X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=src%2Fplugins%2Fnat%2Fnat44-ed%2Fnat44_ed.h;h=e2047fe12ac3d6810c5e9090b9f92e9a3c4cd1c7;hb=b68108203;hp=4665f7c0966c33d3a613f92dbfe69bbe0f657d98;hpb=69b7599e4b061a8996205f0304232ede84cb70d4;p=vpp.git diff --git a/src/plugins/nat/nat44-ed/nat44_ed.h b/src/plugins/nat/nat44-ed/nat44_ed.h index 4665f7c0966..e2047fe12ac 100644 --- a/src/plugins/nat/nat44-ed/nat44_ed.h +++ b/src/plugins/nat/nat44-ed/nat44_ed.h @@ -12,10 +12,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -/** - * @file nat.c - * NAT plugin global declarations - */ + #ifndef __included_nat44_ed_h__ #define __included_nat44_ed_h__ @@ -63,16 +60,9 @@ typedef enum nat44_config_flags_t_ typedef struct { - /* nat44 plugin features */ - u8 static_mapping_only; - u8 connection_tracking; - u32 inside_vrf; u32 outside_vrf; - - /* maximum number of sessions */ u32 sessions; - } nat44_config_t; typedef enum @@ -96,46 +86,12 @@ typedef struct u32 arc_next_index; } nat_pre_trace_t; -/* External address and port allocation modes */ -#define foreach_nat_addr_and_port_alloc_alg \ - _(0, DEFAULT, "default") \ - _(1, MAPE, "map-e") \ - _(2, RANGE, "port-range") - -typedef enum -{ -#define _(v, N, s) NAT_ADDR_AND_PORT_ALLOC_ALG_##N = v, - foreach_nat_addr_and_port_alloc_alg -#undef _ -} nat_addr_and_port_alloc_alg_t; - -/* Session state */ -#define foreach_snat_session_state \ - _(0, UNKNOWN, "unknown") \ - _(1, UDP_ACTIVE, "udp-active") \ - _(2, TCP_SYN_SENT, "tcp-syn-sent") \ - _(3, TCP_ESTABLISHED, "tcp-established") \ - _(4, TCP_FIN_WAIT, "tcp-fin-wait") \ - _(5, TCP_CLOSE_WAIT, "tcp-close-wait") \ - _(6, TCP_CLOSING, "tcp-closing") \ - _(7, TCP_LAST_ACK, "tcp-last-ack") \ - _(8, TCP_CLOSED, "tcp-closed") \ - _(9, ICMP_ACTIVE, "icmp-active") - -typedef enum -{ -#define _(v, N, s) SNAT_SESSION_##N = v, - foreach_snat_session_state -#undef _ -} snat_session_state_t; - #define foreach_nat_in2out_ed_error \ _ (UNSUPPORTED_PROTOCOL, "unsupported protocol") \ _ (OUT_OF_PORTS, "out of ports") \ _ (BAD_ICMP_TYPE, "unsupported ICMP type") \ _ (MAX_SESSIONS_EXCEEDED, "maximum sessions exceeded") \ _ (NON_SYN, "non-SYN packet try to create session") \ - _ (TCP_CLOSED, "drops due to TCP in transitory timeout") \ _ (TRNSL_FAILED, "couldn't translate packet") typedef enum @@ -165,15 +121,50 @@ typedef enum NAT_OUT2IN_ED_N_ERROR, } nat_out2in_ed_error_t; +typedef enum +{ + NAT44_ED_TCP_FLAG_NONE = 0, + NAT44_ED_TCP_FLAG_FIN, + NAT44_ED_TCP_FLAG_SYN, + NAT44_ED_TCP_FLAG_SYNFIN, + NAT44_ED_TCP_FLAG_RST, + NAT44_ED_TCP_FLAG_FINRST, + NAT44_ED_TCP_FLAG_SYNRST, + NAT44_ED_TCP_FLAG_SYNFINRST, + NAT44_ED_TCP_N_FLAG, +} nat44_ed_tcp_flag_e; + +typedef enum +{ + NAT44_ED_DIR_I2O = 0, + NAT44_ED_DIR_O2I, + NAT44_ED_N_DIR, +} nat44_ed_dir_e; /* Endpoint dependent TCP session state */ -#define NAT44_SES_I2O_FIN 1 -#define NAT44_SES_O2I_FIN 2 -#define NAT44_SES_I2O_FIN_ACK 4 -#define NAT44_SES_O2I_FIN_ACK 8 -#define NAT44_SES_I2O_SYN 16 -#define NAT44_SES_O2I_SYN 32 -#define NAT44_SES_RST 64 +typedef enum +{ + NAT44_ED_TCP_STATE_CLOSED = 0, + NAT44_ED_TCP_STATE_SYN_I2O, + NAT44_ED_TCP_STATE_SYN_O2I, + NAT44_ED_TCP_STATE_ESTABLISHED, + NAT44_ED_TCP_STATE_FIN_I2O, + NAT44_ED_TCP_STATE_FIN_O2I, + NAT44_ED_TCP_STATE_RST_TRANS, + NAT44_ED_TCP_STATE_FIN_TRANS, + NAT44_ED_TCP_STATE_FIN_REOPEN_SYN_I2O, + NAT44_ED_TCP_STATE_FIN_REOPEN_SYN_O2I, + NAT44_ED_TCP_N_STATE, +} nat44_ed_tcp_state_e; + +format_function_t format_ed_session_kvp; +format_function_t format_snat_session; +format_function_t format_snat_static_mapping; +format_function_t format_snat_static_map_to_resolve; +format_function_t format_nat_ed_translation_error; +format_function_t format_nat_6t_flow; +format_function_t format_nat_6t; +format_function_t format_nat44_ed_tcp_state; /* Session flags */ #define SNAT_SESSION_FLAG_STATIC_MAPPING (1 << 0) @@ -345,10 +336,7 @@ typedef CLIB_PACKED(struct u16 ext_host_nat_port; /* TCP session state */ - u8 state; - u32 i2o_fin_seq; - u32 o2i_fin_seq; - u64 tcp_closed_timestamp; + nat44_ed_tcp_state_e tcp_state; /* per vrf sessions index */ u32 per_vrf_sessions_index; @@ -359,7 +347,10 @@ typedef CLIB_PACKED(struct typedef struct { ip4_address_t addr; + ip4_address_t net; + u32 sw_if_index; u32 fib_index; + u32 addr_len; } snat_address_t; typedef struct @@ -447,6 +438,7 @@ typedef struct typedef struct { + u8 is_resolved; ip4_address_t l_addr; ip4_address_t pool_addr; u16 l_port; @@ -455,13 +447,22 @@ typedef struct u32 vrf_id; ip_protocol_t proto; u32 flags; - int addr_only; - int twice_nat; - int out2in_only; - int identity_nat; - int exact; u8 *tag; -} snat_static_map_resolve_t; +} snat_static_mapping_resolve_t; + +typedef struct +{ + u8 is_resolved; + u8 is_twice_nat; + u32 sw_if_index; +} snat_address_resolve_t; + +typedef struct +{ + u32 count; + u32 sw_if_index; + ip4_address_t addr; +} snat_fib_entry_reg_t; typedef struct { @@ -535,21 +536,8 @@ typedef struct snat_main_s /* Vector of twice NAT addresses for external hosts */ snat_address_t *twice_nat_addresses; - /* sw_if_indices whose intfc addresses should be auto-added */ - u32 *auto_add_sw_if_indices; - u32 *auto_add_sw_if_indices_twice_nat; - - /* Address and port allocation function */ - nat_alloc_out_addr_and_port_function_t *alloc_addr_and_port; - /* Address and port allocation type */ - nat_addr_and_port_alloc_alg_t addr_and_port_alloc_alg; - /* Port set parameters (MAP-E) */ - u8 psid_offset; - u8 psid_length; - u16 psid; - /* Port range parameters */ - u16 start_port; - u16 end_port; + /* first interface address should be auto-added */ + snat_address_resolve_t *addr_to_resolve; /* vector of fibs */ nat_fib_t *fibs; @@ -557,8 +545,11 @@ typedef struct snat_main_s /* vector of outside fibs */ nat_outside_fib_t *outside_fibs; + /* vector of fib entries */ + snat_fib_entry_reg_t *fib_entry_reg; + /* vector of interface address static mappings to resolve. */ - snat_static_map_resolve_t *to_resolve; + snat_static_mapping_resolve_t *sm_to_resolve; /* Randomize port allocation order */ u32 random_seed; @@ -568,20 +559,11 @@ typedef struct snat_main_s u32 fq_in2out_output_index; u32 fq_out2in_index; - u32 out2in_node_index; - u32 in2out_node_index; - u32 in2out_output_node_index; - nat44_config_t rconfig; - //nat44_config_t cconfig; /* If forwarding is enabled */ u8 forwarding_enabled; - /* static mapping config */ - u8 static_mapping_only; - u8 static_mapping_connection_tracking; - /* Is translation memory size calculated or user defined */ u8 translation_memory_size_set; @@ -646,16 +628,11 @@ typedef struct snat_main_s u8 log_level; /* convenience */ - api_main_t *api_main; ip4_main_t *ip4_main; - ip_lookup_main_t *ip4_lookup_main; fib_source_t fib_src_hi; fib_source_t fib_src_low; - /* pat - dynamic mapping enabled or conneciton tracking */ - u8 pat; - /* number of worker handoff frame queue elements */ u32 frame_queue_nelts; @@ -664,6 +641,16 @@ typedef struct snat_main_s vnet_main_t *vnet_main; + /* TCP session state machine table: + * first dimension is possible states + * second dimension is direction (in2out/out2in) + * third dimension is TCP flag (SYN, RST, FIN) + * + * value is next state to change to + */ + nat44_ed_tcp_state_e tcp_state_change_table[NAT44_ED_TCP_N_STATE] + [NAT44_ED_N_DIR] + [NAT44_ED_TCP_N_FLAG]; } snat_main_t; typedef struct @@ -678,32 +665,25 @@ typedef struct uword *cached_presence_by_ip4_address; } snat_runtime_t; +/* + * Why is this here? Because we don't need to touch this layer to + * simply reply to an icmp. We need to change id to a unique + * value to NAT an echo request/reply. + */ + extern snat_main_t snat_main; -// nat pre ed next_node feature classification extern vlib_node_registration_t nat_default_node; extern vlib_node_registration_t nat_pre_in2out_node; extern vlib_node_registration_t nat_pre_out2in_node; -extern vlib_node_registration_t snat_in2out_node; -extern vlib_node_registration_t snat_in2out_output_node; -extern vlib_node_registration_t snat_out2in_node; -extern vlib_node_registration_t snat_in2out_worker_handoff_node; -extern vlib_node_registration_t snat_in2out_output_worker_handoff_node; -extern vlib_node_registration_t snat_out2in_worker_handoff_node; extern vlib_node_registration_t nat44_ed_in2out_node; extern vlib_node_registration_t nat44_ed_in2out_output_node; extern vlib_node_registration_t nat44_ed_out2in_node; -extern fib_source_t nat_fib_src_hi; -extern fib_source_t nat_fib_src_low; - -/* format functions */ -format_function_t format_snat_static_mapping; -format_function_t format_snat_static_map_to_resolve; -format_function_t format_snat_session; -format_function_t format_static_mapping_key; -format_function_t format_nat_addr_and_port_alloc_alg; +extern vlib_node_registration_t snat_in2out_worker_handoff_node; +extern vlib_node_registration_t snat_in2out_output_worker_handoff_node; +extern vlib_node_registration_t snat_out2in_worker_handoff_node; /** \brief Check if SNAT session is created from static mapping. @param s SNAT session @@ -785,16 +765,6 @@ nat44_ed_is_interface_outside (snat_interface_t *i) return i->flags & NAT_INTERFACE_FLAG_IS_OUTSIDE; } -/** \brief Check if NAT44 endpoint-dependent TCP session is closed. - @param s NAT session - @return true if session is closed -*/ -always_inline bool -nat44_is_ses_closed (snat_session_t *s) -{ - return s->state == 0xf; -} - /** \brief Check if client initiating TCP connection (received SYN from client) @param t TCP header @return true if client initiating TCP connection @@ -853,13 +823,10 @@ is_sm_switch_address (u32 f) return (f & NAT_SM_FLAG_SWITCH_ADDRESS); } -/* logging */ #define nat_log_err(...) \ vlib_log(VLIB_LOG_LEVEL_ERR, snat_main.log_class, __VA_ARGS__) #define nat_log_warn(...) \ vlib_log(VLIB_LOG_LEVEL_WARNING, snat_main.log_class, __VA_ARGS__) -#define nat_log_notice(...) \ - vlib_log(VLIB_LOG_LEVEL_NOTICE, snat_main.log_class, __VA_ARGS__) #define nat_log_info(...) \ vlib_log(VLIB_LOG_LEVEL_INFO, snat_main.log_class, __VA_ARGS__) #define nat_log_debug(...)\ @@ -878,7 +845,7 @@ int nat44_ed_add_output_interface (u32 sw_if_index); int nat44_ed_del_output_interface (u32 sw_if_index); int nat44_ed_add_address (ip4_address_t *addr, u32 vrf_id, u8 twice_nat); -int nat44_ed_del_address (ip4_address_t addr, u8 delete_sm, u8 twice_nat); +int nat44_ed_del_address (ip4_address_t addr, u8 twice_nat); int nat44_ed_add_interface_address (u32 sw_if_index, u8 twice_nat); int nat44_ed_del_interface_address (u32 sw_if_index, u8 twice_nat); @@ -969,29 +936,8 @@ int snat_static_mapping_match ( lb_nat_type_t *lb, ip4_address_t *ext_host_addr, u8 *is_identity_nat, snat_static_mapping_t **out); -/* - * Why is this here? Because we don't need to touch this layer to - * simply reply to an icmp. We need to change id to a unique - * value to NAT an echo request/reply. - */ - -typedef struct -{ - u16 identifier; - u16 sequence; -} icmp_echo_header_t; - -typedef struct -{ - u16 src_port, dst_port; -} tcp_udp_header_t; - u32 get_thread_idx_by_port (u16 e_port); -u8 *format_static_mapping_kvp (u8 *s, va_list *args); - -u8 *format_session_kvp (u8 *s, va_list *args); - u32 nat_calc_bihash_buckets (u32 n_elts); void nat44_addresses_free (snat_address_t **addresses); @@ -1000,30 +946,8 @@ void nat44_ed_sessions_clear (); int nat44_ed_set_frame_queue_nelts (u32 frame_queue_nelts); -typedef enum -{ - NAT_ED_TRNSL_ERR_SUCCESS = 0, - NAT_ED_TRNSL_ERR_TRANSLATION_FAILED = 1, - NAT_ED_TRNSL_ERR_FLOW_MISMATCH = 2, - NAT_ED_TRNSL_ERR_PACKET_TRUNCATED = 3, - NAT_ED_TRNSL_ERR_INNER_IP_CORRUPT = 4, - NAT_ED_TRNSL_ERR_INVALID_CSUM = 5, -} nat_translation_error_e; - -nat_translation_error_e nat_6t_flow_buf_translate_i2o ( - vlib_main_t *vm, snat_main_t *sm, vlib_buffer_t *b, ip4_header_t *ip, - nat_6t_flow_t *f, ip_protocol_t proto, int is_output_feature); - -nat_translation_error_e nat_6t_flow_buf_translate_o2i ( - vlib_main_t *vm, snat_main_t *sm, vlib_buffer_t *b, ip4_header_t *ip, - nat_6t_flow_t *f, ip_protocol_t proto, int is_output_feature); - void nat_6t_l3_l4_csum_calc (nat_6t_flow_t *f); -format_function_t format_nat_ed_translation_error; -format_function_t format_nat_6t_flow; -format_function_t format_ed_session_kvp; - snat_static_mapping_t *nat44_ed_sm_i2o_lookup (snat_main_t *sm, ip4_address_t addr, u16 port, u32 fib_index, u8 proto); @@ -1044,6 +968,24 @@ void nat_syslog_nat44_sdel (u32 ssubix, u32 sfibix, ip4_address_t *isaddr, ip4_address_t *xdaddr, u16 xdport, u8 proto, u8 is_twicenat); +typedef enum +{ + NAT_ED_TRNSL_ERR_SUCCESS = 0, + NAT_ED_TRNSL_ERR_TRANSLATION_FAILED = 1, + NAT_ED_TRNSL_ERR_FLOW_MISMATCH = 2, + NAT_ED_TRNSL_ERR_PACKET_TRUNCATED = 3, + NAT_ED_TRNSL_ERR_INNER_IP_CORRUPT = 4, + NAT_ED_TRNSL_ERR_INVALID_CSUM = 5, +} nat_translation_error_e; + +nat_translation_error_e nat_6t_flow_buf_translate_i2o ( + vlib_main_t *vm, snat_main_t *sm, vlib_buffer_t *b, ip4_header_t *ip, + nat_6t_flow_t *f, ip_protocol_t proto, int is_output_feature); + +nat_translation_error_e nat_6t_flow_buf_translate_o2i ( + vlib_main_t *vm, snat_main_t *sm, vlib_buffer_t *b, ip4_header_t *ip, + nat_6t_flow_t *f, ip_protocol_t proto, int is_output_feature); + #endif /* __included_nat44_ed_h__ */ /* * fd.io coding-style-patch-verification: ON