{
s_kv.key = s->out2in.as_u64;
if (clib_bihash_add_del_8_8 (&tsm->out2in, &s_kv, 0))
- nat_log_warn ("out2in key del failed");
+ nat_elog_warn ("out2in key del failed");
snat_ipfix_logging_nat44_ses_delete (ctx->thread_index,
s->in2out.addr.as_u32,
{
b0->error = node->errors[SNAT_IN2OUT_ERROR_MAX_SESSIONS_EXCEEDED];
nat_ipfix_logging_max_sessions (thread_index, sm->max_translations);
- nat_log_notice ("maximum sessions exceeded");
+ nat_elog_notice ("maximum sessions exceeded");
return SNAT_IN2OUT_NEXT_DROP;
}
thread_index);
if (!u)
{
- nat_log_warn ("create NAT user failed");
+ nat_elog_warn ("create NAT user failed");
return SNAT_IN2OUT_NEXT_DROP;
}
if (!s)
{
nat44_delete_user_with_no_session (sm, u, thread_index);
- nat_log_warn ("create NAT session failed");
+ nat_elog_warn ("create NAT session failed");
return SNAT_IN2OUT_NEXT_DROP;
}
if (clib_bihash_add_or_overwrite_stale_8_8
(&sm->per_thread_data[thread_index].in2out, &kv0,
nat44_i2o_is_idle_session_cb, &ctx0))
- nat_log_notice ("in2out key add failed");
+ nat_elog_notice ("in2out key add failed");
kv0.key = s->out2in.as_u64;
kv0.value = s - sm->per_thread_data[thread_index].sessions;
if (clib_bihash_add_or_overwrite_stale_8_8
(&sm->per_thread_data[thread_index].out2in, &kv0,
nat44_o2i_is_idle_session_cb, &ctx0))
- nat_log_notice ("out2in key add failed");
+ nat_elog_notice ("out2in key add failed");
/* log NAT event */
snat_ipfix_logging_nat44_ses_create (thread_index,
{
next0 = SNAT_IN2OUT_NEXT_DROP;
b0->error = node->errors[SNAT_IN2OUT_ERROR_MAX_REASS];
- nat_log_notice ("maximum reassemblies exceeded");
+ nat_elog_notice ("maximum reassemblies exceeded");
goto trace0;
}
(thread_index, reass0, bi0, &fragments_to_drop))
{
b0->error = node->errors[SNAT_IN2OUT_ERROR_MAX_FRAG];
- nat_log_notice
+ nat_elog_notice
("maximum fragments per reassembly exceeded");
next0 = SNAT_IN2OUT_NEXT_DROP;
goto trace0;
ed_kv.key[0] = ed_key.as_u64[0];
ed_kv.key[1] = ed_key.as_u64[1];
if (clib_bihash_add_del_16_8 (&tsm->out2in_ed, &ed_kv, 0))
- nat_log_warn ("out2in_ed key del failed");
+ nat_elog_warn ("out2in_ed key del failed");
if (snat_is_unk_proto_session (s))
goto delete;
{
b->error = node->errors[NAT_IN2OUT_ED_ERROR_MAX_SESSIONS_EXCEEDED];
nat_ipfix_logging_max_sessions (thread_index, sm->max_translations);
- nat_log_notice ("maximum sessions exceeded");
+ nat_elog_notice ("maximum sessions exceeded");
return NAT_IN2OUT_ED_NEXT_DROP;
}
sm->port_per_thread,
tsm->snat_thread_index))
{
- nat_log_notice ("addresses exhausted");
+ nat_elog_notice ("addresses exhausted");
b->error = node->errors[NAT_IN2OUT_ED_ERROR_OUT_OF_PORTS];
return NAT_IN2OUT_ED_NEXT_DROP;
}
u = nat_user_get_or_create (sm, &key->l_addr, rx_fib_index, thread_index);
if (!u)
{
- nat_log_warn ("create NAT user failed");
+ nat_elog_warn ("create NAT user failed");
if (!is_sm)
snat_free_outside_address_and_port (sm->addresses,
thread_index, &key1);
if (!s)
{
nat44_delete_user_with_no_session (sm, u, thread_index);
- nat_log_warn ("create NAT session failed");
+ nat_elog_warn ("create NAT session failed");
if (!is_sm)
snat_free_outside_address_and_port (sm->addresses,
thread_index, &key1);
if (clib_bihash_add_or_overwrite_stale_16_8 (&tsm->in2out_ed, kv,
nat44_i2o_ed_is_idle_session_cb,
&ctx))
- nat_log_notice ("in2out-ed key add failed");
+ nat_elog_notice ("in2out-ed key add failed");
make_ed_kv (kv, &key1.addr, &key->r_addr, key->proto, s->out2in.fib_index,
key1.port, key->r_port);
if (clib_bihash_add_or_overwrite_stale_16_8 (&tsm->out2in_ed, kv,
nat44_o2i_ed_is_idle_session_cb,
&ctx))
- nat_log_notice ("out2in-ed key add failed");
+ nat_elog_notice ("out2in-ed key add failed");
*sessionp = s;
s = pool_elt_at_index (tsm->sessions, value.value);
if (nat44_is_ses_closed (s))
{
- nat_log_debug ("TCP close connection %U", format_snat_session,
- &sm->per_thread_data[thread_index], s);
nat_free_session_data (sm, s, thread_index, 0);
nat44_delete_session (sm, s, thread_index);
}
{
b->error = node->errors[NAT_IN2OUT_ED_ERROR_MAX_SESSIONS_EXCEEDED];
nat_ipfix_logging_max_sessions (thread_index, sm->max_translations);
- nat_log_notice ("maximum sessions exceeded");
+ nat_elog_notice ("maximum sessions exceeded");
return 0;
}
thread_index);
if (!u)
{
- nat_log_warn ("create NAT user failed");
+ nat_elog_warn ("create NAT user failed");
return 0;
}
if (!s)
{
nat44_delete_user_with_no_session (sm, u, thread_index);
- nat_log_warn ("create NAT session failed");
+ nat_elog_warn ("create NAT session failed");
return 0;
}
rx_fib_index, 0, 0);
s_kv.value = s - tsm->sessions;
if (clib_bihash_add_del_16_8 (&tsm->in2out_ed, &s_kv, 1))
- nat_log_notice ("in2out key add failed");
+ nat_elog_notice ("in2out key add failed");
make_ed_kv (&s_kv, &s->out2in.addr, &ip->dst_address, ip->protocol,
outside_fib_index, 0, 0);
s_kv.value = s - tsm->sessions;
if (clib_bihash_add_del_16_8 (&tsm->out2in_ed, &s_kv, 1))
- nat_log_notice ("out2in key add failed");
+ nat_elog_notice ("out2in key add failed");
}
/* Update IP checksum */
{
next0 = NAT_IN2OUT_ED_NEXT_DROP;
b0->error = node->errors[NAT_IN2OUT_ED_ERROR_MAX_REASS];
- nat_log_notice ("maximum reassemblies exceeded");
+ nat_elog_notice ("maximum reassemblies exceeded");
goto trace0;
}
(thread_index, reass0, bi0, &fragments_to_drop))
{
b0->error = node->errors[NAT_IN2OUT_ED_ERROR_MAX_FRAG];
- nat_log_notice
+ nat_elog_notice
("maximum fragments per reassembly exceeded");
next0 = NAT_IN2OUT_ED_NEXT_DROP;
goto trace0;
* limitations under the License.
*/
-option version = "5.0.0";
+option version = "5.1.0";
import "vnet/ip/ip_types.api";
import "vnet/interface_types.api";
u32 nat64_st_memory_size;
};
+enum nat_log_level : u8
+{
+ NAT_LOG_NONE = 0x00,
+ NAT_LOG_ERROR = 0x01,
+ NAT_LOG_WARNING = 0x02,
+ NAT_LOG_NOTICE = 0x03,
+ NAT_LOG_INFO = 0x04,
+ NAT_LOG_DEBUG = 0x05,
+};
+
+/** \brief Set NAT logging level
+ @param client_index - opaque cookie to identify the sender
+ @param context - sender context, to match reply w/ request
+ @param log_level - logging level
+*/
+autoreply define nat_set_log_level {
+ u32 client_index;
+ u32 context;
+ vl_api_nat_log_level_t log_level;
+};
+
/** \brief Set NAT workers
@param client_index - opaque cookie to identify the sender
@param context - sender context, to match reply w/ request
ed_kv.key[0] = ed_key.as_u64[0];
ed_kv.key[1] = ed_key.as_u64[1];
if (clib_bihash_add_del_16_8 (&tsm->in2out_ed, &ed_kv, 0))
- nat_log_warn ("in2out_ed key del failed");
+ nat_elog_warn ("in2out_ed key del failed");
return;
}
ed_kv.key[0] = ed_key.as_u64[0];
ed_kv.key[1] = ed_key.as_u64[1];
if (clib_bihash_add_del_16_8 (&tsm->out2in_ed, &ed_kv, 0))
- nat_log_warn ("out2in_ed key del failed");
+ nat_elog_warn ("out2in_ed key del failed");
ed_key.l_addr = s->in2out.addr;
ed_key.fib_index = s->in2out.fib_index;
if (!snat_is_unk_proto_session (s))
ed_kv.key[0] = ed_key.as_u64[0];
ed_kv.key[1] = ed_key.as_u64[1];
if (clib_bihash_add_del_16_8 (&tsm->in2out_ed, &ed_kv, 0))
- nat_log_warn ("in2out_ed key del failed");
+ nat_elog_warn ("in2out_ed key del failed");
if (!is_ha)
nat_syslog_nat44_sdel (s->user_index, s->in2out.fib_index,
{
kv.key = s->in2out.as_u64;
if (clib_bihash_add_del_8_8 (&tsm->in2out, &kv, 0))
- nat_log_warn ("in2out key del failed");
+ nat_elog_warn ("in2out key del failed");
kv.key = s->out2in.as_u64;
if (clib_bihash_add_del_8_8 (&tsm->out2in, &kv, 0))
- nat_log_warn ("out2in key del failed");
+ nat_elog_warn ("out2in key del failed");
if (!is_ha)
nat_syslog_nat44_apmdel (s->user_index, s->in2out.fib_index,
/* add user */
if (clib_bihash_add_del_8_8 (&tsm->user_hash, &kv, 1))
- nat_log_warn ("user_hash keay add failed");
+ nat_elog_warn ("user_hash keay add failed");
vlib_set_simple_counter (&sm->total_users, thread_index, 0,
pool_elts (tsm->users));
if ((u->nsessions + u->nstaticsessions) >=
sm->max_translations_per_user)
{
- nat_log_warn ("max translations per user %U", format_ip4_address,
- &u->addr);
+ nat_elog_addr (SNAT_LOG_WARNING, "[warn] max translations per user",
+ clib_net_to_host_u32 (u->addr.as_u32));
snat_ipfix_logging_max_entries_per_user
(thread_index, sm->max_translations_per_user, u->addr.as_u32);
return 0;
foreach_snat_protocol
#undef _
default:
- nat_log_info ("unknown protocol");
+ nat_elog_info ("unknown protocol");
return VNET_API_ERROR_INVALID_VALUE_2;
}
break;
foreach_snat_protocol
#undef _
default:
- nat_log_info ("unknown protocol");
+ nat_elog_info ("unknown protocol");
return VNET_API_ERROR_INVALID_VALUE_2;
}
break;
foreach_snat_protocol
#undef _
default:
- nat_log_info ("unknown protocol");
+ nat_elog_info ("unknown protocol");
return VNET_API_ERROR_INVALID_VALUE_2;
}
break;
kv.value = m - sm->static_mappings;
if (clib_bihash_add_del_8_8 (&sm->static_mapping_by_external, &kv, 1))
{
- nat_log_err ("static_mapping_by_external key add failed");
+ nat_elog_err ("static_mapping_by_external key add failed");
return VNET_API_ERROR_UNSPECIFIED;
}
foreach_snat_protocol
#undef _
default:
- nat_log_info ("unknown protocol");
+ nat_elog_info ("unknown protocol");
return VNET_API_ERROR_INVALID_VALUE_2;
}
break;
kv.key = m_key.as_u64;
if (clib_bihash_add_del_8_8 (&sm->static_mapping_by_external, &kv, 0))
{
- nat_log_err ("static_mapping_by_external key del failed");
+ nat_elog_err ("static_mapping_by_external key del failed");
return VNET_API_ERROR_UNSPECIFIED;
}
kv.key = m_key.as_u64;
if (clib_bihash_add_del_8_8(&sm->static_mapping_by_local, &kv, 0))
{
- nat_log_err ("static_mapping_by_local key del failed");
+ nat_elog_err ("static_mapping_by_local key del failed");
return VNET_API_ERROR_UNSPECIFIED;
}
}
kv.key = m_key.as_u64;
kv.value = m - sm->static_mappings;
if (clib_bihash_add_del_8_8 (&sm->static_mapping_by_local, &kv, 1))
- nat_log_err ("static_mapping_by_local key add failed");
+ nat_elog_err ("static_mapping_by_local key add failed");
}
}
else
m_key.fib_index = match_local->fib_index;
kv.key = m_key.as_u64;
if (clib_bihash_add_del_8_8 (&sm->static_mapping_by_local, &kv, 0))
- nat_log_err ("static_mapping_by_local key del failed");
+ nat_elog_err ("static_mapping_by_local key del failed");
}
if (sm->num_workers > 1)
/* Check if address is used in some static mapping */
if (is_snat_address_used_in_static_mapping (sm, addr))
{
- nat_log_notice ("address used in static mapping");
+ nat_elog_notice ("address used in static mapping");
return VNET_API_ERROR_UNSPECIFIED;
}
}
sm->addr_and_port_alloc_alg = NAT_ADDR_AND_PORT_ALLOC_ALG_DEFAULT;
sm->forwarding_enabled = 0;
sm->log_class = vlib_log_register_class ("nat", 0);
+ sm->log_level = SNAT_LOG_NONE;
sm->mss_clamping = 0;
node = vlib_get_node_by_name (vm, (u8 *) "error-drop");
foreach_snat_protocol
#undef _
default:
- nat_log_info ("unknown protocol");
+ nat_elog_info ("unknown protocol");
return;
}
}
foreach_snat_protocol
#undef _
default:
- nat_log_info ("unknown protocol");
+ nat_elog_info ("unknown protocol");
return 1;
}
}
match.protocol, match.port,
tmp[lo], m->affinity,
m->affinity_per_service_list_head_index))
- nat_log_info ("create affinity record failed");
+ nat_elog_info ("create affinity record failed");
}
vec_free (tmp);
}
foreach_snat_protocol
#undef _
default:
- nat_log_info ("unknown protocol");
+ nat_elog_info ("unknown protocol");
return 1;
}
foreach_snat_protocol
#undef _
default:
- nat_log_info ("unknown protocol");
+ nat_elog_info ("unknown protocol");
return 1;
}
}
foreach_snat_protocol
#undef _
default:
- nat_log_info ("unknown protocol");
+ nat_elog_info ("unknown protocol");
return 1;
}
foreach_snat_protocol
#undef _
default:
- nat_log_info ("unknown protocol");
+ nat_elog_info ("unknown protocol");
return 1;
}
kv.key = key.as_u64;
kv.value = s - tsm->sessions;
if (clib_bihash_add_del_8_8 (&tsm->out2in, &kv, 1))
- nat_log_warn ("out2in key add failed");
+ nat_elog_warn ("out2in key add failed");
key.addr.as_u32 = in_addr->as_u32;
key.port = in_port;
s->in2out = key;
kv.key = key.as_u64;
if (clib_bihash_add_del_8_8 (&tsm->in2out, &kv, 1))
- nat_log_warn ("in2out key add failed");
+ nat_elog_warn ("in2out key add failed");
}
void
snat_proto_to_ip_proto (proto), fib_index, in_port,
s->ext_host_nat_port);
if (clib_bihash_add_del_16_8 (&tsm->in2out_ed, &kv, 1))
- nat_log_warn ("in2out key add failed");
+ nat_elog_warn ("in2out key add failed");
make_ed_kv (&kv, out_addr, eh_addr, snat_proto_to_ip_proto (proto),
s->out2in.fib_index, out_port, eh_port);
if (clib_bihash_add_del_16_8 (&tsm->out2in_ed, &kv, 1))
- nat_log_warn ("out2in key add failed");
+ nat_elog_warn ("out2in key add failed");
}
void
rp->proto, !is_delete, rp->twice_nat,
rp->out2in_only, rp->tag, rp->identity_nat);
if (rv)
- nat_log_notice ("snat_add_static_mapping returned %d", rv);
+ nat_elog_notice_X1 ("snat_add_static_mapping returned %d", "i4", rv);
}
static void
rp->out2in_only, rp->tag,
rp->identity_nat);
if (rv)
- nat_log_notice ("snat_add_static_mapping returned %d", rv);
+ nat_elog_notice_X1 ("snat_add_static_mapping returned %d",
+ "i4", rv);
}
}
return;
#include <vnet/ethernet/ethernet.h>
#include <vnet/ip/icmp46_packet.h>
#include <vnet/api_errno.h>
+#include <vppinfra/elog.h>
#include <vppinfra/bihash_8_8.h>
#include <vppinfra/bihash_16_8.h>
#include <vppinfra/dlist.h>
/* log class */
vlib_log_class_t log_class;
+ /* logging level */
+ u8 log_level;
/* convenience */
vlib_main_t *vlib_main;
#define nat_log_debug(...)\
vlib_log(VLIB_LOG_LEVEL_DEBUG, snat_main.log_class, __VA_ARGS__)
+/* NAT API Logging Levels */
+#define foreach_nat_log_level \
+ _(0x00, LOG_NONE) \
+ _(0x01, LOG_ERROR) \
+ _(0x02, LOG_WARNING) \
+ _(0x03, LOG_NOTICE) \
+ _(0x04, LOG_INFO) \
+ _(0x05, LOG_DEBUG)
+
+typedef enum nat_log_level_t_
+{
+#define _(n,f) SNAT_##f = n,
+ foreach_nat_log_level
+#undef _
+} nat_log_level_t;
+
+#define nat_elog(_level, _str) \
+do \
+ { \
+ snat_main_t *sm = &snat_main; \
+ if (PREDICT_FALSE (sm->log_level >= _level)) \
+ { \
+ ELOG_TYPE_DECLARE (e) = \
+ { \
+ .format = "nat-msg" _str, \
+ .format_args = "", \
+ }; \
+ ELOG_DATA (&sm->vlib_main->elog_main, e); \
+ } \
+ } while (0);
+
+#define nat_elog_addr(_level, _str, _addr) \
+do \
+ { \
+ if (PREDICT_FALSE (sm->log_level >= _level)) \
+ { \
+ ELOG_TYPE_DECLARE (e) = \
+ { \
+ .format = "nat-msg " _str " %d.%d.%d.%d", \
+ .format_args = "i1i1i1i1", \
+ }; \
+ CLIB_PACKED(struct \
+ { \
+ u8 oct1; \
+ u8 oct2; \
+ u8 oct3; \
+ u8 oct4; \
+ }) *ed; \
+ ed = ELOG_DATA (&vlib_global_main.elog_main, e); \
+ ed->oct4 = _addr >> 24; \
+ ed->oct3 = _addr >> 16; \
+ ed->oct2 = _addr >> 8; \
+ ed->oct1 = _addr; \
+ } \
+ } while (0);
+
+#define nat_elog_X1(_level, _fmt, _arg, _val1) \
+do \
+ { \
+ snat_main_t *sm = &snat_main; \
+ if (PREDICT_FALSE (sm->log_level >= _level)) \
+ { \
+ ELOG_TYPE_DECLARE (e) = \
+ { \
+ .format = "nat-msg " _fmt, \
+ .format_args = _arg, \
+ }; \
+ CLIB_PACKED(struct \
+ { \
+ typeof (_val1) val1; \
+ }) *ed; \
+ ed = ELOG_DATA (&sm->vlib_main->elog_main, e); \
+ ed->val1 = _val1; \
+ } \
+ } while (0);
+
+#define nat_elog_notice(nat_elog_str) \
+ nat_elog(SNAT_LOG_INFO, "[notice] " nat_elog_str)
+#define nat_elog_warn(nat_elog_str) \
+ nat_elog(SNAT_LOG_WARNING, "[warning] " nat_elog_str)
+#define nat_elog_err(nat_elog_str) \
+ nat_elog(SNAT_LOG_ERROR, "[error] " nat_elog_str)
+#define nat_elog_debug(nat_elog_str) \
+ nat_elog(SNAT_LOG_DEBUG, "[debug] " nat_elog_str)
+#define nat_elog_info(nat_elog_str) \
+ nat_elog(SNAT_LOG_INFO, "[info] " nat_elog_str)
+
+#define nat_elog_notice_X1(nat_elog_fmt_str, nat_elog_fmt_arg, nat_elog_val1) \
+ nat_elog_X1(SNAT_LOG_NOTICE, "[notice] " nat_elog_fmt_str, nat_elog_fmt_arg, nat_elog_val1)
+#define nat_elog_warn_X1(nat_elog_fmt_str, nat_elog_fmt_arg, nat_elog_val1) \
+ nat_elog_X1(SNAT_LOG_WARNING, "[warning] " nat_elog_fmt_str, nat_elog_fmt_arg, nat_elog_val1)
+#define nat_elog_err_X1(nat_elog_fmt_str, nat_elog_fmt_arg, nat_elog_val1) \
+ nat_elog_X1(SNAT_LOG_ERROR, "[error] " nat_elog_fmt_str, nat_elog_fmt_arg, nat_elog_val1)
+#define nat_elog_debug_X1(nat_elog_fmt_str, nat_elog_fmt_arg, nat_elog_val1) \
+ nat_elog_X1(SNAT_LOG_DEBUG, "[debug] " nat_elog_fmt_str, nat_elog_fmt_arg, nat_elog_val1)
+#define nat_elog_info_X1(nat_elog_fmt_str, nat_elog_fmt_arg, nat_elog_val1) \
+ nat_elog_X1(SNAT_LOG_INFO, "[info] " nat_elog_fmt_str, nat_elog_fmt_arg, nat_elog_val1)
+
/* ICMP session match functions */
u32 icmp_match_in2out_fast (snat_main_t * sm, vlib_node_runtime_t * node,
u32 thread_index, vlib_buffer_t * b0,
next0 = NAT44_CLASSIFY_NEXT_DROP;
b0->error =
node->errors[NAT44_CLASSIFY_ERROR_MAX_REASS];
- nat_log_notice ("maximum reassemblies exceeded");
+ nat_elog_notice ("maximum reassemblies exceeded");
goto enqueue0;
}
if (!clib_bihash_search_16_8 (&tsm->in2out_ed, &ed_kv0,
next0 = NAT44_CLASSIFY_NEXT_DROP;
b0->error =
node->errors[NAT44_CLASSIFY_ERROR_MAX_REASS];
- nat_log_notice ("maximum reassemblies exceeded");
+ nat_elog_notice ("maximum reassemblies exceeded");
goto enqueue0;
}
/* check if first fragment has arrived */
{
b0->error =
node->errors[NAT44_CLASSIFY_ERROR_MAX_FRAG];
- nat_log_notice
+ nat_elog_notice
("maximum fragments per reassembly exceeded");
next0 = NAT44_CLASSIFY_NEXT_DROP;
goto enqueue0;
next0 = NAT44_CLASSIFY_NEXT_DROP;
b0->error =
node->errors[NAT44_CLASSIFY_ERROR_MAX_REASS];
- nat_log_notice ("maximum reassemblies exceeded");
+ nat_elog_notice ("maximum reassemblies exceeded");
goto enqueue0;
}
/* save classification for future fragments and set past
next0 = NAT44_CLASSIFY_NEXT_DROP;
b0->error =
node->errors[NAT44_CLASSIFY_ERROR_MAX_REASS];
- nat_log_notice ("maximum reassemblies exceeded");
+ nat_elog_notice ("maximum reassemblies exceeded");
goto enqueue0;
}
if (reass0->classify_next == NAT_REASS_IP4_CLASSIFY_NONE)
{
b0->error =
node->errors[NAT44_CLASSIFY_ERROR_MAX_FRAG];
- nat_log_notice
+ nat_elog_notice
("maximum fragments per reassembly exceeded");
next0 = NAT44_CLASSIFY_NEXT_DROP;
goto enqueue0;
return 0;
}
+static clib_error_t *
+snat_set_log_level_command_fn (vlib_main_t * vm,
+ unformat_input_t * input,
+ vlib_cli_command_t * cmd)
+{
+ unformat_input_t _line_input, *line_input = &_line_input;
+ snat_main_t *sm = &snat_main;
+ u8 log_level = SNAT_LOG_NONE;
+ clib_error_t *error = 0;
+
+ /* Get a line of input. */
+ if (!unformat_user (input, unformat_line_input, line_input))
+ return 0;
+
+ if (!unformat (line_input, "level %d", &log_level))
+ {
+ error = clib_error_return (0, "unknown input '%U'",
+ format_unformat_error, line_input);
+ goto done;
+ }
+ if (log_level > SNAT_LOG_DEBUG)
+ {
+ error = clib_error_return (0, "unknown logging level '%d'", log_level);
+ goto done;
+ }
+ sm->log_level = log_level;
+
+done:
+ unformat_free (line_input);
+
+ return error;
+}
+
static clib_error_t *
snat_ipfix_logging_enable_disable_command_fn (vlib_main_t * vm,
unformat_input_t * input,
.function = nat_show_timeouts_command_fn,
};
+/*?
+ * @cliexpar
+ * @cliexstart{nat set logging level}
+ * To set NAT logging level use:
+ * Set nat logging level
+ * @cliexend
+?*/
+VLIB_CLI_COMMAND (snat_set_log_level_command, static) = {
+ .path = "nat set logging level",
+ .function = snat_set_log_level_command_fn,
+ .short_help = "nat set logging level <level>",
+};
+
/*?
* @cliexpar
* @cliexstart{snat ipfix logging}
{
if (nat64_db_init (db, bib_buckets, bib_memory_size, st_buckets,
st_memory_size, nat64_free_out_addr_and_port))
- nat_log_err ("NAT64 DB init failed");
+ nat_elog_err ("NAT64 DB init failed");
}
/* *INDENT-ON* */
}
foreach_snat_protocol
#undef _
default:
- nat_log_notice ("unknown protocol");
+ nat_elog_notice ("unknown protocol");
return;
}
break;
ip6->as_u32[3] = ip4->as_u32;
break;
default:
- nat_log_notice ("invalid prefix length");
+ nat_elog_notice ("invalid prefix length");
break;
}
}
ip4->as_u32 = ip6->as_u32[3];
break;
default:
- nat_log_notice ("invalid prefix length");
+ nat_elog_notice ("invalid prefix length");
break;
}
}
case NAT64_CLEANER_RESCHEDULE:
break;
default:
- nat_log_notice ("unknown event %u", event_type);
+ nat_elog_notice_X1 ("unknown event %d", "i4", event_type);
break;
}
kv.key[2] = sm_key.as_u64[2];
kv.value = sm - nm->sm;
if (clib_bihash_add_del_24_8 (&nm->sm_l, &kv, 1))
- nat_log_warn ("nat66-static-map-by-local add key failed");
+ nat_elog_warn ("nat66-static-map-by-local add key failed");
sm_key.addr.as_u64[0] = e_addr->as_u64[0];
sm_key.addr.as_u64[1] = e_addr->as_u64[1];
sm_key.fib_index = 0;
kv.key[1] = sm_key.as_u64[1];
kv.key[2] = sm_key.as_u64[2];
if (clib_bihash_add_del_24_8 (&nm->sm_e, &kv, 1))
- nat_log_warn ("nat66-static-map-by-external add key failed");
+ nat_elog_warn ("nat66-static-map-by-external add key failed");
vlib_validate_combined_counter (&nm->session_counters, kv.value);
vlib_zero_combined_counter (&nm->session_counters, kv.value);
kv.value = sm - nm->sm;
if (clib_bihash_add_del_24_8 (&nm->sm_l, &kv, 0))
- nat_log_warn ("nat66-static-map-by-local delete key failed");
+ nat_elog_warn ("nat66-static-map-by-local delete key failed");
sm_key.addr.as_u64[0] = e_addr->as_u64[0];
sm_key.addr.as_u64[1] = e_addr->as_u64[1];
sm_key.fib_index = 0;
kv.key[1] = sm_key.as_u64[1];
kv.key[2] = sm_key.as_u64[2];
if (clib_bihash_add_del_24_8 (&nm->sm_e, &kv, 0))
- nat_log_warn ("nat66-static-map-by-external delete key failed");
+ nat_elog_warn ("nat66-static-map-by-external delete key failed");
fib_table_unlock (sm->fib_index, FIB_PROTOCOL_IP6,
FIB_SOURCE_PLUGIN_HI);
pool_put (nm->sm, sm);
kv.key[1] = a->key.as_u64[1];
pool_put_index (nam->affinity_pool, elt->value);
if (clib_bihash_add_del_16_8 (&nam->affinity_hash, &kv, 0))
- nat_log_warn ("affinity key del failed");
+ nat_elog_warn ("affinity key del failed");
pool_put_index (nam->list_pool, elt_index);
}
pool_put_index (nam->list_pool, affinity_per_service_list_head_index);
pool_put_index (nam->list_pool, a->per_service_index);
pool_put_index (nam->affinity_pool, value.value);
if (clib_bihash_add_del_16_8 (&nam->affinity_hash, &kv, 0))
- nat_log_warn ("affinity key del failed");
+ nat_elog_warn ("affinity key del failed");
rv = 1;
goto unlock;
}
pool_put_index (nam->list_pool, a->per_service_index);
pool_put_index (nam->affinity_pool, kv->value);
if (clib_bihash_add_del_16_8 (&nam->affinity_hash, kv, 0))
- nat_log_warn ("affinity key del failed");
+ nat_elog_warn ("affinity key del failed");
return 1;
}
}
if (!clib_bihash_search_16_8 (&nam->affinity_hash, &kv, &value))
{
rv = 1;
- nat_log_notice ("affinity key already exist");
+ nat_elog_notice ("affinity key already exist");
goto unlock;
}
affinity_is_expired_cb, NULL);
if (rv)
{
- nat_log_notice ("affinity key add failed");
+ nat_elog_notice ("affinity key add failed");
pool_put (nam->affinity_pool, a);
goto unlock;
}
FINISH;
}
+static void
+vl_api_nat_set_log_level_t_handler (vl_api_nat_set_log_level_t * mp)
+{
+ snat_main_t *sm = &snat_main;
+ vl_api_nat_set_log_level_reply_t *rmp;
+ int rv = 0;
+
+ if (sm->log_level > NAT_LOG_DEBUG)
+ rv = VNET_API_ERROR_UNSUPPORTED;
+ else
+ sm->log_level = mp->log_level;
+
+ REPLY_MACRO (VL_API_NAT_SET_WORKERS_REPLY);
+}
+
+static void *
+vl_api_nat_set_log_level_t_print (vl_api_nat_set_log_level_t *
+ mp, void *handle)
+{
+ u8 *s;
+
+ s = format (0, "SCRIPT: nat_set_log_level ");
+ s = format (s, "log_level %d", mp->log_level);
+
+ FINISH;
+}
+
static void
vl_api_nat_ipfix_enable_disable_t_handler (vl_api_nat_ipfix_enable_disable_t *
mp)
_(NAT_SHOW_CONFIG, nat_show_config) \
_(NAT_SET_WORKERS, nat_set_workers) \
_(NAT_WORKER_DUMP, nat_worker_dump) \
+_(NAT_SET_LOG_LEVEL, nat_set_log_level) \
_(NAT_IPFIX_ENABLE_DISABLE, nat_ipfix_enable_disable) \
_(NAT_SET_REASS, nat_set_reass) \
_(NAT_GET_REASS, nat_get_reass) \
return;
ha->in_resync = 0;
- nat_log_info ("resync completed with result %s",
- ha->resync_ack_missed ? "FAILED" : "SUCESS");
+ if (ha->resync_ack_missed)
+ {
+ nat_elog_info ("resync completed with result FAILED");
+ }
+ else
+ {
+ nat_elog_info ("resync completed with result SUCCESS");
+ }
if (ha->event_callback)
ha->event_callback (ha->client_index, ha->pid, ha->resync_ack_missed);
}
}
vec_free (td->resend_queue[i].data);
vec_del1 (td->resend_queue, i);
- nat_log_debug ("ACK for seq %d received", clib_net_to_host_u32 (seq));
+ nat_elog_debug_X1 ("ACK for seq %d received", "i4",
+ clib_net_to_host_u32 (seq));
return;
}
/* maximum retry reached delete cached data */
if (td->resend_queue[i].retry_count >= NAT_HA_RETRIES)
{
- nat_log_notice ("seq %d missed",
- clib_net_to_host_u32 (td->resend_queue[i].seq));
+ nat_elog_notice_X1 ("seq %d missed", "i4",
+ clib_net_to_host_u32 (td->resend_queue[i].seq));
if (td->resend_queue[i].is_resync)
{
clib_atomic_fetch_add (&ha->resync_ack_missed, 1);
}
/* retry to send non-ACKed data */
- nat_log_debug ("state sync seq %d resend",
- clib_net_to_host_u32 (td->resend_queue[i].seq));
+ nat_elog_debug_X1 ("state sync seq %d resend", "i4",
+ clib_net_to_host_u32 (td->resend_queue[i].seq));
td->resend_queue[i].retry_count++;
vlib_increment_simple_counter (&ha->counters[NAT_HA_COUNTER_RETRY_COUNT],
thread_index, 0, 1);
if (vlib_buffer_alloc (vm, &bi, 1) != 1)
{
- nat_log_warn ("HA NAT state sync can't allocate buffer");
+ nat_elog_warn ("HA NAT state sync can't allocate buffer");
return;
}
b = vlib_get_buffer (vm, bi);
{
udp_register_dst_port (ha->vlib_main, port, nat_ha_node.index, 1);
}
- nat_log_info ("HA listening on port %d for state sync", port);
+ nat_elog_info_X1 ("HA listening on port %d for state sync", "i4", port);
}
return 0;
nat_ha_recv_refresh (event, now, thread_index);
break;
default:
- nat_log_notice ("Unsupported HA event type %d", event->event_type);
+ nat_elog_notice_X1 ("Unsupported HA event type %d", "i4",
+ event->event_type);
break;
}
}
if (vlib_buffer_alloc (vm, &bi, 1) != 1)
{
- nat_log_warn ("HA NAT state sync can't allocate buffer");
+ nat_elog_warn ("HA NAT state sync can't allocate buffer");
return;
}
vlib_process_wait_for_event (vm);
event_type = vlib_process_get_events (vm, &event_data);
if (event_type)
- nat_log_info ("nat-ha-process: bogus kickoff event received");
+ nat_elog_info ("nat-ha-process: bogus kickoff event received");
vec_reset_length (event_data);
while (1)
snat_user_key_t u_key;
snat_user_t *u;
- nat_log_debug ("session deleted %U", format_snat_session, tsm, ses);
-
clib_dlist_remove (tsm->list_pool, ses->per_user_index);
pool_put_index (tsm->list_pool, ses->per_user_index);
pool_put (tsm->sessions, ses);
if (nat44_is_ses_closed (ses)
&& !(ses->flags & SNAT_SESSION_FLAG_OUTPUT_FEATURE))
{
- nat_log_debug ("TCP close connection %U", format_snat_session,
- &sm->per_thread_data[thread_index], ses);
nat_free_session_data (sm, ses, thread_index, 0);
nat44_delete_session (sm, ses, thread_index);
return 1;
}
if (nat44_is_ses_closed (ses))
{
- nat_log_debug ("TCP close connection %U", format_snat_session,
- &sm->per_thread_data[thread_index], ses);
nat_free_session_data (sm, ses, thread_index, 0);
nat44_delete_session (sm, ses, thread_index);
return 1;
if (vlib_buffer_alloc (vm, &bi0, 1) != 1)
{
- nat_log_err ("can't allocate buffer for NAT IPFIX event");
+ nat_elog_err ("can't allocate buffer for NAT IPFIX event");
return;
}
if (vlib_buffer_alloc (vm, &bi0, 1) != 1)
{
- nat_log_err ("can't allocate buffer for NAT IPFIX event");
+ nat_elog_err ("can't allocate buffer for NAT IPFIX event");
return;
}
if (vlib_buffer_alloc (vm, &bi0, 1) != 1)
{
- nat_log_err ("can't allocate buffer for NAT IPFIX event");
+ nat_elog_err ("can't allocate buffer for NAT IPFIX event");
return;
}
if (vlib_buffer_alloc (vm, &bi0, 1) != 1)
{
- nat_log_err ("can't allocate buffer for NAT IPFIX event");
+ nat_elog_err ("can't allocate buffer for NAT IPFIX event");
return;
}
if (vlib_buffer_alloc (vm, &bi0, 1) != 1)
{
- nat_log_err ("can't allocate buffer for NAT IPFIX event");
+ nat_elog_err ("can't allocate buffer for NAT IPFIX event");
return;
}
if (vlib_buffer_alloc (vm, &bi0, 1) != 1)
{
- nat_log_err ("can't allocate buffer for NAT IPFIX event");
+ nat_elog_err ("can't allocate buffer for NAT IPFIX event");
return;
}
if (vlib_buffer_alloc (vm, &bi0, 1) != 1)
{
- nat_log_err ("can't allocate buffer for NAT IPFIX event");
+ nat_elog_err ("can't allocate buffer for NAT IPFIX event");
return;
}
if (vlib_buffer_alloc (vm, &bi0, 1) != 1)
{
- nat_log_err ("can't allocate buffer for NAT IPFIX event");
+ nat_elog_err ("can't allocate buffer for NAT IPFIX event");
return;
}
if (vlib_buffer_alloc (vm, &bi0, 1) != 1)
{
- nat_log_err ("can't allocate buffer for NAT IPFIX event");
+ nat_elog_err ("can't allocate buffer for NAT IPFIX event");
return;
}
rv = vnet_flow_report_add_del (frm, &a, NULL);
if (rv)
{
- nat_log_warn ("vnet_flow_report_add_del returned %d", rv);
+ nat_elog_warn_X1 ("vnet_flow_report_add_del returned %d", "i4", rv);
return -1;
}
}
rv = vnet_flow_report_add_del (frm, &a, NULL);
if (rv)
{
- nat_log_warn ("vnet_flow_report_add_del returned %d", rv);
+ nat_elog_warn_X1 ("vnet_flow_report_add_del returned %d", "i4", rv);
return -1;
}
rv = vnet_flow_report_add_del (frm, &a, NULL);
if (rv)
{
- nat_log_warn ("vnet_flow_report_add_del returned %d", rv);
+ nat_elog_warn_X1 ("vnet_flow_report_add_del returned %d", "i4", rv);
return -1;
}
rv = vnet_flow_report_add_del (frm, &a, NULL);
if (rv)
{
- nat_log_warn ("vnet_flow_report_add_del returned %d", rv);
+ nat_elog_warn_X1 ("vnet_flow_report_add_del returned %d", "i4", rv);
return -1;
}
rv = vnet_flow_report_add_del (frm, &a, NULL);
if (rv)
{
- nat_log_warn ("vnet_flow_report_add_del returned %d", rv);
+ nat_elog_warn_X1 ("vnet_flow_report_add_del returned %d", "i4", rv);
return -1;
}
rv = vnet_flow_report_add_del (frm, &a, NULL);
if (rv)
{
- nat_log_warn ("vnet_flow_report_add_del returned %d", rv);
+ nat_elog_warn_X1 ("vnet_flow_report_add_del returned %d", "i4", rv);
return -1;
}
rv = vnet_flow_report_add_del (frm, &a, NULL);
if (rv)
{
- nat_log_warn ("vnet_flow_report_add_del returned %d", rv);
+ nat_elog_warn_X1 ("vnet_flow_report_add_del returned %d", "i4", rv);
return -1;
}
rv = vnet_flow_report_add_del (frm, &a, NULL);
if (rv)
{
- nat_log_warn ("vnet_flow_report_add_del returned %d", rv);
+ nat_elog_warn_X1 ("vnet_flow_report_add_del returned %d", "i4", rv);
return -1;
}
rv = vnet_flow_report_add_del (frm, &a, NULL);
if (rv)
{
- nat_log_warn ("vnet_flow_report_add_del returned %d", rv);
+ nat_elog_warn_X1 ("vnet_flow_report_add_del returned %d", "i4", rv);
return -1;
}
rv = vnet_flow_report_add_del (frm, &a, NULL);
if (rv)
{
- nat_log_warn ("vnet_flow_report_add_del returned %d", rv);
+ nat_elog_warn_X1 ("vnet_flow_report_add_del returned %d", "i4", rv);
return -1;
}
}
if (srm->ip4_reass_n >= srm->ip4_max_reass)
{
- nat_log_warn ("no free resassembly slot");
+ nat_elog_warn ("no free resassembly slot");
goto unlock;
}
reass->flags = 0;
reass->classify_next = NAT_REASS_IP4_CLASSIFY_NONE;
if (clib_bihash_add_del_16_8 (&srm->ip4_reass_hash, &kv, 1))
- nat_log_warn ("ip4_reass_hash add key failed");
+ nat_elog_warn ("ip4_reass_hash add key failed");
unlock:
clib_spinlock_unlock_if_init (&srm->ip4_reass_lock);
{
clib_dlist_addhead (srm->ip4_reass_lru_list_pool,
srm->ip4_reass_head_index, oldest_index);
- nat_log_warn ("no free resassembly slot");
+ nat_elog_warn ("no free resassembly slot");
reass = 0;
goto unlock;
}
{
clib_dlist_addhead (srm->ip6_reass_lru_list_pool,
srm->ip6_reass_head_index, oldest_index);
- nat_log_warn ("no free resassembly slot");
+ nat_elog_warn ("no free resassembly slot");
reass = 0;
goto unlock;
}
{
s_kv.key = s->in2out.as_u64;
if (clib_bihash_add_del_8_8 (&tsm->in2out, &s_kv, 0))
- nat_log_warn ("out2in key del failed");
+ nat_elog_warn ("out2in key del failed");
snat_ipfix_logging_nat44_ses_delete (ctx->thread_index,
s->in2out.addr.as_u32,
if (PREDICT_FALSE (maximum_sessions_exceeded (sm, thread_index)))
{
b0->error = node->errors[SNAT_OUT2IN_ERROR_MAX_SESSIONS_EXCEEDED];
- nat_log_notice ("maximum sessions exceeded");
+ nat_elog_notice ("maximum sessions exceeded");
return 0;
}
nat_user_get_or_create (sm, &in2out.addr, in2out.fib_index, thread_index);
if (!u)
{
- nat_log_warn ("create NAT user failed");
+ nat_elog_warn ("create NAT user failed");
return 0;
}
if (!s)
{
nat44_delete_user_with_no_session (sm, u, thread_index);
- nat_log_warn ("create NAT session failed");
+ nat_elog_warn ("create NAT session failed");
return 0;
}
if (clib_bihash_add_or_overwrite_stale_8_8
(&sm->per_thread_data[thread_index].in2out, &kv0,
nat44_i2o_is_idle_session_cb, &ctx0))
- nat_log_notice ("in2out key add failed");
+ nat_elog_notice ("in2out key add failed");
kv0.key = s->out2in.as_u64;
if (clib_bihash_add_or_overwrite_stale_8_8
(&sm->per_thread_data[thread_index].out2in, &kv0,
nat44_o2i_is_idle_session_cb, &ctx0))
- nat_log_notice ("out2in key add failed");
+ nat_elog_notice ("out2in key add failed");
/* log NAT event */
snat_ipfix_logging_nat44_ses_create (thread_index,
{
next0 = SNAT_OUT2IN_NEXT_DROP;
b0->error = node->errors[SNAT_OUT2IN_ERROR_MAX_REASS];
- nat_log_notice ("maximum reassemblies exceeded");
+ nat_elog_notice ("maximum reassemblies exceeded");
goto trace0;
}
(thread_index, reass0, bi0, &fragments_to_drop))
{
b0->error = node->errors[SNAT_OUT2IN_ERROR_MAX_FRAG];
- nat_log_notice
+ nat_elog_notice
("maximum fragments per reassembly exceeded");
next0 = SNAT_OUT2IN_NEXT_DROP;
goto trace0;
ed_kv.key[0] = ed_key.as_u64[0];
ed_kv.key[1] = ed_key.as_u64[1];
if (clib_bihash_add_del_16_8 (&tsm->in2out_ed, &ed_kv, 0))
- nat_log_warn ("in2out_ed key del failed");
+ nat_elog_warn ("in2out_ed key del failed");
if (snat_is_unk_proto_session (s))
goto delete;
if (PREDICT_FALSE (maximum_sessions_exceeded (sm, thread_index)))
{
b->error = node->errors[NAT_OUT2IN_ED_ERROR_MAX_SESSIONS_EXCEEDED];
- nat_log_notice ("maximum sessions exceeded");
+ nat_elog_notice ("maximum sessions exceeded");
return 0;
}
u = nat_user_get_or_create (sm, &l_key.addr, l_key.fib_index, thread_index);
if (!u)
{
- nat_log_warn ("create NAT user failed");
+ nat_elog_warn ("create NAT user failed");
return 0;
}
if (!s)
{
nat44_delete_user_with_no_session (sm, u, thread_index);
- nat_log_warn ("create NAT session failed");
+ nat_elog_warn ("create NAT session failed");
return 0;
}
if (clib_bihash_add_or_overwrite_stale_16_8 (&tsm->out2in_ed, &kv,
nat44_o2i_ed_is_idle_session_cb,
&ctx))
- nat_log_notice ("out2in-ed key add failed");
+ nat_elog_notice ("out2in-ed key add failed");
if (twice_nat == TWICE_NAT || (twice_nat == TWICE_NAT_SELF &&
ip->src_address.as_u32 == l_key.addr.as_u32))
b->error = node->errors[NAT_OUT2IN_ED_ERROR_OUT_OF_PORTS];
nat44_delete_session (sm, s, thread_index);
if (clib_bihash_add_del_16_8 (&tsm->out2in_ed, &kv, 0))
- nat_log_notice ("out2in-ed key del failed");
+ nat_elog_notice ("out2in-ed key del failed");
return 0;
}
s->ext_host_nat_addr.as_u32 = eh_key.addr.as_u32;
if (clib_bihash_add_or_overwrite_stale_16_8 (&tsm->in2out_ed, &kv,
nat44_i2o_ed_is_idle_session_cb,
&ctx))
- nat_log_notice ("in2out-ed key add failed");
+ nat_elog_notice ("in2out-ed key add failed");
snat_ipfix_logging_nat44_ses_create (thread_index,
s->in2out.addr.as_u32,
thread_index);
if (!u)
{
- nat_log_warn ("create NAT user failed");
+ nat_elog_warn ("create NAT user failed");
return;
}
if (!s)
{
nat44_delete_user_with_no_session (sm, u, thread_index);
- nat_log_warn ("create NAT session failed");
+ nat_elog_warn ("create NAT session failed");
return;
}
kv.value = s - tsm->sessions;
if (clib_bihash_add_del_16_8 (&tsm->in2out_ed, &kv, 1))
- nat_log_notice ("in2out_ed key add failed");
+ nat_elog_notice ("in2out_ed key add failed");
}
if (ip->protocol == IP_PROTOCOL_TCP)
if (PREDICT_FALSE (maximum_sessions_exceeded (sm, thread_index)))
{
b->error = node->errors[NAT_OUT2IN_ED_ERROR_MAX_SESSIONS_EXCEEDED];
- nat_log_notice ("maximum sessions exceeded");
+ nat_elog_notice ("maximum sessions exceeded");
return 0;
}
thread_index);
if (!u)
{
- nat_log_warn ("create NAT user failed");
+ nat_elog_warn ("create NAT user failed");
return 0;
}
if (!s)
{
nat44_delete_user_with_no_session (sm, u, thread_index);
- nat_log_warn ("create NAT session failed");
+ nat_elog_warn ("create NAT session failed");
return 0;
}
/* Add to lookup tables */
s_kv.value = s - tsm->sessions;
if (clib_bihash_add_del_16_8 (&tsm->out2in_ed, &s_kv, 1))
- nat_log_notice ("out2in key add failed");
+ nat_elog_notice ("out2in key add failed");
make_ed_kv (&s_kv, &ip->dst_address, &ip->src_address, ip->protocol,
m->fib_index, 0, 0);
s_kv.value = s - tsm->sessions;
if (clib_bihash_add_del_16_8 (&tsm->in2out_ed, &s_kv, 1))
- nat_log_notice ("in2out key add failed");
+ nat_elog_notice ("in2out key add failed");
}
/* Update IP checksum */
{
next0 = NAT44_ED_OUT2IN_NEXT_DROP;
b0->error = node->errors[NAT_OUT2IN_ED_ERROR_MAX_REASS];
- nat_log_notice ("maximum reassemblies exceeded");
+ nat_elog_notice ("maximum reassemblies exceeded");
goto trace0;
}
(thread_index, reass0, bi0, &fragments_to_drop))
{
b0->error = node->errors[NAT_OUT2IN_ED_ERROR_MAX_FRAG];
- nat_log_notice
+ nat_elog_notice
("maximum fragments per reassembly exceeded");
next0 = NAT44_ED_OUT2IN_NEXT_DROP;
goto trace0;