#include <nat/nat_msg_enum.h>
#include <vnet/fib/fib_table.h>
#include <vnet/ip/ip_types_api.h>
+#include <nat/nat44/ed_inlines.h>
#define vl_api_nat44_add_del_lb_static_mapping_t_endian vl_noop_handler
#define vl_api_nat44_nat44_lb_static_mapping_details_t_endian vl_noop_handler
REPLY_MACRO2 (VL_API_NAT_SHOW_CONFIG_REPLY,
({
rmp->translation_buckets = htonl (sm->translation_buckets);
- rmp->translation_memory_size = htonl (sm->translation_memory_size);
+ rmp->translation_memory_size = clib_host_to_net_u64 (sm->translation_memory_size);
rmp->user_buckets = htonl (sm->user_buckets);
- rmp->user_memory_size = htonl (sm->user_memory_size);
+ rmp->user_memory_size = clib_host_to_net_u64 (sm->user_memory_size);
rmp->max_translations_per_user = htonl (sm->max_translations_per_user);
rmp->outside_vrf_id = htonl (sm->outside_vrf_id);
rmp->inside_vrf_id = htonl (sm->inside_vrf_id);
rmp->endpoint_dependent = sm->endpoint_dependent;
rmp->out2in_dpo = sm->out2in_dpo;
//rmp->dslite_ce = dm->is_ce;
- rmp->nat64_bib_buckets = n64m->bib_buckets;
- rmp->nat64_bib_memory_size = n64m->bib_memory_size;
- rmp->nat64_st_buckets = n64m->st_buckets;
- rmp->nat64_st_memory_size = n64m->st_memory_size;
+ rmp->nat64_bib_buckets = clib_net_to_host_u32(n64m->bib_buckets);
+ rmp->nat64_bib_memory_size = clib_net_to_host_u64(n64m->bib_memory_size);
+ rmp->nat64_st_buckets = clib_net_to_host_u32(n64m->st_buckets);
+ rmp->nat64_st_memory_size = clib_net_to_host_u64(n64m->st_memory_size);
}));
/* *INDENT-ON* */
}
}
static void
-vl_api_nat44_session_cleanup_t_handler (vl_api_nat44_session_cleanup_t * mp)
+vl_api_nat44_set_session_limit_t_handler (vl_api_nat44_set_session_limit_t *
+ mp)
{
snat_main_t *sm = &snat_main;
- vl_api_nat44_session_cleanup_reply_t *rmp;
+ vl_api_nat44_set_session_limit_reply_t *rmp;
int rv = 0;
- nat44_force_users_cleanup ();
- REPLY_MACRO (VL_API_NAT44_SESSION_CLEANUP_REPLY);
+
+ rv = nat44_set_session_limit
+ (ntohl (mp->session_limit), ntohl (mp->vrf_id));
+
+ REPLY_MACRO (VL_API_NAT_SET_WORKERS_REPLY);
}
static void *
-vl_api_nat44_session_cleanup_t_print (vl_api_nat44_session_cleanup_t * mp,
- void *handle)
+vl_api_nat44_set_session_limit_t_print (vl_api_nat44_set_session_limit_t *
+ mp, void *handle)
{
u8 *s;
- s = format (0, "SCRIPT: nat44_session_cleanup");
+ s = format (0, "SCRIPT: nat44_set_session_limit ");
+ s = format (s, "session_limit %d", ntohl (mp->session_limit));
+ s = format (s, "vrf_id %d", ntohl (mp->vrf_id));
FINISH;
}
-
static void
vl_api_nat_set_log_level_t_handler (vl_api_nat_set_log_level_t * mp)
{
sm->tcp_transitory_timeout = ntohl (mp->tcp_transitory);
sm->icmp_timeout = ntohl (mp->icmp);
- sm->min_timeout = nat44_minimal_timeout (sm);
-
rv = nat64_set_icmp_timeout (ntohl (mp->icmp));
if (rv)
goto send_reply;
int rv = 0;
if (mp->enable)
- {
- sm->mss_clamping = ntohs (mp->mss_value);
- sm->mss_value_net = mp->mss_value;
- }
+ sm->mss_clamping = ntohs (mp->mss_value);
else
sm->mss_clamping = 0;
u32 vrf_id, external_sw_if_index;
twice_nat_type_t twice_nat = TWICE_NAT_DISABLED;
int rv = 0;
- snat_protocol_t proto;
+ nat_protocol_t proto;
u8 *tag = 0;
if (sm->deterministic)
vrf_id = clib_net_to_host_u32 (mp->vrf_id);
external_sw_if_index = clib_net_to_host_u32 (mp->external_sw_if_index);
- proto = ip_proto_to_snat_proto (mp->protocol);
+ proto = ip_proto_to_nat_proto (mp->protocol);
if (mp->flags & NAT_API_IS_TWICE_NAT)
twice_nat = TWICE_NAT;
}
else
{
- rmp->protocol = snat_proto_to_ip_proto (m->proto);
+ rmp->protocol = nat_proto_to_ip_proto (m->proto);
rmp->external_port = htons (m->external_port);
rmp->local_port = htons (m->local_port);
}
}
else
{
- rmp->protocol = snat_proto_to_ip_proto (m->proto);
+ rmp->protocol = nat_proto_to_ip_proto (m->proto);
rmp->external_port = htons (m->e_port);
rmp->local_port = htons (m->l_port);
}
u16 port = 0;
u32 vrf_id, sw_if_index;
int rv = 0;
- snat_protocol_t proto = ~0;
+ nat_protocol_t proto = NAT_PROTOCOL_OTHER;
u8 *tag = 0;
if (sm->deterministic)
if (!(mp->flags & NAT_API_IS_ADDR_ONLY))
{
port = clib_net_to_host_u16 (mp->port);
- proto = ip_proto_to_snat_proto (mp->protocol);
+ proto = ip_proto_to_nat_proto (mp->protocol);
}
vrf_id = clib_net_to_host_u32 (mp->vrf_id);
sw_if_index = clib_net_to_host_u32 (mp->sw_if_index);
rmp->port = htons (m->local_port);
rmp->sw_if_index = ~0;
rmp->vrf_id = htonl (local->vrf_id);
- rmp->protocol = snat_proto_to_ip_proto (m->proto);
+ rmp->protocol = nat_proto_to_ip_proto (m->proto);
rmp->context = context;
if (m->tag)
strncpy ((char *) rmp->tag, (char *) m->tag, vec_len (m->tag));
rmp->port = htons (m->l_port);
rmp->sw_if_index = htonl (m->sw_if_index);
rmp->vrf_id = htonl (m->vrf_id);
- rmp->protocol = snat_proto_to_ip_proto (m->proto);
+ rmp->protocol = nat_proto_to_ip_proto (m->proto);
rmp->context = context;
if (m->tag)
strncpy ((char *) rmp->tag, (char *) m->tag, vec_len (m->tag));
vl_api_send_msg (reg, (u8 *) rmp);
}
+static void
+nat_ed_user_create_helper (snat_main_per_thread_data_t * tsm,
+ snat_session_t * s)
+{
+ snat_user_key_t k;
+ k.addr = s->in2out.addr;
+ k.fib_index = s->in2out.fib_index;
+ clib_bihash_kv_8_8_t key, value;
+ key.key = k.as_u64;
+ snat_user_t *u;
+ if (clib_bihash_search_8_8 (&tsm->user_hash, &key, &value))
+ {
+ pool_get (tsm->users, u);
+ u->addr = k.addr;
+ u->fib_index = k.fib_index;
+ u->nsessions = 0;
+ u->nstaticsessions = 0;
+ key.value = u - tsm->users;
+ clib_bihash_add_del_8_8 (&tsm->user_hash, &key, 1);
+ }
+ else
+ {
+ u = pool_elt_at_index (tsm->users, value.value);
+ }
+ if (snat_is_session_static (s))
+ {
+ ++u->nstaticsessions;
+ }
+ else
+ {
+ ++u->nsessions;
+ }
+}
+
+static void
+nat_ed_users_create (snat_main_per_thread_data_t * tsm)
+{
+ snat_session_t *s;
+ /* *INDENT-OFF* */
+ pool_foreach (s, tsm->sessions, { nat_ed_user_create_helper (tsm, s); });
+ /* *INDENT-ON* */
+}
+
+static void
+nat_ed_users_destroy (snat_main_per_thread_data_t * tsm)
+{
+ snat_user_t *u;
+ /* *INDENT-OFF* */
+ pool_flush (u, tsm->users, { });
+ /* *INDENT-ON* */
+ clib_bihash_free_8_8 (&tsm->user_hash);
+ clib_bihash_init_8_8 (&tsm->user_hash, "users", snat_main.user_buckets,
+ snat_main.user_memory_size);
+ clib_bihash_set_kvp_format_fn_8_8 (&tsm->user_hash, format_user_kvp);
+}
+
static void
vl_api_nat44_user_dump_t_handler (vl_api_nat44_user_dump_t * mp)
{
/* *INDENT-OFF* */
vec_foreach (tsm, sm->per_thread_data)
{
+ if (sm->endpoint_dependent)
+ {
+ nat_ed_users_create (tsm);
+ }
pool_foreach (u, tsm->users,
({
send_nat44_user_details (u, reg, mp->context);
}));
+ if (sm->endpoint_dependent)
+ {
+ nat_ed_users_destroy (tsm);
+ }
}
/* *INDENT-ON* */
}
{
rmp->outside_port = s->out2in.port;
rmp->inside_port = s->in2out.port;
- rmp->protocol = ntohs (snat_proto_to_ip_proto (s->in2out.protocol));
+ rmp->protocol = ntohs (nat_proto_to_ip_proto (s->in2out.protocol));
}
if (is_ed_session (s) || is_fwd_bypass_session (s))
{
sm->worker_in2out_cb (&ip, ukey.fib_index, 0));
else
tsm = vec_elt_at_index (sm->per_thread_data, sm->num_workers);
- if (clib_bihash_search_8_8 (&tsm->user_hash, &key, &value))
- return;
- u = pool_elt_at_index (tsm->users, value.value);
- if (!u->nsessions && !u->nstaticsessions)
- return;
-
- head_index = u->sessions_per_user_list_head_index;
- head = pool_elt_at_index (tsm->list_pool, head_index);
- elt_index = head->next;
- elt = pool_elt_at_index (tsm->list_pool, elt_index);
- session_index = elt->value;
- while (session_index != ~0)
+ if (!sm->endpoint_dependent)
{
- s = pool_elt_at_index (tsm->sessions, session_index);
-
- send_nat44_user_session_details (s, reg, mp->context);
-
- elt_index = elt->next;
+ if (clib_bihash_search_8_8 (&tsm->user_hash, &key, &value))
+ return;
+ u = pool_elt_at_index (tsm->users, value.value);
+ if (!u->nsessions && !u->nstaticsessions)
+ return;
+
+ head_index = u->sessions_per_user_list_head_index;
+ head = pool_elt_at_index (tsm->list_pool, head_index);
+ elt_index = head->next;
elt = pool_elt_at_index (tsm->list_pool, elt_index);
session_index = elt->value;
+ while (session_index != ~0)
+ {
+ s = pool_elt_at_index (tsm->sessions, session_index);
+
+ send_nat44_user_session_details (s, reg, mp->context);
+
+ elt_index = elt->next;
+ elt = pool_elt_at_index (tsm->list_pool, elt_index);
+ session_index = elt->value;
+ }
+ }
+ else
+ {
+ /* *INDENT-OFF* */
+ pool_foreach (s, tsm->sessions, {
+ if (s->in2out.addr.as_u32 == ukey.addr.as_u32)
+ {
+ send_nat44_user_session_details (s, reg, mp->context);
+ }
+ });
+ /* *INDENT-ON* */
}
}
int rv = 0;
nat44_lb_addr_port_t *locals = 0;
ip4_address_t e_addr;
- snat_protocol_t proto;
+ nat_protocol_t proto;
u8 *tag = 0;
if (!sm->endpoint_dependent)
unformat_nat44_lb_addr_port (mp->locals,
clib_net_to_host_u32 (mp->local_num));
clib_memcpy (&e_addr, mp->external_addr, 4);
- proto = ip_proto_to_snat_proto (mp->protocol);
+ proto = ip_proto_to_nat_proto (mp->protocol);
if (mp->flags & NAT_API_IS_TWICE_NAT)
twice_nat = TWICE_NAT;
vl_api_nat44_lb_static_mapping_add_del_local_reply_t *rmp;
int rv = 0;
ip4_address_t e_addr, l_addr;
- snat_protocol_t proto;
+ nat_protocol_t proto;
if (!sm->endpoint_dependent)
{
clib_memcpy (&e_addr, mp->external_addr, 4);
clib_memcpy (&l_addr, mp->local.addr, 4);
- proto = ip_proto_to_snat_proto (mp->protocol);
+ proto = ip_proto_to_nat_proto (mp->protocol);
rv =
nat44_lb_static_mapping_add_del_local (e_addr,
clib_memcpy (rmp->external_addr, &(m->external_addr), 4);
rmp->external_port = ntohs (m->external_port);
- rmp->protocol = snat_proto_to_ip_proto (m->proto);
+ rmp->protocol = nat_proto_to_ip_proto (m->proto);
rmp->context = context;
if (m->twice_nat == TWICE_NAT)
u32 vrf_id;
int rv = 0;
u8 is_in;
- snat_protocol_t proto;
+ nat_protocol_t proto;
if (sm->deterministic)
{
memcpy (&addr.as_u8, mp->address, 4);
port = clib_net_to_host_u16 (mp->port);
vrf_id = clib_net_to_host_u32 (mp->vrf_id);
- proto = ip_proto_to_snat_proto (mp->protocol);
+ proto = ip_proto_to_nat_proto (mp->protocol);
memcpy (&eh_addr.as_u8, mp->ext_host_address, 4);
eh_port = clib_net_to_host_u16 (mp->ext_host_port);
vec_add1 (ses_to_be_removed, s - tsm->sessions);
}
}));
- vec_foreach (ses_index, ses_to_be_removed)
- {
- s = pool_elt_at_index(tsm->sessions, ses_index[0]);
- nat_free_session_data (sm, s, tsm - sm->per_thread_data, 0);
- nat44_delete_session (sm, s, tsm - sm->per_thread_data);
- }
+ if(sm->endpoint_dependent){
+ vec_foreach (ses_index, ses_to_be_removed)
+ {
+ s = pool_elt_at_index(tsm->sessions, ses_index[0]);
+ nat_free_session_data (sm, s, tsm - sm->per_thread_data, 0);
+ nat_ed_session_delete (sm, s, tsm - sm->per_thread_data, 1);
+ }
+ }else{
+ vec_foreach (ses_index, ses_to_be_removed)
+ {
+ s = pool_elt_at_index(tsm->sessions, ses_index[0]);
+ nat_free_session_data (sm, s, tsm - sm->per_thread_data, 0);
+ nat44_delete_session (sm, s, tsm - sm->per_thread_data);
+ }
+ }
vec_free (ses_to_be_removed);
}
/* *INDENT-ON* */
_(NAT_SET_WORKERS, nat_set_workers) \
_(NAT_WORKER_DUMP, nat_worker_dump) \
_(NAT44_DEL_USER, nat44_del_user) \
-_(NAT44_SESSION_CLEANUP, nat44_session_cleanup) \
+_(NAT44_SET_SESSION_LIMIT, nat44_set_session_limit) \
_(NAT_SET_LOG_LEVEL, nat_set_log_level) \
_(NAT_IPFIX_ENABLE_DISABLE, nat_ipfix_enable_disable) \
_(NAT_SET_TIMEOUTS, nat_set_timeouts) \
Code Review / vpp.git / blobdiff