-static clib_error_t *
-snat_config (vlib_main_t * vm, unformat_input_t * input)
-{
- snat_main_t *sm = &snat_main;
- snat_main_per_thread_data_t *tsm;
-
- u32 static_mapping_buckets = 1024;
- uword static_mapping_memory_size = 64 << 20;
-
- u32 max_users_per_thread = 0;
- u32 user_memory_size = 0;
- u32 max_translations_per_thread = 0;
- u32 translation_memory_size = 0;
-
- u32 max_translations_per_user = ~0;
-
- u32 outside_vrf_id = 0;
- u32 outside_ip6_vrf_id = 0;
- u32 inside_vrf_id = 0;
- u8 static_mapping_only = 0;
- u8 static_mapping_connection_tracking = 0;
-
- u32 udp_timeout = SNAT_UDP_TIMEOUT;
- u32 icmp_timeout = SNAT_ICMP_TIMEOUT;
- u32 tcp_transitory_timeout = SNAT_TCP_TRANSITORY_TIMEOUT;
- u32 tcp_established_timeout = SNAT_TCP_ESTABLISHED_TIMEOUT;
-
- sm->out2in_dpo = 0;
- sm->endpoint_dependent = 0;
-
- while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
- {
- if (unformat
- (input, "max translations per thread %d",
- &max_translations_per_thread))
- ;
- else if (unformat (input, "udp timeout %d", &udp_timeout))
- ;
- else if (unformat (input, "icmp timeout %d", &icmp_timeout))
- ;
- else if (unformat (input, "tcp transitory timeout %d",
- &tcp_transitory_timeout));
- else if (unformat (input, "tcp established timeout %d",
- &tcp_established_timeout));
- else if (unformat (input, "translation hash memory %d",
- &translation_memory_size));
- else
- if (unformat
- (input, "max users per thread %d", &max_users_per_thread))
- ;
- else if (unformat (input, "user hash memory %d", &user_memory_size))
- ;
- else if (unformat (input, "max translations per user %d",
- &max_translations_per_user))
- ;
- else if (unformat (input, "outside VRF id %d", &outside_vrf_id))
- ;
- else if (unformat (input, "outside ip6 VRF id %d", &outside_ip6_vrf_id))
- ;
- else if (unformat (input, "inside VRF id %d", &inside_vrf_id))
- ;
- else if (unformat (input, "static mapping only"))
- {
- static_mapping_only = 1;
- if (unformat (input, "connection tracking"))
- static_mapping_connection_tracking = 1;
- }
- else if (unformat (input, "out2in dpo"))
- sm->out2in_dpo = 1;
- else if (unformat (input, "endpoint-dependent"))
- sm->endpoint_dependent = 1;
- else
- return clib_error_return (0, "unknown input '%U'",
- format_unformat_error, input);
- }
-
- if (static_mapping_only && (sm->endpoint_dependent))
- return clib_error_return (0,
- "static mapping only mode available only for simple nat");
-
- if (sm->out2in_dpo && (sm->endpoint_dependent))
- return clib_error_return (0,
- "out2in dpo mode available only for simple nat");
- if (sm->endpoint_dependent && max_users_per_thread > 0)
- {
- return clib_error_return (0,
- "setting 'max users' in endpoint-dependent mode is not supported");
- }
-
- if (sm->endpoint_dependent && max_translations_per_user != ~0)
- {
- return clib_error_return (0,
- "setting 'max translations per user' in endpoint-dependent mode is not supported");
- }
-
- /* optionally configurable timeouts for testing purposes */
- sm->udp_timeout = udp_timeout;
- sm->tcp_transitory_timeout = tcp_transitory_timeout;
- sm->tcp_established_timeout = tcp_established_timeout;
- sm->icmp_timeout = icmp_timeout;
-
- if (0 == max_users_per_thread)
- {
- max_users_per_thread = 1024;
- }
- sm->max_users_per_thread = max_users_per_thread;
- sm->user_buckets = nat_calc_bihash_buckets (sm->max_users_per_thread);
-
- if (0 == max_translations_per_thread)
- {
- // default value based on legacy setting of load factor 10 * default
- // translation buckets 1024
- max_translations_per_thread = 10 * 1024;
- }
- sm->translation_memory_size_set = translation_memory_size != 0;
-
- sm->max_translations_per_thread = max_translations_per_thread;
- sm->translation_buckets =
- nat_calc_bihash_buckets (sm->max_translations_per_thread);
- if (0 == translation_memory_size)
- {
- translation_memory_size =
- nat_calc_bihash_memory (sm->translation_buckets,
- sizeof (clib_bihash_16_8_t));
- }
- sm->translation_memory_size = translation_memory_size;
- if (0 == user_memory_size)
- {
- user_memory_size =
- nat_calc_bihash_memory (sm->max_users_per_thread,
- sizeof (clib_bihash_8_8_t));
- }
- sm->user_memory_size = user_memory_size;
- vec_add1 (sm->max_translations_per_fib, sm->max_translations_per_thread);
-
- sm->max_translations_per_user = max_translations_per_user == ~0 ?
- sm->max_translations_per_thread : max_translations_per_user;
-
- sm->outside_vrf_id = outside_vrf_id;
- sm->outside_fib_index = fib_table_find_or_create_and_lock (FIB_PROTOCOL_IP4,
- outside_vrf_id,
- nat_fib_src_hi);
- sm->inside_vrf_id = inside_vrf_id;
- sm->inside_fib_index = fib_table_find_or_create_and_lock (FIB_PROTOCOL_IP4,
- inside_vrf_id,
- nat_fib_src_hi);
- sm->static_mapping_only = static_mapping_only;
- sm->static_mapping_connection_tracking = static_mapping_connection_tracking;
-
- if (sm->endpoint_dependent)
- {
- sm->worker_in2out_cb = nat44_ed_get_worker_in2out_cb;
- sm->worker_out2in_cb = nat44_ed_get_worker_out2in_cb;
-
- sm->in2out_node_index = nat44_ed_in2out_node.index;
- sm->in2out_output_node_index = nat44_ed_in2out_output_node.index;
- sm->out2in_node_index = nat44_ed_out2in_node.index;
-
- sm->icmp_match_in2out_cb = icmp_match_in2out_ed;
- sm->icmp_match_out2in_cb = icmp_match_out2in_ed;
- nat_affinity_init (vm);
- nat_ha_init (vm, nat_ha_sadd_ed_cb, nat_ha_sdel_ed_cb,
- nat_ha_sref_ed_cb);
- clib_bihash_init_16_8 (&sm->out2in_ed, "out2in-ed",
- clib_max (1, sm->num_workers) *
- sm->translation_buckets,
- clib_max (1, sm->num_workers) *
- sm->translation_memory_size);
- clib_bihash_set_kvp_format_fn_16_8 (&sm->out2in_ed,
- format_ed_session_kvp);
- }
- else
- {
- sm->worker_in2out_cb = snat_get_worker_in2out_cb;
- sm->worker_out2in_cb = snat_get_worker_out2in_cb;
-
- sm->in2out_node_index = snat_in2out_node.index;
- sm->in2out_output_node_index = snat_in2out_output_node.index;
- sm->out2in_node_index = snat_out2in_node.index;
-
- sm->icmp_match_in2out_cb = icmp_match_in2out_slow;
- sm->icmp_match_out2in_cb = icmp_match_out2in_slow;
- nat_ha_init (vm, nat_ha_sadd_cb, nat_ha_sdel_cb, nat_ha_sref_cb);
- }
- if (!static_mapping_only ||
- (static_mapping_only && static_mapping_connection_tracking))
- {
- /* *INDENT-OFF* */
- vec_foreach (tsm, sm->per_thread_data)
- {
- nat44_db_init (tsm);
- }
- /* *INDENT-ON* */
- }
- else
- {
- sm->icmp_match_in2out_cb = icmp_match_in2out_fast;
- sm->icmp_match_out2in_cb = icmp_match_out2in_fast;
- }
- clib_bihash_init_8_8 (&sm->static_mapping_by_local,
- "static_mapping_by_local", static_mapping_buckets,
- static_mapping_memory_size);
- clib_bihash_set_kvp_format_fn_8_8 (&sm->static_mapping_by_local,
- format_static_mapping_kvp);
-
- clib_bihash_init_8_8 (&sm->static_mapping_by_external,
- "static_mapping_by_external",
- static_mapping_buckets, static_mapping_memory_size);
- clib_bihash_set_kvp_format_fn_8_8 (&sm->static_mapping_by_external,
- format_static_mapping_kvp);
-
- return 0;
-}
-
-VLIB_CONFIG_FUNCTION (snat_config, "nat");
-