X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=src%2Fplugins%2Fnat%2Fnat.h;h=518f2002056e7cf8449684bbf190c60d5b8558bd;hb=9f57c72e27e21ce8dc8ebfee059711e3102d0c6b;hp=324dc2608c090bc524ede48e55510c390de1707b;hpb=de118da58e80aec43f4b816a1ea957634a8bc07c;p=vpp.git diff --git a/src/plugins/nat/nat.h b/src/plugins/nat/nat.h index 324dc2608c0..518f2002056 100644 --- a/src/plugins/nat/nat.h +++ b/src/plugins/nat/nat.h @@ -68,21 +68,6 @@ typedef struct u32 arc_next_index; } nat_pre_trace_t; -/* deterministic session outside key */ -typedef struct -{ - union - { - struct - { - ip4_address_t ext_host_addr; - u16 ext_host_port; - u16 out_port; - }; - u64 as_u64; - }; -} snat_det_out_key_t; - /* user (internal host) key */ typedef struct { @@ -213,6 +198,20 @@ typedef enum #define NAT_STATIC_MAPPING_FLAG_IDENTITY_NAT 4 #define NAT_STATIC_MAPPING_FLAG_LB 8 +/* *INDENT-OFF* */ +typedef CLIB_PACKED(struct +{ + // number of sessions in this vrf + u32 ses_count; + + u32 rx_fib_index; + u32 tx_fib_index; + + // is this vrf expired + u8 expired; +}) per_vrf_sessions_t; +/* *INDENT-ON* */ + /* *INDENT-OFF* */ typedef CLIB_PACKED(struct { @@ -273,10 +272,13 @@ typedef CLIB_PACKED(struct /* user index */ u32 user_index; + + /* per vrf sessions index */ + u32 per_vrf_sessions_index; + }) snat_session_t; /* *INDENT-ON* */ - typedef struct { ip4_address_t addr; @@ -303,38 +305,14 @@ typedef struct typedef struct { u32 fib_index; - u32 refcount; -} nat_outside_fib_t; - -typedef struct -{ - /* Inside network port */ - u16 in_port; - /* Outside network address and port */ - snat_det_out_key_t out; - /* Session state */ - u8 state; - /* Expire timeout */ - u32 expire; -} snat_det_session_t; + u32 ref_count; +} nat_fib_t; typedef struct { - /* inside IP address range */ - ip4_address_t in_addr; - u8 in_plen; - /* outside IP address range */ - ip4_address_t out_addr; - u8 out_plen; - /* inside IP addresses / outside IP addresses */ - u32 sharing_ratio; - /* number of ports available to internal host */ - u16 ports_per_host; - /* session counter */ - u32 ses_num; - /* vector of sessions */ - snat_det_session_t *sessions; -} snat_det_map_t; + u32 fib_index; + u32 refcount; +} nat_outside_fib_t; typedef struct { @@ -459,6 +437,8 @@ typedef struct /* real thread index */ u32 thread_index; + per_vrf_sessions_t *per_vrf_sessions_vec; + } snat_main_per_thread_data_t; struct snat_main_s; @@ -546,6 +526,9 @@ typedef struct snat_main_s u16 start_port; u16 end_port; + /* vector of fibs */ + nat_fib_t *fibs; + /* vector of outside fibs */ nat_outside_fib_t *outside_fibs; @@ -590,8 +573,6 @@ typedef struct snat_main_s u32 out2in_fast_node_index; u32 ed_out2in_node_index; u32 ed_out2in_slowpath_node_index; - u32 det_in2out_node_index; - u32 det_out2in_node_index; u32 hairpinning_node_index; u32 hairpin_dst_node_index; @@ -600,20 +581,18 @@ typedef struct snat_main_s u32 ed_hairpin_dst_node_index; u32 ed_hairpin_src_node_index; - - /* Deterministic NAT mappings */ - snat_det_map_t *det_maps; - /* If forwarding is enabled */ u8 forwarding_enabled; /* Config parameters */ u8 static_mapping_only; u8 static_mapping_connection_tracking; - u8 deterministic; u8 out2in_dpo; u8 endpoint_dependent; + /* Is translation memory size calculated or user defined */ + u8 translation_memory_size_set; + u32 translation_buckets; uword translation_memory_size; u32 max_translations_per_thread; @@ -736,8 +715,6 @@ extern vlib_node_registration_t snat_out2in_node; extern vlib_node_registration_t snat_in2out_worker_handoff_node; extern vlib_node_registration_t snat_in2out_output_worker_handoff_node; extern vlib_node_registration_t snat_out2in_worker_handoff_node; -extern vlib_node_registration_t snat_det_in2out_node; -extern vlib_node_registration_t snat_det_out2in_node; extern vlib_node_registration_t nat44_ed_in2out_node; extern vlib_node_registration_t nat44_ed_in2out_output_node; extern vlib_node_registration_t nat44_ed_out2in_node; @@ -750,7 +727,6 @@ format_function_t format_snat_user; format_function_t format_snat_static_mapping; format_function_t format_snat_static_map_to_resolve; format_function_t format_snat_session; -format_function_t format_det_map_ses; format_function_t format_snat_key; format_function_t format_static_mapping_key; format_function_t format_nat_protocol; @@ -1068,20 +1044,6 @@ u32 icmp_match_out2in_slow (snat_main_t * sm, vlib_node_runtime_t * node, nat_protocol_t * proto, void *d, void *e, u8 * dont_translate); -/* ICMP deterministic NAT session match functions */ -u32 icmp_match_out2in_det (snat_main_t * sm, vlib_node_runtime_t * node, - u32 thread_index, vlib_buffer_t * b0, - ip4_header_t * ip0, ip4_address_t * addr, - u16 * port, u32 * fib_index, - nat_protocol_t * proto, void *d, void *e, - u8 * dont_translate); -u32 icmp_match_in2out_det (snat_main_t * sm, vlib_node_runtime_t * node, - u32 thread_index, vlib_buffer_t * b0, - ip4_header_t * ip0, ip4_address_t * addr, - u16 * port, u32 * fib_index, - nat_protocol_t * proto, void *d, void *e, - u8 * dont_translate); - /* ICMP endpoint-dependent session match functions */ u32 icmp_match_out2in_ed (snat_main_t * sm, vlib_node_runtime_t * node, u32 thread_index, vlib_buffer_t * b0, @@ -1308,6 +1270,14 @@ void nat_free_session_data (snat_main_t * sm, snat_session_t * s, */ int nat44_set_session_limit (u32 session_limit, u32 vrf_id); +/** + * @brief Update NAT44 session limit flushing all data (session limit, vrf id) + * + * @param session_limit Session limit + * @param vrf_id VRF id + * @return 0 on success, non-zero value otherwise + */ +int nat44_update_session_limit (u32 session_limit, u32 vrf_id); /** * @brief Free NAT44 ED session data (lookup keys, external address port) * @@ -1419,6 +1389,8 @@ int snat_alloc_outside_address_and_port (snat_address_t * addresses, u16 port_per_thread, u32 snat_thread_index); +void expire_per_vrf_sessions (u32 fib_index); + /** * @brief Match NAT44 static mapping. *