X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=src%2Fplugins%2Fnat%2Fnat.api;h=00e9e71ecc66b597280dc3a325bdef996a25ea78;hb=6484f4b9c;hp=bd880a6498d506f384988915fabc1e9a67dafbc8;hpb=e71748291171e53158e2d36d8f413fed1a137013;p=vpp.git diff --git a/src/plugins/nat/nat.api b/src/plugins/nat/nat.api index bd880a6498d..00e9e71ecc6 100644 --- a/src/plugins/nat/nat.api +++ b/src/plugins/nat/nat.api @@ -13,9 +13,10 @@ * limitations under the License. */ -option version = "5.1.0"; +option version = "5.2.0"; import "vnet/ip/ip_types.api"; import "vnet/interface_types.api"; +import "plugins/nat/nat_types.api"; /** * @file nat.api @@ -29,19 +30,6 @@ import "vnet/interface_types.api"; * Common NAT plugin APIs */ -enum nat_config_flags : u8 -{ - NAT_IS_NONE = 0x00, - NAT_IS_TWICE_NAT = 0x01, - NAT_IS_SELF_TWICE_NAT = 0x02, - NAT_IS_OUT2IN_ONLY = 0x04, - NAT_IS_ADDR_ONLY = 0x08, - NAT_IS_OUTSIDE = 0x10, - NAT_IS_INSIDE = 0x20, - NAT_IS_STATIC = 0x40, - NAT_IS_EXT_HOST_VALID = 0x80, -}; - /** \brief Control ping from client to api server request @param client_index - opaque cookie to identify the sender @param context - sender context, to match reply w/ request @@ -72,11 +60,12 @@ define nat_control_ping_reply */ define nat_show_config { + option deprecated; u32 client_index; u32 context; }; -/** \brief Show NAT plugin startup config reply +/** \brief DEPRECATED: Show NAT plugin startup config reply @param context - sender context, to match reply w/ request @param retval - return code for the request @param static_mapping_only - if true dynamic translations disabled @@ -110,14 +99,72 @@ define nat_show_config_reply u32 translation_buckets; u32 translation_memory_size; u32 user_buckets; - u32 user_memory_size; + u64 user_memory_size; u32 max_translations_per_user; u32 outside_vrf_id; u32 inside_vrf_id; u32 nat64_bib_buckets; - u32 nat64_bib_memory_size; + u64 nat64_bib_memory_size; u32 nat64_st_buckets; - u32 nat64_st_memory_size; + u64 nat64_st_memory_size; +}; + +/** \brief Show NAT plugin startup config + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request +*/ +define nat_show_config_2 +{ + u32 client_index; + u32 context; +}; + +/** \brief Show NAT plugin startup config reply + @param context - sender context, to match reply w/ request + @param retval - return code for the request + @param static_mapping_only - if true dynamic translations disabled + @param static_mapping_connection_tracking - if true create session data + @param deterministic - if true deterministic mapping + @param endpoint_dependent - if true endpoint-dependent mode + @param out2in_dpo - if true out2in dpo mode + @param dslite_ce - if true DS-Lite is CE/B4 element, if false AFTR elemet + @param translation_buckets - number of translation hash buckets + @param translation_memory_size - translation hash memory size + @param user_buckets - number of user hash buckets + @param user_memory_size - user hash memory size + @param max_translations_per_user - maximum number of translations per user + @param outside_vrf_id - outside VRF id + @param inside_vrf_id - default inside VRF id + @param nat64_bib_buckets - number of NAT64 BIB hash buckets + @param nat64_bib_memory_size - memory size of NAT64 BIB hash + @param nat64_st_buckets - number of NAT64 session table hash buckets + @param nat64_st_memory_size - memory size of NAT64 session table hash + @param max_translations_per_thread - max translations per worker thread + @param max_users_per_thread - max users per worker thread +*/ +define nat_show_config_2_reply +{ + u32 context; + i32 retval; + bool static_mapping_only; + bool static_mapping_connection_tracking; + bool deterministic; + bool endpoint_dependent; + bool out2in_dpo; + bool dslite_ce; + u32 translation_buckets; + u64 translation_memory_size; + u32 user_buckets; + u64 user_memory_size; + u32 max_translations_per_user; + u32 outside_vrf_id; + u32 inside_vrf_id; + u32 nat64_bib_buckets; + u64 nat64_bib_memory_size; + u32 nat64_st_buckets; + u64 nat64_st_memory_size; + u32 max_translations_per_thread; + u32 max_users_per_thread; }; enum nat_log_level : u8 @@ -130,6 +177,28 @@ enum nat_log_level : u8 NAT_LOG_DEBUG = 0x05, }; +/** \brief Run nat44 garbage collection + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request +*/ +autoreply define nat44_session_cleanup { + u32 client_index; + u32 context; +}; + +/** \brief NAT44 set session limit + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + @param session_limit - session limit + @param vrf_id - vrf id +*/ +autoreply define nat44_set_session_limit { + u32 client_index; + u32 context; + u32 session_limit; + u32 vrf_id; +}; + /** \brief Set NAT logging level @param client_index - opaque cookie to identify the sender @param context - sender context, to match reply w/ request @@ -171,7 +240,7 @@ define nat_worker_details { u32 context; u32 worker_index; u32 lcore_id; - string name; + string name[64]; }; /** \brief Enable/disable NAT IPFIX logging @@ -189,85 +258,6 @@ autoreply define nat_ipfix_enable_disable { bool enable; }; -/** \brief Set NAT virtual fragmentation reassembly - @param client_index - opaque cookie to identify the sender - @param context - sender context, to match reply w/ request - @param timeout - reassembly timeout - @param max_reass - maximum number of concurrent reassemblies - @param max_frag - maximum number of fragmets per reassembly - @param drop_frag - if 0 translate fragments, otherwise drop fragments - @param is_ip6 - true if IPv6, false if IPv4 -*/ -autoreply define nat_set_reass { - u32 client_index; - u32 context; - u32 timeout; - u16 max_reass; - u8 max_frag; - u8 drop_frag; - bool is_ip6; -}; - -/** \brief Get NAT virtual fragmentation reassembly configuration - @param client_index - opaque cookie to identify the sender - @param context - sender context, to match reply w/ request -*/ -define nat_get_reass { - u32 client_index; - u32 context; -}; - -/** \brief Get NAT virtual fragmentation reassembly configuration reply - @param context - sender context, to match reply w/ request - @param retval - return code - @param ip4_timeout - reassembly timeout - @param ip4_max_reass - maximum number of concurrent reassemblies - @param ip4_max_frag - maximum number of fragmets per reassembly - @param ip4_drop_frag - if 0 translate fragments, otherwise drop fragments - @param ip6_timeout - reassembly timeout - @param ip6_max_reass - maximum number of concurrent reassemblies - @param ip6_max_frag - maximum number of fragmets per reassembly - @param ip6_drop_frag - if 0 translate fragments, otherwise drop fragments -*/ -define nat_get_reass_reply { - u32 context; - i32 retval; - u32 ip4_timeout; - u16 ip4_max_reass; - u8 ip4_max_frag; - u8 ip4_drop_frag; - u32 ip6_timeout; - u16 ip6_max_reass; - u8 ip6_max_frag; - u8 ip6_drop_frag; -}; - -/** \brief Dump NAT virtual fragmentation reassemblies - @param client_index - opaque cookie to identify the sender - @param context - sender context, to match reply w/ request -*/ -define nat_reass_dump { - u32 client_index; - u32 context; -}; - -/** \brief NAT virtual fragmentation reassemblies response - @param context - sender context, to match reply w/ request - @param src_addr - source IPv4 address - @param dst_addr - destination IPv4 address - @param frag_id - fragment ID - @param proto - protocol - @param frag_n - number of cached fragments -*/ -define nat_reass_details { - u32 context; - vl_api_address_t src_addr; - vl_api_address_t dst_addr; - u32 frag_id; - u8 proto; - u8 frag_n; -}; - /** \brief Set values of timeouts for NAT sessions (seconds) @param client_index - opaque cookie to identify the sender @param context - sender context, to match reply w/ request @@ -526,6 +516,19 @@ service { * NAT44 APIs */ +/** \brief Del NAT44 user + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + @param ip_address - IPv4 address + @param fib_index - FIB index +*/ +autoreply define nat44_del_user { + u32 client_index; + u32 context; + vl_api_ip4_address_t ip_address; + u32 fib_index; +}; + /** \brief Add/del NAT44 address range @param client_index - opaque cookie to identify the sender @param context - sender context, to match reply w/ request @@ -678,7 +681,48 @@ autoreply define nat44_add_del_static_mapping { u16 external_port; vl_api_interface_index_t external_sw_if_index; u32 vrf_id; - string tag; + string tag[64]; +}; + +/** \brief Add/delete NAT44 static mapping + @param client_index - opaque cookie to identify the sender + @param context - sender context, to match reply w/ request + @param is_add - true if add, false if delete + @param match_pool - true if use specific pool_ip_address + @param flags - flag NAT_IS_ADDR_ONLY if address only mapping, + flag nat_is_twice_nat if nat address range for external hosts, + flag NAT_IS_SELF_TWICE_NAT if translate external host address + and port whenever external host address equals local + address of internal host, + flag NAT_IS_OUT2IN_ONLY if rule match only out2in direction + @param pool_ip_address - pool IPv4 address to match with pool + @param local_ip_address - local IPv4 address + @param external_ip_address - external IPv4 address + @param protocol - IP protocol, used only if addr_only=0 + @param local_port - local port number, used only if addr_only=0 + @param external_port - external port number, used only if addr_only=0 + @param external_sw_if_index - external interface (if set + external_ip_address is ignored, ~0 means not + used) + @param vfr_id - VRF ID + @param tag - opaque string tag +*/ +autoreply define nat44_add_del_static_mapping_v2 { + option status="in_progress"; + u32 client_index; + u32 context; + bool is_add; + bool match_pool; + vl_api_nat_config_flags_t flags; + vl_api_ip4_address_t pool_ip_address; + vl_api_ip4_address_t local_ip_address; + vl_api_ip4_address_t external_ip_address; + u8 protocol; + u16 local_port; + u16 external_port; + vl_api_interface_index_t external_sw_if_index; + u32 vrf_id; + string tag[64]; }; /** \brief Dump NAT44 static mappings @@ -717,7 +761,7 @@ define nat44_static_mapping_details { u16 external_port; vl_api_interface_index_t external_sw_if_index; u32 vrf_id; - string tag; + string tag[64]; }; /** \brief Add/delete NAT44 identity mapping @@ -743,7 +787,7 @@ autoreply define nat44_add_del_identity_mapping { u16 port; vl_api_interface_index_t sw_if_index; u32 vrf_id; - string tag; + string tag[64]; }; /** \brief Dump NAT44 identity mappings @@ -773,7 +817,7 @@ define nat44_identity_mapping_details { u16 port; vl_api_interface_index_t sw_if_index; u32 vrf_id; - string tag; + string tag[64]; }; /** \brief Add/delete NAT44 pool address from specific interfce @@ -927,9 +971,9 @@ autoreply manual_endian define nat44_add_del_lb_static_mapping { u16 external_port; u8 protocol; u32 affinity; + string tag[64]; u32 local_num; vl_api_nat44_lb_addr_port_t locals[local_num]; - string tag; }; /** \brief Add/delete NAT44 load-balancing static mapping rule backend @@ -983,9 +1027,9 @@ manual_endian define nat44_lb_static_mapping_details { u8 protocol; vl_api_nat_config_flags_t flags; u32 affinity; + string tag[64]; u32 local_num; vl_api_nat44_lb_addr_port_t locals[local_num]; - string tag; }; /** \brief Delete NAT44 session @@ -1045,174 +1089,6 @@ define nat44_forwarding_is_enabled_reply { bool enabled; }; - -/* - * Deterministic NAT (CGN) APIs - */ - -/** \brief Add/delete NAT deterministic mapping - @param client_index - opaque cookie to identify the sender - @param context - sender context, to match reply w/ request - @param is_add - true if add, false if delete - @param in_addr - inside IPv4 address - @param in_plen - inside IPv4 address prefix length - @param out_addr - outside IPv4 address - @param out_plen - outside IPv4 address prefix length -*/ -autoreply define nat_det_add_del_map { - u32 client_index; - u32 context; - bool is_add; - vl_api_ip4_address_t in_addr; - u8 in_plen; - vl_api_ip4_address_t out_addr; - u8 out_plen; -}; - -/** \brief Get outside address and port range from inside address - @param client_index - opaque cookie to identify the sender - @param context - sender context, to match reply w/ request - @param in_addr - inside IP address -*/ -define nat_det_forward { - u32 client_index; - u32 context; - vl_api_ip4_address_t in_addr; -}; - -/** \brief Get outside address and port range from inside address - @param context - sender context, to match reply w/ request - @param retval - return code - @param out_port_lo - outside port range start - @param out_port_hi - outside port range end - @param out_addr - outside IPv4 address -*/ -define nat_det_forward_reply { - u32 context; - i32 retval; - u16 out_port_lo; - u16 out_port_hi; - vl_api_ip4_address_t out_addr; -}; - -/** \brief Get inside address from outside address and port - @param client_index - opaque cookie to identify the sender - @param context - sender context, to match reply w/ request - @param out_port - outside port - @param out_addr - outside IPv4 address -*/ -define nat_det_reverse { - u32 client_index; - u32 context; - u16 out_port; - vl_api_ip4_address_t out_addr; -}; - -/** \brief Get inside address from outside address and port reply - @param context - sender context, to match reply w/ request - @param retval - return code - @param in_addr - inside IP address -*/ -define nat_det_reverse_reply { - u32 context; - i32 retval; - vl_api_ip4_address_t in_addr; -}; - -/** \brief Dump NAT deterministic mappings - @param client_index - opaque cookie to identify the sender - @param context - sender context, to match reply w/ request -*/ -define nat_det_map_dump { - u32 client_index; - u32 context; -}; - -/** \brief NAT users response - @param context - sender context, to match reply w/ request - @param in_addr - inside IPv4 address - @param in_plen - inside IPv4 address prefix length - @param out_addr - outside IPv4 address - @param out_plen - outside IPv4 address prefix length - @param sharing_ratio - outside to inside address sharing ratio - @param ports_per_host - number of ports available to a host - @param ses_num - number of sessions belonging to this mapping -*/ -define nat_det_map_details { - u32 context; - vl_api_ip4_address_t in_addr; - u8 in_plen; - vl_api_ip4_address_t out_addr; - u8 out_plen; - u32 sharing_ratio; - u16 ports_per_host; - u32 ses_num; -}; - -/** \brief Close deterministic NAT session by outside address and port - @param client_index - opaque cookie to identify the sender - @param context - sender context, to match reply w/ request - @param out_addr - outside IPv4 address - @param out_port - outside port - @param ext_addr - external host IPv4 address - @param ext_port - external host port -*/ -autoreply define nat_det_close_session_out { - u32 client_index; - u32 context; - vl_api_ip4_address_t out_addr; - u16 out_port; - vl_api_ip4_address_t ext_addr; - u16 ext_port; -}; - -/** \brief Close deterministic NAT session by inside address and port - @param client_index - opaque cookie to identify the sender - @param context - sender context, to match reply w/ request - @param in_addr - inside IP address - @param in_port - inside port - @param ext_addr - external host IP address - @param ext_port - external host port -*/ -autoreply define nat_det_close_session_in { - u32 client_index; - u32 context; - vl_api_ip4_address_t in_addr; - u16 in_port; - vl_api_ip4_address_t ext_addr; - u16 ext_port; -}; - -/** \brief Dump determinstic NAT sessions - @param client_index - opaque cookie to identify the sender - @param context - sender context, to match reply w/ request - @param user_addr - address of an inside user whose sessions to dump -*/ -define nat_det_session_dump { - u32 client_index; - u32 context; - vl_api_ip4_address_t user_addr; -}; - -/** \brief Deterministic NAT sessions reply - @param context - sender context, to match reply w/ request - @param in_port - inside port - @param ext_addr - external host IPv4 address - @param ext_port - external host port - @param out_port - outside NAT port - @param state - session state - @param expire - session expiration timestamp -*/ -define nat_det_session_details { - u32 context; - u16 in_port; - vl_api_ip4_address_t ext_addr; - u16 ext_port; - u16 out_port; - u8 state; - u32 expire; -}; - /* * NAT64 APIs */ @@ -1442,193 +1318,3 @@ autoreply define nat64_add_del_interface_addr { bool is_add; vl_api_interface_index_t sw_if_index; }; - -/* - * DS-Lite APIs - */ - -/** \brief Add/delete address range to DS-Lite pool - @param client_index - opaque cookie to identify the sender - @param context - sender context, to match reply w/ request - @param start_addr - start IPv4 address of the range - @param end_addr - end IPv4 address of the range - @param is_add - true if add, false if delete -*/ -autoreply define dslite_add_del_pool_addr_range { - u32 client_index; - u32 context; - vl_api_ip4_address_t start_addr; - vl_api_ip4_address_t end_addr; - bool is_add; -}; - -/** \brief Dump DS-Lite addresses - @param client_index - opaque cookie to identify the sender - @param context - sender context, to match reply w/ request -*/ -define dslite_address_dump { - u32 client_index; - u32 context; -}; - -/** \brief DS-Lite address details response - @param context - sender context, to match reply w/ request - @param ip_address - IPv4 address -*/ -define dslite_address_details { - u32 context; - vl_api_ip4_address_t ip_address; -}; - -/** \brief Set AFTR IPv6 and IPv4 addresses - @param client_index - opaque cookie to identify the sender - @param context - sender context, to match reply w/ request - @param ip4_addr - IPv4 address - @param ip6_addr - IPv6 address -*/ -autoreply define dslite_set_aftr_addr { - u32 client_index; - u32 context; - vl_api_ip4_address_t ip4_addr; - vl_api_ip6_address_t ip6_addr; -}; - -/** \brief Get AFTR IPv6 and IPv4 addresses - @param client_index - opaque cookie to identify the sender - @param context - sender context, to match reply w/ request -*/ -define dslite_get_aftr_addr { - u32 client_index; - u32 context; -}; - -/** \brief Response to get AFTR IPv6 and IPv4 addresses - @param context - sender context, to match reply w/ request - @param retval - return code - @param ip4_addr - IPv4 address - @param ip6_addr - IPv6 address -*/ -define dslite_get_aftr_addr_reply { - u32 context; - i32 retval; - vl_api_ip4_address_t ip4_addr; - vl_api_ip6_address_t ip6_addr; -}; - -/** \brief Set B4 IPv6 and IPv4 addresses - @param client_index - opaque cookie to identify the sender - @param context - sender context, to match reply w/ request - @param ip4_addr - IPv4 address - @param ip6_addr - IPv6 address -*/ -autoreply define dslite_set_b4_addr { - u32 client_index; - u32 context; - vl_api_ip4_address_t ip4_addr; - vl_api_ip6_address_t ip6_addr; -}; - -/** \brief Get B4 IPv6 and IPv4 addresses - @param client_index - opaque cookie to identify the sender - @param context - sender context, to match reply w/ request -*/ -define dslite_get_b4_addr { - u32 client_index; - u32 context; -}; - -/** \brief Response to get B4 IPv6 and IPv4 addresses - @param context - sender context, to match reply w/ request - @param retval - return code - @param ip4_addr - IPv4 address - @param ip6_addr - IPv6 address -*/ -define dslite_get_b4_addr_reply { - u32 context; - i32 retval; - vl_api_ip4_address_t ip4_addr; - vl_api_ip6_address_t ip6_addr; -}; - -/* - * NAT66 APIs - */ -/** \brief Enable/disable NAT66 feature on the interface - @param client_index - opaque cookie to identify the sender - @param context - sender context, to match reply w/ request - @param is_add - true if add, false if delete - @param flags - flag NAT_IS_INSIDE if interface is inside or - interface is outside, - @param sw_if_index - software index of the interface -*/ -autoreply define nat66_add_del_interface { - u32 client_index; - u32 context; - bool is_add; - vl_api_nat_config_flags_t flags; - vl_api_interface_index_t sw_if_index; -}; - -/** \brief Dump interfaces with NAT66 feature - @param client_index - opaque cookie to identify the sender - @param context - sender context, to match reply w/ request -*/ -define nat66_interface_dump { - u32 client_index; - u32 context; -}; - -/** \brief NAT66 interface details response - @param context - sender context, to match reply w/ request - @param flags - flag NAT_IS_INSIDE if interface is inside or - interface is outside, - @param sw_if_index - software index of the interface -*/ -define nat66_interface_details { - u32 context; - vl_api_nat_config_flags_t flags; - vl_api_interface_index_t sw_if_index; -}; - -/** \brief Add/delete 1:1 NAT66 - @param client_index - opaque cookie to identify the sender - @param context - sender context, to match reply w/ request - @param is_add - true if add, false if delete - @param local_ip_address - local IPv6 address - @param external_ip_address - external IPv6 address - @param vrf_id - VRF id of tenant -*/ -autoreply define nat66_add_del_static_mapping { - u32 client_index; - u32 context; - bool is_add; - vl_api_ip6_address_t local_ip_address; - vl_api_ip6_address_t external_ip_address; - u32 vrf_id; -}; - -/** \brief Dump NAT66 static mappings - @param client_index - opaque cookie to identify the sender - @param context - sender context, to match reply w/ request -*/ -define nat66_static_mapping_dump { - u32 client_index; - u32 context; -}; - -/** \brief NAT66 static mapping details response - @param context - sender context, to match reply w/ request - @param local_ip_address - local IPv6 address - @param external_ip_address - external IPv6 address - @param vrf_id - VRF id of tenant - @param total_bytes - count of bytes sent through static mapping - @param total_pkts - count of pakets sent through static mapping -*/ -define nat66_static_mapping_details { - u32 context; - vl_api_ip6_address_t local_ip_address; - vl_api_ip6_address_t external_ip_address; - u32 vrf_id; - u64 total_bytes; - u64 total_pkts; -};