clib_error_return (0, "unknown logging level '%d'", log_level);
+ goto done;
+ }
+ sm->log_level = log_level;
+
+done:
+ unformat_free (line_input);
+
+ return error;
+}
+
static clib_error_t *
snat_ipfix_logging_enable_disable_command_fn (vlib_main_t * vm,
unformat_input_t * input,
}
if (sm->endpoint_dependent)
- vlib_cli_output (vm, "%U", format_bihash_16_8, &nam->affinity_hash,
- verbose);
+ {
+ vlib_cli_output (vm, "%U", format_bihash_16_8, &nam->affinity_hash,
+ verbose);
+ vlib_cli_output (vm, "%U", format_bihash_16_8, &sm->ed_ext_ports, 0);
+ }
return 0;
}
;
else
if (unformat
- (line_input, "refresh-intervval %u", &session_refresh_interval))
+ (line_input, "refresh-interval %u", &session_refresh_interval))
;
else
{
nat_ha_get_failover (&addr, &port, &session_refresh_interval);
vlib_cli_output (vm, "FAILOVER:\n");
if (port)
- vlib_cli_output (vm, " %U:%u refresh-intervval %usec\n",
+ vlib_cli_output (vm, " %U:%u refresh-interval %usec\n",
format_ip4_address, &addr, port,
session_refresh_interval);
else
return error;
}
+static clib_error_t *
+nat44_show_summary_command_fn (vlib_main_t * vm, unformat_input_t * input,
+ vlib_cli_command_t * cmd)
+{
+ snat_main_per_thread_data_t *tsm;
+ snat_main_t *sm = &snat_main;
+ snat_session_t *s;
+
+ if (sm->deterministic || !sm->endpoint_dependent)
+ return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
+
+ // print session configuration values
+ vlib_cli_output (vm, "max translations: %u", sm->max_translations);
+ vlib_cli_output (vm, "max translations per user: %u",
+ sm->max_translations_per_user);
+
+ u32 count = 0;
+
+ u64 now = vlib_time_now (sm->vlib_main);
+ u64 sess_timeout_time;
+
+ u32 udp_sessions = 0;
+ u32 tcp_sessions = 0;
+ u32 icmp_sessions = 0;
+
+ u32 timed_out = 0;
+ u32 transitory = 0;
+ u32 transitory_wait_closed = 0;
+ u32 transitory_closed = 0;
+ u32 established = 0;
+
+ if (sm->num_workers > 1)
+ {
+ /* *INDENT-OFF* */
+ vec_foreach (tsm, sm->per_thread_data)
+ {
+ pool_foreach (s, tsm->sessions,
+ ({
+ sess_timeout_time = s->last_heard +
+ (f64) nat44_session_get_timeout (sm, s);
+ if (now >= sess_timeout_time)
+ timed_out++;
+
+ switch (s->in2out.protocol)
+ {
+ case SNAT_PROTOCOL_ICMP:
+ icmp_sessions++;
+ break;
+ case SNAT_PROTOCOL_TCP:
+ tcp_sessions++;
+ if (s->state)
+ {
+ if (s->tcp_close_timestamp)
+ {
+ if (now >= s->tcp_close_timestamp)
+ {
+ ++transitory_closed;
+ }
+ else
+ {
+ ++transitory_wait_closed;
+ }
+ }
+ transitory++;
+ }
+ else
+ established++;
+ break;
+ case SNAT_PROTOCOL_UDP:
+ default:
+ udp_sessions++;
+ break;
+ }
+ }));
+ count += pool_elts (tsm->sessions);
+ }
+ /* *INDENT-ON* */
+ }
+ else
+ {
+ tsm = vec_elt_at_index (sm->per_thread_data, sm->num_workers);
+ /* *INDENT-OFF* */
+ pool_foreach (s, tsm->sessions,
+ ({
+ sess_timeout_time = s->last_heard +
+ (f64) nat44_session_get_timeout (sm, s);
+ if (now >= sess_timeout_time)
+ timed_out++;
+
+ switch (s->in2out.protocol)
+ {
+ case SNAT_PROTOCOL_ICMP:
+ icmp_sessions++;
+ break;
+ case SNAT_PROTOCOL_TCP:
+ tcp_sessions++;
+ if (s->state)
+ {
+ if (s->tcp_close_timestamp)
+ {
+ if (now >= s->tcp_close_timestamp)
+ {
+ ++transitory_closed;
+ }
+ else
+ {
+ ++transitory_wait_closed;
+ }
+ }
+ transitory++;
+ }
+ else
+ established++;
+ break;
+ case SNAT_PROTOCOL_UDP:
+ default:
+ udp_sessions++;
+ break;
+ }
+ }));
+ /* *INDENT-ON* */
+ count = pool_elts (tsm->sessions);
+ }
+
+ vlib_cli_output (vm, "total timed out sessions: %u", timed_out);
+ vlib_cli_output (vm, "total sessions: %u", count);
+ vlib_cli_output (vm, "total tcp sessions: %u", tcp_sessions);
+ vlib_cli_output (vm, "total tcp established sessions: %u", established);
+ vlib_cli_output (vm, "total tcp transitory sessions: %u", transitory);
+ vlib_cli_output (vm, "total tcp transitory (WAIT-CLOSED) sessions: %u",
+ transitory_wait_closed);
+ vlib_cli_output (vm, "total tcp transitory (CLOSED) sessions: %u",
+ transitory_closed);
+ vlib_cli_output (vm, "total udp sessions: %u", udp_sessions);
+ vlib_cli_output (vm, "total icmp sessions: %u", icmp_sessions);
+ return 0;
+}
+
static clib_error_t *
nat44_show_addresses_command_fn (vlib_main_t * vm, unformat_input_t * input,
vlib_cli_command_t * cmd)
nat44_show_sessions_command_fn (vlib_main_t * vm, unformat_input_t * input,
vlib_cli_command_t * cmd)
{
- int verbose = 0;
+ unformat_input_t _line_input, *line_input = &_line_input;
+ clib_error_t *error = 0;
snat_main_t *sm = &snat_main;
snat_main_per_thread_data_t *tsm;
+
+ int detail = 0, metrics = 0;
snat_user_t *u;
int i = 0;
if (sm->deterministic)
return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
- if (unformat (input, "detail"))
- verbose = 1;
+ if (!unformat_user (input, unformat_line_input, line_input))
+ goto print;
- vlib_cli_output (vm, "NAT44 sessions:");
+ while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
+ {
+ if (unformat (line_input, "detail"))
+ detail = 1;
+ else if (unformat (line_input, "metrics"))
+ metrics = 1;
+ else
+ {
+ error = clib_error_return (0, "unknown input '%U'",
+ format_unformat_error, line_input);
+ break;
+ }
+ }
+ unformat_free (line_input);
+print:
+ vlib_cli_output (vm, "NAT44 sessions:");
/* *INDENT-OFF* */
vec_foreach_index (i, sm->per_thread_data)
{
vlib_cli_output (vm, "-------- thread %d %s: %d sessions --------\n",
i, vlib_worker_threads[i].name,
pool_elts (tsm->sessions));
- pool_foreach (u, tsm->users,
- ({
- vlib_cli_output (vm, " %U", format_snat_user, tsm, u, verbose);
- }));
+ if (metrics)
+ {
+ u64 now = vlib_time_now (sm->vlib_main);
+ pool_foreach (u, tsm->users,
+ ({
+ vlib_cli_output (vm, " %U", format_snat_user_v2, tsm, u, now);
+ }));
+ }
+ else
+ {
+ pool_foreach (u, tsm->users,
+ ({
+ vlib_cli_output (vm, " %U", format_snat_user, tsm, u, detail);
+ }));
+ }
}
/* *INDENT-ON* */
+ return error;
+}
- return 0;
+static clib_error_t *
+nat44_del_user_command_fn (vlib_main_t * vm,
+ unformat_input_t * input, vlib_cli_command_t * cmd)
+{
+ snat_main_t *sm = &snat_main;
+ unformat_input_t _line_input, *line_input = &_line_input;
+ clib_error_t *error = 0;
+ ip4_address_t addr;
+ u32 fib_index = 0;
+ int rv;
+
+ if (sm->deterministic)
+ return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
+
+ /* Get a line of input. */
+ if (!unformat_user (input, unformat_line_input, line_input))
+ return 0;
+
+ while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
+ {
+ if (unformat (line_input, "%U", unformat_ip4_address, &addr))
+ ;
+ else if (unformat (line_input, "fib %u", &fib_index))
+ ;
+ else
+ {
+ error = clib_error_return (0, "unknown input '%U'",
+ format_unformat_error, line_input);
+ goto done;
+ }
+ }
+
+ rv = nat44_user_del (&addr, fib_index);
+
+ if (!rv)
+ {
+ error = clib_error_return (0, "nat44_user_del returned %d", rv);
+ }
+
+done:
+ unformat_free (line_input);
+
+ return error;
}
static clib_error_t *
goto done;
}
}
-
done:
unformat_free (line_input);
-
return error;
}
.function = nat_show_timeouts_command_fn,
};
+/*?
+ * @cliexpar
+ * @cliexstart{nat set logging level}
+ * To set NAT logging level use:
+ * Set nat logging level
+ * @cliexend
+?*/
+VLIB_CLI_COMMAND (snat_set_log_level_command, static) = {
+ .path = "nat set logging level",
+ .function = snat_set_log_level_command_fn,
+ .short_help = "nat set logging level <level>",
+};
+
/*?
* @cliexpar
* @cliexstart{snat ipfix logging}
?*/
VLIB_CLI_COMMAND (nat_ha_failover_command, static) = {
.path = "nat ha failover",
- .short_help = "nat ha failover <ip4-address>:<port> [refresh-intervval <sec>]",
+ .short_help = "nat ha failover <ip4-address>:<port> [refresh-interval <sec>]",
.function = nat_ha_failover_command_fn,
};
.function = add_address_command_fn,
};
+/*?
+ * @cliexpar
+ * @cliexstart{show nat44 summary}
+ * Show NAT44 summary
+ * vpp# show nat44 summary
+ * @cliexend
+?*/
+VLIB_CLI_COMMAND (nat44_show_summary_command, static) = {
+ .path = "show nat44 summary",
+ .short_help = "show nat44 summary",
+ .function = nat44_show_summary_command_fn,
+};
+
/*?
* @cliexpar
* @cliexstart{show nat44 addresses}
* To create identity mapping for address 10.0.0.3 use:
* vpp# nat44 add identity mapping 10.0.0.3
* To create identity mapping for DHCP addressed interface use:
- * vpp# nat44 add identity mapping GigabitEthernet0/a/0 tcp 3606
+ * vpp# nat44 add identity mapping external GigabitEthernet0/a/0 tcp 3606
* @cliexend
?*/
VLIB_CLI_COMMAND (add_identity_mapping_command, static) = {
.path = "nat44 add identity mapping",
.function = add_identity_mapping_command_fn,
- .short_help = "nat44 add identity mapping <interface>|<ip4-addr> "
+ .short_help = "nat44 add identity mapping <ip4-addr>|external <interface> "
"[<protocol> <port>] [vrf <table-id>] [del]",
};
?*/
VLIB_CLI_COMMAND (nat44_show_sessions_command, static) = {
.path = "show nat44 sessions",
- .short_help = "show nat44 sessions [detail]",
+ .short_help = "show nat44 sessions [detail|metrics]",
.function = nat44_show_sessions_command_fn,
};
+/*?
+ * @cliexpar
+ * @cliexstart{nat44 del user}
+ * To delete all NAT44 user sessions:
+ * vpp# nat44 del user 10.0.0.3
+ * @cliexend
+?*/
+VLIB_CLI_COMMAND (nat44_del_user_command, static) = {
+ .path = "nat44 del user",
+ .short_help = "nat44 del user <addr> [fib <index>]",
+ .function = nat44_del_user_command_fn,
+};
+
/*?
* @cliexpar
* @cliexstart{nat44 del session}