2 * Copyright (c) 2020 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
16 #include <vnet/fib/fib_table.h>
18 #include <nat/lib/log.h>
19 #include <nat/lib/nat_inlines.h>
20 #include <nat/lib/ipfix_logging.h>
22 #include <nat/nat44-ei/nat44_ei.h>
23 #include <nat/nat44-ei/nat44_ei_ha.h>
25 #define NAT44_EI_EXPECTED_ARGUMENT "expected required argument(s)"
28 format_nat44_ei_session (u8 *s, va_list *args)
30 nat44_ei_main_per_thread_data_t *tnm =
31 va_arg (*args, nat44_ei_main_per_thread_data_t *);
32 nat44_ei_session_t *sess = va_arg (*args, nat44_ei_session_t *);
34 if (nat44_ei_is_unk_proto_session (sess))
37 format (s, " i2o %U proto %u fib %u\n", format_ip4_address,
38 &sess->in2out.addr, sess->in2out.port, sess->in2out.fib_index);
40 format (s, " o2i %U proto %u fib %u\n", format_ip4_address,
41 &sess->out2in.addr, sess->out2in.port, sess->out2in.fib_index);
45 s = format (s, " i2o %U proto %U port %d fib %d\n", format_ip4_address,
46 &sess->in2out.addr, format_nat_protocol, sess->nat_proto,
47 clib_net_to_host_u16 (sess->in2out.port),
48 sess->in2out.fib_index);
49 s = format (s, " o2i %U proto %U port %d fib %d\n", format_ip4_address,
50 &sess->out2in.addr, format_nat_protocol, sess->nat_proto,
51 clib_net_to_host_u16 (sess->out2in.port),
52 sess->out2in.fib_index);
55 s = format (s, " index %llu\n", sess - tnm->sessions);
56 s = format (s, " last heard %.2f\n", sess->last_heard);
57 s = format (s, " total pkts %d, total bytes %lld\n", sess->total_pkts,
59 if (nat44_ei_is_session_static (sess))
60 s = format (s, " static translation\n");
62 s = format (s, " dynamic translation\n");
68 format_nat44_ei_user (u8 *s, va_list *args)
70 nat44_ei_main_per_thread_data_t *tnm =
71 va_arg (*args, nat44_ei_main_per_thread_data_t *);
72 nat44_ei_user_t *u = va_arg (*args, nat44_ei_user_t *);
73 int verbose = va_arg (*args, int);
74 dlist_elt_t *head, *elt;
75 u32 elt_index, head_index;
77 nat44_ei_session_t *sess;
79 s = format (s, "%U: %d dynamic translations, %d static translations\n",
80 format_ip4_address, &u->addr, u->nsessions, u->nstaticsessions);
85 if (u->nsessions || u->nstaticsessions)
87 head_index = u->sessions_per_user_list_head_index;
88 head = pool_elt_at_index (tnm->list_pool, head_index);
90 elt_index = head->next;
91 elt = pool_elt_at_index (tnm->list_pool, elt_index);
92 session_index = elt->value;
94 while (session_index != ~0)
96 sess = pool_elt_at_index (tnm->sessions, session_index);
98 s = format (s, " %U\n", format_nat44_ei_session, tnm, sess);
100 elt_index = elt->next;
101 elt = pool_elt_at_index (tnm->list_pool, elt_index);
102 session_index = elt->value;
110 format_nat44_ei_static_mapping (u8 *s, va_list *args)
112 nat44_ei_static_mapping_t *m = va_arg (*args, nat44_ei_static_mapping_t *);
113 nat44_ei_lb_addr_port_t *local;
115 if (nat44_ei_is_identity_static_mapping (m))
117 if (nat44_ei_is_addr_only_static_mapping (m))
118 s = format (s, "identity mapping %U", format_ip4_address,
121 s = format (s, "identity mapping %U %U:%d", format_nat_protocol,
122 m->proto, format_ip4_address, &m->local_addr,
123 clib_net_to_host_u16 (m->local_port));
125 pool_foreach (local, m->locals)
127 s = format (s, " vrf %d", local->vrf_id);
133 if (nat44_ei_is_addr_only_static_mapping (m))
135 s = format (s, "local %U external %U vrf %d", format_ip4_address,
136 &m->local_addr, format_ip4_address, &m->external_addr,
141 s = format (s, "%U local %U:%d external %U:%d vrf %d",
142 format_nat_protocol, m->proto, format_ip4_address,
143 &m->local_addr, clib_net_to_host_u16 (m->local_port),
144 format_ip4_address, &m->external_addr,
145 clib_net_to_host_u16 (m->external_port), m->vrf_id);
151 format_nat44_ei_static_map_to_resolve (u8 *s, va_list *args)
153 nat44_ei_static_map_resolve_t *m =
154 va_arg (*args, nat44_ei_static_map_resolve_t *);
155 vnet_main_t *vnm = vnet_get_main ();
159 format (s, "local %U external %U vrf %d", format_ip4_address, &m->l_addr,
160 format_vnet_sw_if_index_name, vnm, m->sw_if_index, m->vrf_id);
162 s = format (s, "%U local %U:%d external %U:%d vrf %d", format_nat_protocol,
163 m->proto, format_ip4_address, &m->l_addr,
164 clib_net_to_host_u16 (m->l_port), format_vnet_sw_if_index_name,
165 vnm, m->sw_if_index, clib_net_to_host_u16 (m->e_port),
171 static clib_error_t *
172 nat44_ei_enable_disable_command_fn (vlib_main_t *vm, unformat_input_t *input,
173 vlib_cli_command_t *cmd)
175 nat44_ei_main_t *nm = &nat44_ei_main;
176 unformat_input_t _line_input, *line_input = &_line_input;
177 clib_error_t *error = 0;
179 nat44_ei_config_t c = { 0 };
180 u8 enable_set = 0, enable = 0, mode_set = 0;
182 if (!unformat_user (input, unformat_line_input, line_input))
183 return clib_error_return (0, NAT44_EI_EXPECTED_ARGUMENT);
185 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
187 if (!mode_set && unformat (line_input, "static-mapping-only"))
190 c.static_mapping_only = 1;
191 if (unformat (line_input, "connection-tracking"))
193 c.connection_tracking = 1;
196 else if (!mode_set && unformat (line_input, "out2in-dpo"))
201 else if (unformat (line_input, "inside-vrf %u", &c.inside_vrf))
203 else if (unformat (line_input, "outside-vrf %u", &c.outside_vrf))
205 else if (unformat (line_input, "users %u", &c.users))
207 else if (unformat (line_input, "sessions %u", &c.sessions))
209 else if (unformat (line_input, "user-sessions %u", &c.user_sessions))
211 else if (!enable_set)
214 if (unformat (line_input, "disable"))
216 else if (unformat (line_input, "enable"))
221 error = clib_error_return (0, "unknown input '%U'",
222 format_unformat_error, line_input);
229 error = clib_error_return (0, "expected enable | disable");
237 error = clib_error_return (0, "already enabled");
241 if (nat44_ei_plugin_enable (c) != 0)
242 error = clib_error_return (0, "enable failed");
248 error = clib_error_return (0, "already disabled");
252 if (nat44_ei_plugin_disable () != 0)
253 error = clib_error_return (0, "disable failed");
257 unformat_free (line_input);
261 static clib_error_t *
262 set_workers_command_fn (vlib_main_t *vm, unformat_input_t *input,
263 vlib_cli_command_t *cmd)
265 unformat_input_t _line_input, *line_input = &_line_input;
268 clib_error_t *error = 0;
270 if (!unformat_user (input, unformat_line_input, line_input))
271 return clib_error_return (0, NAT44_EI_EXPECTED_ARGUMENT);
273 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
275 if (unformat (line_input, "%U", unformat_bitmap_list, &bitmap))
279 error = clib_error_return (0, "unknown input '%U'",
280 format_unformat_error, line_input);
287 error = clib_error_return (0, "List of workers must be specified.");
291 rv = nat44_ei_set_workers (bitmap);
293 clib_bitmap_free (bitmap);
297 case VNET_API_ERROR_INVALID_WORKER:
298 error = clib_error_return (0, "Invalid worker(s).");
300 case VNET_API_ERROR_FEATURE_DISABLED:
302 clib_error_return (0, "Supported only if 2 or more workes available.");
309 unformat_free (line_input);
314 static clib_error_t *
315 nat_show_workers_command_fn (vlib_main_t *vm, unformat_input_t *input,
316 vlib_cli_command_t *cmd)
318 nat44_ei_main_t *nm = &nat44_ei_main;
321 if (nm->num_workers > 1)
323 vlib_cli_output (vm, "%d workers", vec_len (nm->workers));
324 vec_foreach (worker, nm->workers)
326 vlib_worker_thread_t *w =
327 vlib_worker_threads + *worker + nm->first_worker_index;
328 vlib_cli_output (vm, " %s", w->name);
335 static clib_error_t *
336 nat44_ei_set_log_level_command_fn (vlib_main_t *vm, unformat_input_t *input,
337 vlib_cli_command_t *cmd)
339 unformat_input_t _line_input, *line_input = &_line_input;
340 nat44_ei_main_t *nm = &nat44_ei_main;
341 u8 log_level = NAT_LOG_NONE;
342 clib_error_t *error = 0;
344 if (!unformat_user (input, unformat_line_input, line_input))
345 return clib_error_return (0, NAT44_EI_EXPECTED_ARGUMENT);
347 if (!unformat (line_input, "%d", &log_level))
349 error = clib_error_return (0, "unknown input '%U'",
350 format_unformat_error, line_input);
353 if (log_level > NAT_LOG_DEBUG)
355 error = clib_error_return (0, "unknown logging level '%d'", log_level);
358 nm->log_level = log_level;
361 unformat_free (line_input);
366 static clib_error_t *
367 nat44_ei_ipfix_logging_enable_disable_command_fn (vlib_main_t *vm,
368 unformat_input_t *input,
369 vlib_cli_command_t *cmd)
371 unformat_input_t _line_input, *line_input = &_line_input;
372 clib_error_t *error = 0;
374 u32 domain_id = 0, src_port = 0;
375 u8 enable_set = 0, enable = 0;
377 if (!unformat_user (input, unformat_line_input, line_input))
378 return clib_error_return (0, NAT44_EI_EXPECTED_ARGUMENT);
380 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
382 if (unformat (line_input, "domain %d", &domain_id))
384 else if (unformat (line_input, "src-port %d", &src_port))
386 else if (unformat (line_input, "disable"))
388 else if (!enable_set)
391 if (unformat (line_input, "disable"))
393 else if (unformat (line_input, "enable"))
398 error = clib_error_return (0, "unknown input '%U'",
399 format_unformat_error, line_input);
406 error = clib_error_return (0, "expected enable | disable");
410 if (nat_ipfix_logging_enable_disable (enable, domain_id, (u16) src_port))
412 error = clib_error_return (0, "ipfix logging enable failed");
417 unformat_free (line_input);
422 static clib_error_t *
423 nat44_ei_show_hash_command_fn (vlib_main_t *vm, unformat_input_t *input,
424 vlib_cli_command_t *cmd)
426 nat44_ei_main_t *nm = &nat44_ei_main;
427 nat44_ei_main_per_thread_data_t *tnm;
431 if (unformat (input, "detail"))
433 else if (unformat (input, "verbose"))
436 vlib_cli_output (vm, "%U", format_bihash_8_8, &nm->static_mapping_by_local,
438 vlib_cli_output (vm, "%U", format_bihash_8_8,
439 &nm->static_mapping_by_external, verbose);
440 vec_foreach_index (i, nm->per_thread_data)
442 tnm = vec_elt_at_index (nm->per_thread_data, i);
443 vlib_cli_output (vm, "-------- thread %d %s --------\n", i,
444 vlib_worker_threads[i].name);
446 vlib_cli_output (vm, "%U", format_bihash_8_8, &nm->in2out, verbose);
447 vlib_cli_output (vm, "%U", format_bihash_8_8, &nm->out2in, verbose);
448 vlib_cli_output (vm, "%U", format_bihash_8_8, &tnm->user_hash, verbose);
451 vlib_cli_output (vm, "-------- hash table parameters --------\n");
452 vlib_cli_output (vm, "translation buckets: %u", nm->translation_buckets);
453 vlib_cli_output (vm, "user buckets: %u", nm->user_buckets);
457 static clib_error_t *
458 nat44_ei_set_alloc_addr_and_port_alg_command_fn (vlib_main_t *vm,
459 unformat_input_t *input,
460 vlib_cli_command_t *cmd)
462 unformat_input_t _line_input, *line_input = &_line_input;
463 clib_error_t *error = 0;
464 u32 psid, psid_offset, psid_length, port_start, port_end;
466 if (!unformat_user (input, unformat_line_input, line_input))
467 return clib_error_return (0, NAT44_EI_EXPECTED_ARGUMENT);
469 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
471 if (unformat (line_input, "default"))
472 nat44_ei_set_alloc_default ();
473 else if (unformat (line_input,
474 "map-e psid %d psid-offset %d psid-len %d", &psid,
475 &psid_offset, &psid_length))
476 nat44_ei_set_alloc_mape ((u16) psid, (u16) psid_offset,
478 else if (unformat (line_input, "port-range %d - %d", &port_start,
481 if (port_end <= port_start)
483 error = clib_error_return (
484 0, "The end-port must be greater than start-port");
487 nat44_ei_set_alloc_range ((u16) port_start, (u16) port_end);
491 error = clib_error_return (0, "unknown input '%U'",
492 format_unformat_error, line_input);
498 unformat_free (line_input);
504 format_nat44_ei_addr_and_port_alloc_alg (u8 *s, va_list *args)
506 u32 i = va_arg (*args, u32);
512 case NAT44_EI_ADDR_AND_PORT_ALLOC_ALG_##N: \
515 foreach_nat44_ei_addr_and_port_alloc_alg
517 default : s = format (s, "unknown");
520 s = format (s, "%s", t);
524 static clib_error_t *
525 nat44_ei_show_alloc_addr_and_port_alg_command_fn (vlib_main_t *vm,
526 unformat_input_t *input,
527 vlib_cli_command_t *cmd)
529 nat44_ei_main_t *nm = &nat44_ei_main;
531 vlib_cli_output (vm, "NAT address and port: %U",
532 format_nat44_ei_addr_and_port_alloc_alg,
533 nm->addr_and_port_alloc_alg);
534 switch (nm->addr_and_port_alloc_alg)
536 case NAT44_EI_ADDR_AND_PORT_ALLOC_ALG_MAPE:
537 vlib_cli_output (vm, " psid %d psid-offset %d psid-len %d", nm->psid,
538 nm->psid_offset, nm->psid_length);
540 case NAT44_EI_ADDR_AND_PORT_ALLOC_ALG_RANGE:
541 vlib_cli_output (vm, " start-port %d end-port %d", nm->start_port,
551 static clib_error_t *
552 nat_set_mss_clamping_command_fn (vlib_main_t *vm, unformat_input_t *input,
553 vlib_cli_command_t *cmd)
555 unformat_input_t _line_input, *line_input = &_line_input;
556 nat44_ei_main_t *nm = &nat44_ei_main;
557 clib_error_t *error = 0;
560 if (!unformat_user (input, unformat_line_input, line_input))
561 return clib_error_return (0, NAT44_EI_EXPECTED_ARGUMENT);
563 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
565 if (unformat (line_input, "disable"))
566 nm->mss_clamping = 0;
567 else if (unformat (line_input, "%d", &mss))
568 nm->mss_clamping = (u16) mss;
571 error = clib_error_return (0, "unknown input '%U'",
572 format_unformat_error, line_input);
578 unformat_free (line_input);
583 static clib_error_t *
584 nat_show_mss_clamping_command_fn (vlib_main_t *vm, unformat_input_t *input,
585 vlib_cli_command_t *cmd)
587 nat44_ei_main_t *nm = &nat44_ei_main;
589 if (nm->mss_clamping)
590 vlib_cli_output (vm, "mss-clamping %d", nm->mss_clamping);
592 vlib_cli_output (vm, "mss-clamping disabled");
597 static clib_error_t *
598 nat_ha_failover_command_fn (vlib_main_t *vm, unformat_input_t *input,
599 vlib_cli_command_t *cmd)
601 unformat_input_t _line_input, *line_input = &_line_input;
603 u32 port, session_refresh_interval = 10;
605 clib_error_t *error = 0;
607 if (!unformat_user (input, unformat_line_input, line_input))
608 return clib_error_return (0, NAT44_EI_EXPECTED_ARGUMENT);
610 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
612 if (unformat (line_input, "%U:%u", unformat_ip4_address, &addr, &port))
614 else if (unformat (line_input, "refresh-interval %u",
615 &session_refresh_interval))
619 error = clib_error_return (0, "unknown input '%U'",
620 format_unformat_error, line_input);
625 rv = nat_ha_set_failover (vm, &addr, (u16) port, session_refresh_interval);
627 error = clib_error_return (0, "set HA failover failed");
630 unformat_free (line_input);
635 static clib_error_t *
636 nat_ha_listener_command_fn (vlib_main_t *vm, unformat_input_t *input,
637 vlib_cli_command_t *cmd)
639 unformat_input_t _line_input, *line_input = &_line_input;
641 u32 port, path_mtu = 512;
643 clib_error_t *error = 0;
645 if (!unformat_user (input, unformat_line_input, line_input))
646 return clib_error_return (0, NAT44_EI_EXPECTED_ARGUMENT);
648 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
650 if (unformat (line_input, "%U:%u", unformat_ip4_address, &addr, &port))
652 else if (unformat (line_input, "path-mtu %u", &path_mtu))
656 error = clib_error_return (0, "unknown input '%U'",
657 format_unformat_error, line_input);
662 rv = nat_ha_set_listener (vm, &addr, (u16) port, path_mtu);
664 error = clib_error_return (0, "set HA listener failed");
667 unformat_free (line_input);
672 static clib_error_t *
673 nat_show_ha_command_fn (vlib_main_t *vm, unformat_input_t *input,
674 vlib_cli_command_t *cmd)
678 u32 path_mtu, session_refresh_interval, resync_ack_missed;
681 nat_ha_get_listener (&addr, &port, &path_mtu);
684 vlib_cli_output (vm, "NAT HA disabled\n");
688 vlib_cli_output (vm, "LISTENER:\n");
689 vlib_cli_output (vm, " %U:%u path-mtu %u\n", format_ip4_address, &addr,
692 nat_ha_get_failover (&addr, &port, &session_refresh_interval);
693 vlib_cli_output (vm, "FAILOVER:\n");
695 vlib_cli_output (vm, " %U:%u refresh-interval %usec\n",
696 format_ip4_address, &addr, port,
697 session_refresh_interval);
699 vlib_cli_output (vm, " NA\n");
701 nat_ha_get_resync_status (&in_resync, &resync_ack_missed);
702 vlib_cli_output (vm, "RESYNC:\n");
704 vlib_cli_output (vm, " in progress\n");
706 vlib_cli_output (vm, " completed (%d ACK missed)\n", resync_ack_missed);
711 static clib_error_t *
712 nat_ha_flush_command_fn (vlib_main_t *vm, unformat_input_t *input,
713 vlib_cli_command_t *cmd)
719 static clib_error_t *
720 nat_ha_resync_command_fn (vlib_main_t *vm, unformat_input_t *input,
721 vlib_cli_command_t *cmd)
723 clib_error_t *error = 0;
725 if (nat_ha_resync (0, 0, 0))
726 error = clib_error_return (0, "NAT HA resync already running");
731 static clib_error_t *
732 add_address_command_fn (vlib_main_t *vm, unformat_input_t *input,
733 vlib_cli_command_t *cmd)
735 unformat_input_t _line_input, *line_input = &_line_input;
736 nat44_ei_main_t *nm = &nat44_ei_main;
737 ip4_address_t start_addr, end_addr, this_addr;
738 u32 start_host_order, end_host_order;
743 clib_error_t *error = 0;
745 if (!unformat_user (input, unformat_line_input, line_input))
746 return clib_error_return (0, NAT44_EI_EXPECTED_ARGUMENT);
748 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
750 if (unformat (line_input, "%U - %U", unformat_ip4_address, &start_addr,
751 unformat_ip4_address, &end_addr))
753 else if (unformat (line_input, "tenant-vrf %u", &vrf_id))
755 else if (unformat (line_input, "%U", unformat_ip4_address, &start_addr))
756 end_addr = start_addr;
757 else if (unformat (line_input, "del"))
761 error = clib_error_return (0, "unknown input '%U'",
762 format_unformat_error, line_input);
767 if (nm->static_mapping_only)
769 error = clib_error_return (0, "static mapping only mode");
773 start_host_order = clib_host_to_net_u32 (start_addr.as_u32);
774 end_host_order = clib_host_to_net_u32 (end_addr.as_u32);
776 if (end_host_order < start_host_order)
778 error = clib_error_return (0, "end address less than start address");
782 count = (end_host_order - start_host_order) + 1;
785 nat44_ei_log_info ("%U - %U, %d addresses...", format_ip4_address,
786 &start_addr, format_ip4_address, &end_addr, count);
788 this_addr = start_addr;
790 for (i = 0; i < count; i++)
793 rv = nat44_ei_add_address (nm, &this_addr, vrf_id);
795 rv = nat44_ei_del_address (nm, this_addr, 0);
799 case VNET_API_ERROR_VALUE_EXIST:
800 error = clib_error_return (0, "NAT address already in use.");
802 case VNET_API_ERROR_NO_SUCH_ENTRY:
803 error = clib_error_return (0, "NAT address not exist.");
805 case VNET_API_ERROR_UNSPECIFIED:
806 error = clib_error_return (0, "NAT address used in static mapping.");
808 case VNET_API_ERROR_FEATURE_DISABLED:
815 nat44_ei_add_del_address_dpo (this_addr, is_add);
817 increment_v4_address (&this_addr);
821 unformat_free (line_input);
826 static clib_error_t *
827 nat44_ei_show_addresses_command_fn (vlib_main_t *vm, unformat_input_t *input,
828 vlib_cli_command_t *cmd)
830 nat44_ei_main_t *nm = &nat44_ei_main;
831 nat44_ei_address_t *ap;
833 vlib_cli_output (vm, "NAT44 pool addresses:");
834 vec_foreach (ap, nm->addresses)
836 vlib_cli_output (vm, "%U", format_ip4_address, &ap->addr);
837 if (ap->fib_index != ~0)
839 vm, " tenant VRF: %u",
840 fib_table_get (ap->fib_index, FIB_PROTOCOL_IP4)->ft_table_id);
842 vlib_cli_output (vm, " tenant VRF independent");
843 #define _(N, i, n, s) \
844 vlib_cli_output (vm, " %d busy %s ports", ap->busy_##n##_ports, s);
851 static clib_error_t *
852 nat44_ei_feature_command_fn (vlib_main_t *vm, unformat_input_t *input,
853 vlib_cli_command_t *cmd)
855 unformat_input_t _line_input, *line_input = &_line_input;
856 vnet_main_t *vnm = vnet_get_main ();
857 clib_error_t *error = 0;
859 u32 *inside_sw_if_indices = 0;
860 u32 *outside_sw_if_indices = 0;
861 u8 is_output_feature = 0;
867 if (!unformat_user (input, unformat_line_input, line_input))
868 return clib_error_return (0, NAT44_EI_EXPECTED_ARGUMENT);
870 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
872 if (unformat (line_input, "in %U", unformat_vnet_sw_interface, vnm,
874 vec_add1 (inside_sw_if_indices, sw_if_index);
875 else if (unformat (line_input, "out %U", unformat_vnet_sw_interface, vnm,
877 vec_add1 (outside_sw_if_indices, sw_if_index);
878 else if (unformat (line_input, "output-feature"))
879 is_output_feature = 1;
880 else if (unformat (line_input, "del"))
884 error = clib_error_return (0, "unknown input '%U'",
885 format_unformat_error, line_input);
890 if (vec_len (inside_sw_if_indices))
892 for (i = 0; i < vec_len (inside_sw_if_indices); i++)
894 sw_if_index = inside_sw_if_indices[i];
895 if (is_output_feature)
897 if (nat44_ei_interface_add_del_output_feature (sw_if_index, 1,
900 error = clib_error_return (
901 0, "%s %U failed", is_del ? "del" : "add",
902 format_vnet_sw_if_index_name, vnm, sw_if_index);
908 if (nat44_ei_interface_add_del (sw_if_index, 1, is_del))
910 error = clib_error_return (
911 0, "%s %U failed", is_del ? "del" : "add",
912 format_vnet_sw_if_index_name, vnm, sw_if_index);
919 if (vec_len (outside_sw_if_indices))
921 for (i = 0; i < vec_len (outside_sw_if_indices); i++)
923 sw_if_index = outside_sw_if_indices[i];
924 if (is_output_feature)
926 if (nat44_ei_interface_add_del_output_feature (sw_if_index, 0,
929 error = clib_error_return (
930 0, "%s %U failed", is_del ? "del" : "add",
931 format_vnet_sw_if_index_name, vnm, sw_if_index);
937 if (nat44_ei_interface_add_del (sw_if_index, 0, is_del))
939 error = clib_error_return (
940 0, "%s %U failed", is_del ? "del" : "add",
941 format_vnet_sw_if_index_name, vnm, sw_if_index);
949 unformat_free (line_input);
950 vec_free (inside_sw_if_indices);
951 vec_free (outside_sw_if_indices);
956 static clib_error_t *
957 nat44_ei_show_interfaces_command_fn (vlib_main_t *vm, unformat_input_t *input,
958 vlib_cli_command_t *cmd)
960 nat44_ei_main_t *nm = &nat44_ei_main;
961 nat44_ei_interface_t *i;
962 vnet_main_t *vnm = vnet_get_main ();
964 vlib_cli_output (vm, "NAT44 interfaces:");
965 pool_foreach (i, nm->interfaces)
967 vlib_cli_output (vm, " %U %s", format_vnet_sw_if_index_name, vnm,
969 (nat44_ei_interface_is_inside (i) &&
970 nat44_ei_interface_is_outside (i)) ?
972 (nat44_ei_interface_is_inside (i) ? "in" : "out"));
975 pool_foreach (i, nm->output_feature_interfaces)
977 vlib_cli_output (vm, " %U output-feature %s",
978 format_vnet_sw_if_index_name, vnm, i->sw_if_index,
979 (nat44_ei_interface_is_inside (i) &&
980 nat44_ei_interface_is_outside (i)) ?
982 (nat44_ei_interface_is_inside (i) ? "in" : "out"));
988 static clib_error_t *
989 add_static_mapping_command_fn (vlib_main_t *vm, unformat_input_t *input,
990 vlib_cli_command_t *cmd)
992 unformat_input_t _line_input, *line_input = &_line_input;
993 clib_error_t *error = 0;
994 ip4_address_t l_addr, e_addr;
995 u32 l_port = 0, e_port = 0, vrf_id = ~0;
996 int is_add = 1, addr_only = 1, rv;
997 u32 sw_if_index = ~0;
998 vnet_main_t *vnm = vnet_get_main ();
999 nat_protocol_t proto = NAT_PROTOCOL_OTHER;
1002 if (!unformat_user (input, unformat_line_input, line_input))
1003 return clib_error_return (0, NAT44_EI_EXPECTED_ARGUMENT);
1005 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1007 if (unformat (line_input, "local %U %u", unformat_ip4_address, &l_addr,
1010 else if (unformat (line_input, "local %U", unformat_ip4_address,
1013 else if (unformat (line_input, "external %U %u", unformat_ip4_address,
1016 else if (unformat (line_input, "external %U", unformat_ip4_address,
1019 else if (unformat (line_input, "external %U %u",
1020 unformat_vnet_sw_interface, vnm, &sw_if_index,
1023 else if (unformat (line_input, "external %U", unformat_vnet_sw_interface,
1026 else if (unformat (line_input, "vrf %u", &vrf_id))
1028 else if (unformat (line_input, "%U", unformat_nat_protocol, &proto))
1030 else if (unformat (line_input, "del"))
1034 error = clib_error_return (0, "unknown input: '%U'",
1035 format_unformat_error, line_input);
1044 error = clib_error_return (
1045 0, "address only mapping doesn't support protocol");
1049 else if (!proto_set)
1051 error = clib_error_return (0, "protocol is required");
1055 rv = nat44_ei_add_del_static_mapping (
1056 l_addr, e_addr, clib_host_to_net_u16 (l_port),
1057 clib_host_to_net_u16 (e_port), proto, sw_if_index, vrf_id, addr_only, 0, 0,
1062 case VNET_API_ERROR_INVALID_VALUE:
1063 error = clib_error_return (0, "External port already in use.");
1065 case VNET_API_ERROR_NO_SUCH_ENTRY:
1067 error = clib_error_return (0, "External address must be allocated.");
1069 error = clib_error_return (0, "Mapping not exist.");
1071 case VNET_API_ERROR_NO_SUCH_FIB:
1072 error = clib_error_return (0, "No such VRF id.");
1074 case VNET_API_ERROR_VALUE_EXIST:
1075 error = clib_error_return (0, "Mapping already exist.");
1077 case VNET_API_ERROR_FEATURE_DISABLED:
1084 unformat_free (line_input);
1089 static clib_error_t *
1090 add_identity_mapping_command_fn (vlib_main_t *vm, unformat_input_t *input,
1091 vlib_cli_command_t *cmd)
1093 unformat_input_t _line_input, *line_input = &_line_input;
1094 clib_error_t *error = 0;
1095 u32 port = 0, vrf_id = ~0;
1099 u32 sw_if_index = ~0;
1100 vnet_main_t *vnm = vnet_get_main ();
1102 nat_protocol_t proto;
1106 if (!unformat_user (input, unformat_line_input, line_input))
1107 return clib_error_return (0, NAT44_EI_EXPECTED_ARGUMENT);
1109 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1111 if (unformat (line_input, "%U", unformat_ip4_address, &addr))
1113 else if (unformat (line_input, "external %U", unformat_vnet_sw_interface,
1116 else if (unformat (line_input, "vrf %u", &vrf_id))
1118 else if (unformat (line_input, "%U %u", unformat_nat_protocol, &proto,
1121 else if (unformat (line_input, "del"))
1125 error = clib_error_return (0, "unknown input: '%U'",
1126 format_unformat_error, line_input);
1131 rv = nat44_ei_add_del_static_mapping (
1132 addr, addr, clib_host_to_net_u16 (port), clib_host_to_net_u16 (port),
1133 proto, sw_if_index, vrf_id, addr_only, 1, 0, is_add);
1137 case VNET_API_ERROR_INVALID_VALUE:
1138 error = clib_error_return (0, "External port already in use.");
1140 case VNET_API_ERROR_NO_SUCH_ENTRY:
1142 error = clib_error_return (0, "External address must be allocated.");
1144 error = clib_error_return (0, "Mapping not exist.");
1146 case VNET_API_ERROR_NO_SUCH_FIB:
1147 error = clib_error_return (0, "No such VRF id.");
1149 case VNET_API_ERROR_VALUE_EXIST:
1150 error = clib_error_return (0, "Mapping already exist.");
1157 unformat_free (line_input);
1162 static clib_error_t *
1163 nat44_ei_show_static_mappings_command_fn (vlib_main_t *vm,
1164 unformat_input_t *input,
1165 vlib_cli_command_t *cmd)
1167 nat44_ei_main_t *nm = &nat44_ei_main;
1168 nat44_ei_static_mapping_t *m;
1169 nat44_ei_static_map_resolve_t *rp;
1171 vlib_cli_output (vm, "NAT44 static mappings:");
1172 pool_foreach (m, nm->static_mappings)
1174 vlib_cli_output (vm, " %U", format_nat44_ei_static_mapping, m);
1176 vec_foreach (rp, nm->to_resolve)
1177 vlib_cli_output (vm, " %U", format_nat44_ei_static_map_to_resolve, rp);
1182 static clib_error_t *
1183 nat44_ei_add_interface_address_command_fn (vlib_main_t *vm,
1184 unformat_input_t *input,
1185 vlib_cli_command_t *cmd)
1187 nat44_ei_main_t *nm = &nat44_ei_main;
1188 unformat_input_t _line_input, *line_input = &_line_input;
1192 clib_error_t *error = 0;
1194 if (!unformat_user (input, unformat_line_input, line_input))
1195 return clib_error_return (0, NAT44_EI_EXPECTED_ARGUMENT);
1197 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1199 if (unformat (line_input, "%U", unformat_vnet_sw_interface,
1200 nm->vnet_main, &sw_if_index))
1202 else if (unformat (line_input, "del"))
1206 error = clib_error_return (0, "unknown input '%U'",
1207 format_unformat_error, line_input);
1212 rv = nat44_ei_add_interface_address (nm, sw_if_index, is_del);
1220 error = clib_error_return (
1221 0, "nat44_ei_add_interface_address returned %d", rv);
1226 unformat_free (line_input);
1231 static clib_error_t *
1232 nat44_ei_show_interface_address_command_fn (vlib_main_t *vm,
1233 unformat_input_t *input,
1234 vlib_cli_command_t *cmd)
1236 nat44_ei_main_t *nm = &nat44_ei_main;
1237 vnet_main_t *vnm = vnet_get_main ();
1240 vlib_cli_output (vm, "NAT44 pool address interfaces:");
1241 vec_foreach (sw_if_index, nm->auto_add_sw_if_indices)
1243 vlib_cli_output (vm, " %U", format_vnet_sw_if_index_name, vnm,
1249 static clib_error_t *
1250 nat44_ei_show_sessions_command_fn (vlib_main_t *vm, unformat_input_t *input,
1251 vlib_cli_command_t *cmd)
1253 unformat_input_t _line_input, *line_input = &_line_input;
1254 clib_error_t *error = 0;
1255 ip4_address_t saddr;
1256 u8 filter_saddr = 0;
1258 nat44_ei_main_per_thread_data_t *tnm;
1259 nat44_ei_main_t *nm = &nat44_ei_main;
1264 if (!unformat_user (input, unformat_line_input, line_input))
1267 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1269 if (unformat (line_input, "detail"))
1271 else if (unformat (line_input, "filter saddr %U", unformat_ip4_address,
1276 error = clib_error_return (0, "unknown input '%U'",
1277 format_unformat_error, line_input);
1281 unformat_free (line_input);
1284 vlib_cli_output (vm, "NAT44 sessions:");
1286 vec_foreach_index (i, nm->per_thread_data)
1288 tnm = vec_elt_at_index (nm->per_thread_data, i);
1290 vlib_cli_output (vm, "-------- thread %d %s: %d sessions --------\n", i,
1291 vlib_worker_threads[i].name, pool_elts (tnm->sessions));
1294 pool_foreach (u, tnm->users)
1296 if (filter_saddr && saddr.as_u32 != u->addr.as_u32)
1298 vlib_cli_output (vm, " %U", format_nat44_ei_user, tnm, u, detail);
1304 static clib_error_t *
1305 nat44_ei_del_user_command_fn (vlib_main_t *vm, unformat_input_t *input,
1306 vlib_cli_command_t *cmd)
1308 unformat_input_t _line_input, *line_input = &_line_input;
1309 clib_error_t *error = 0;
1314 if (!unformat_user (input, unformat_line_input, line_input))
1315 return clib_error_return (0, NAT44_EI_EXPECTED_ARGUMENT);
1317 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1319 if (unformat (line_input, "%U", unformat_ip4_address, &addr))
1321 else if (unformat (line_input, "fib %u", &fib_index))
1325 error = clib_error_return (0, "unknown input '%U'",
1326 format_unformat_error, line_input);
1331 rv = nat44_ei_user_del (&addr, fib_index);
1335 error = clib_error_return (0, "nat44_ei_user_del returned %d", rv);
1339 unformat_free (line_input);
1344 static clib_error_t *
1345 nat44_ei_clear_sessions_command_fn (vlib_main_t *vm, unformat_input_t *input,
1346 vlib_cli_command_t *cmd)
1348 clib_error_t *error = 0;
1349 nat44_ei_sessions_clear ();
1353 static clib_error_t *
1354 nat44_ei_del_session_command_fn (vlib_main_t *vm, unformat_input_t *input,
1355 vlib_cli_command_t *cmd)
1357 nat44_ei_main_t *nm = &nat44_ei_main;
1358 unformat_input_t _line_input, *line_input = &_line_input;
1359 u32 port = 0, vrf_id = nm->outside_vrf_id;
1360 clib_error_t *error = 0;
1361 nat_protocol_t proto;
1365 if (!unformat_user (input, unformat_line_input, line_input))
1366 return clib_error_return (0, NAT44_EI_EXPECTED_ARGUMENT);
1368 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1370 if (unformat (line_input, "%U:%u %U", unformat_ip4_address, &addr, &port,
1371 unformat_nat_protocol, &proto))
1373 else if (unformat (line_input, "in"))
1376 vrf_id = nm->inside_vrf_id;
1378 else if (unformat (line_input, "out"))
1381 vrf_id = nm->outside_vrf_id;
1383 else if (unformat (line_input, "vrf %u", &vrf_id))
1387 error = clib_error_return (0, "unknown input '%U'",
1388 format_unformat_error, line_input);
1393 rv = nat44_ei_del_session (nm, &addr, clib_host_to_net_u16 (port), proto,
1402 error = clib_error_return (0, "nat44_ei_del_session returned %d", rv);
1407 unformat_free (line_input);
1412 static clib_error_t *
1413 nat44_ei_forwarding_set_command_fn (vlib_main_t *vm, unformat_input_t *input,
1414 vlib_cli_command_t *cmd)
1416 nat44_ei_main_t *nm = &nat44_ei_main;
1417 unformat_input_t _line_input, *line_input = &_line_input;
1418 clib_error_t *error = 0;
1420 u8 enable_set = 0, enable = 0;
1422 if (!unformat_user (input, unformat_line_input, line_input))
1423 return clib_error_return (0, NAT44_EI_EXPECTED_ARGUMENT);
1425 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1430 if (unformat (line_input, "disable"))
1432 else if (unformat (line_input, "enable"))
1437 error = clib_error_return (0, "unknown input '%U'",
1438 format_unformat_error, line_input);
1444 error = clib_error_return (0, "expected enable | disable");
1446 nm->forwarding_enabled = enable;
1449 unformat_free (line_input);
1453 static clib_error_t *
1454 set_timeout_command_fn (vlib_main_t *vm, unformat_input_t *input,
1455 vlib_cli_command_t *cmd)
1457 nat44_ei_main_t *nm = &nat44_ei_main;
1458 unformat_input_t _line_input, *line_input = &_line_input;
1459 clib_error_t *error = 0;
1461 if (!unformat_user (input, unformat_line_input, line_input))
1462 return clib_error_return (0, NAT44_EI_EXPECTED_ARGUMENT);
1464 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1466 if (unformat (line_input, "udp %u", &nm->timeouts.udp))
1468 else if (unformat (line_input, "tcp-established %u",
1469 &nm->timeouts.tcp.established))
1471 else if (unformat (line_input, "tcp-transitory %u",
1472 &nm->timeouts.tcp.transitory))
1474 else if (unformat (line_input, "icmp %u", &nm->timeouts.icmp))
1476 else if (unformat (line_input, "reset"))
1477 nat_reset_timeouts (&nm->timeouts);
1480 error = clib_error_return (0, "unknown input '%U'",
1481 format_unformat_error, line_input);
1486 unformat_free (line_input);
1490 static clib_error_t *
1491 nat_show_timeouts_command_fn (vlib_main_t *vm, unformat_input_t *input,
1492 vlib_cli_command_t *cmd)
1494 nat44_ei_main_t *nm = &nat44_ei_main;
1496 // TODO: make format timeout function
1497 vlib_cli_output (vm, "udp timeout: %dsec", nm->timeouts.udp);
1498 vlib_cli_output (vm, "tcp-established timeout: %dsec",
1499 nm->timeouts.tcp.established);
1500 vlib_cli_output (vm, "tcp-transitory timeout: %dsec",
1501 nm->timeouts.tcp.transitory);
1502 vlib_cli_output (vm, "icmp timeout: %dsec", nm->timeouts.icmp);
1509 * @cliexstart{nat44 ei}
1510 * Enable nat44 ei plugin
1511 * To enable nat44-ei, use:
1512 * vpp# nat44 ei enable
1513 * To disable nat44-ei, use:
1514 * vpp# nat44 ei disable
1515 * To enable nat44 ei static mapping only, use:
1516 * vpp# nat44 ei enable static-mapping
1517 * To enable nat44 ei static mapping with connection tracking, use:
1518 * vpp# nat44 ei enable static-mapping connection-tracking
1519 * To enable nat44 ei out2in dpo, use:
1520 * vpp# nat44 ei enable out2in-dpo
1521 * To set inside-vrf outside-vrf, use:
1522 * vpp# nat44 ei enable inside-vrf <id> outside-vrf <id>
1525 VLIB_CLI_COMMAND (nat44_ei_enable_disable_command, static) = {
1528 "nat44 ei <enable [sessions <max-number>] [users <max-number>] "
1529 "[static-mappig-only [connection-tracking]|out2in-dpo] [inside-vrf "
1530 "<vrf-id>] [outside-vrf <vrf-id>] [user-sessions <max-number>]>|disable",
1531 .function = nat44_ei_enable_disable_command_fn,
1536 * @cliexstart{set snat44 ei workers}
1537 * Set NAT workers if 2 or more workers available, use:
1538 * vpp# set snat44 ei workers 0-2,5
1541 VLIB_CLI_COMMAND (set_workers_command, static) = {
1542 .path = "set nat44 ei workers",
1543 .function = set_workers_command_fn,
1544 .short_help = "set nat44 ei workers <workers-list>",
1549 * @cliexstart{show nat44 ei workers}
1551 * vpp# show nat44 ei workers:
1557 VLIB_CLI_COMMAND (nat_show_workers_command, static) = {
1558 .path = "show nat44 ei workers",
1559 .short_help = "show nat44 ei workers",
1560 .function = nat_show_workers_command_fn,
1565 * @cliexstart{set nat44 ei timeout}
1566 * Set values of timeouts for NAT sessions (in seconds), use:
1567 * vpp# set nat44 ei timeout udp 120 tcp-established 7500 tcp-transitory 250
1569 * To reset default values use:
1570 * vpp# set nat44 ei timeout reset
1573 VLIB_CLI_COMMAND (set_timeout_command, static) = {
1574 .path = "set nat44 ei timeout",
1575 .function = set_timeout_command_fn,
1576 .short_help = "set nat44 ei timeout [udp <sec> | tcp-established <sec> "
1577 "tcp-transitory <sec> | icmp <sec> | reset]",
1582 * @cliexstart{show nat44 ei timeouts}
1583 * Show values of timeouts for NAT sessions.
1584 * vpp# show nat44 ei timeouts
1585 * udp timeout: 300sec
1586 * tcp-established timeout: 7440sec
1587 * tcp-transitory timeout: 240sec
1588 * icmp timeout: 60sec
1591 VLIB_CLI_COMMAND (nat_show_timeouts_command, static) = {
1592 .path = "show nat44 ei timeouts",
1593 .short_help = "show nat44 ei timeouts",
1594 .function = nat_show_timeouts_command_fn,
1599 * @cliexstart{nat44 ei set logging level}
1600 * To set NAT logging level use:
1601 * Set nat44 ei logging level
1604 VLIB_CLI_COMMAND (nat44_ei_set_log_level_command, static) = {
1605 .path = "nat44 ei set logging level",
1606 .function = nat44_ei_set_log_level_command_fn,
1607 .short_help = "nat44 ei set logging level <level>",
1612 * @cliexstart{snat44 ei ipfix logging}
1613 * To enable NAT IPFIX logging use:
1614 * vpp# nat44 ei ipfix logging
1615 * To set IPFIX exporter use:
1616 * vpp# set ipfix exporter collector 10.10.10.3 src 10.10.10.1
1619 VLIB_CLI_COMMAND (nat44_ei_ipfix_logging_enable_disable_command, static) = {
1620 .path = "nat44 ei ipfix logging",
1621 .function = nat44_ei_ipfix_logging_enable_disable_command_fn,
1622 .short_help = "nat44 ei ipfix logging <enable [domain <domain-id>] "
1623 "[src-port <port>]>|disable",
1628 * @cliexstart{nat44 ei addr-port-assignment-alg}
1629 * Set address and port assignment algorithm
1630 * For the MAP-E CE limit port choice based on PSID use:
1631 * vpp# nat44 ei addr-port-assignment-alg map-e psid 10 psid-offset 6 psid-len
1633 * For port range use:
1634 * vpp# nat44 ei addr-port-assignment-alg port-range <start-port> - <end-port>
1635 * To set standard (default) address and port assignment algorithm use:
1636 * vpp# nat44 ei addr-port-assignment-alg default
1639 VLIB_CLI_COMMAND (nat44_ei_set_alloc_addr_and_port_alg_command, static) = {
1640 .path = "nat44 ei addr-port-assignment-alg",
1641 .short_help = "nat44 ei addr-port-assignment-alg <alg-name> [<alg-params>]",
1642 .function = nat44_ei_set_alloc_addr_and_port_alg_command_fn,
1647 * @cliexstart{show nat44 ei addr-port-assignment-alg}
1648 * Show address and port assignment algorithm
1651 VLIB_CLI_COMMAND (nat44_ei_show_alloc_addr_and_port_alg_command, static) = {
1652 .path = "show nat44 ei addr-port-assignment-alg",
1653 .short_help = "show nat44 ei addr-port-assignment-alg",
1654 .function = nat44_ei_show_alloc_addr_and_port_alg_command_fn,
1659 * @cliexstart{nat44 ei mss-clamping}
1660 * Set TCP MSS rewriting configuration
1661 * To enable TCP MSS rewriting use:
1662 * vpp# nat44 ei mss-clamping 1452
1663 * To disbale TCP MSS rewriting use:
1664 * vpp# nat44 ei mss-clamping disable
1667 VLIB_CLI_COMMAND (nat_set_mss_clamping_command, static) = {
1668 .path = "nat44 ei mss-clamping",
1669 .short_help = "nat44 ei mss-clamping <mss-value>|disable",
1670 .function = nat_set_mss_clamping_command_fn,
1675 * @cliexstart{show nat44 ei mss-clamping}
1676 * Show TCP MSS rewriting configuration
1679 VLIB_CLI_COMMAND (nat_show_mss_clamping_command, static) = {
1680 .path = "show nat44 ei mss-clamping",
1681 .short_help = "show nat44 ei mss-clamping",
1682 .function = nat_show_mss_clamping_command_fn,
1687 * @cliexstart{nat44 ei ha failover}
1688 * Set HA failover (remote settings)
1691 VLIB_CLI_COMMAND (nat_ha_failover_command, static) = {
1692 .path = "nat44 ei ha failover",
1694 "nat44 ei ha failover <ip4-address>:<port> [refresh-interval <sec>]",
1695 .function = nat_ha_failover_command_fn,
1700 * @cliexstart{nat44 ei ha listener}
1701 * Set HA listener (local settings)
1704 VLIB_CLI_COMMAND (nat_ha_listener_command, static) = {
1705 .path = "nat44 ei ha listener",
1707 "nat44 ei ha listener <ip4-address>:<port> [path-mtu <path-mtu>]",
1708 .function = nat_ha_listener_command_fn,
1713 * @cliexstart{show nat44 ei ha}
1714 * Show HA configuration/status
1717 VLIB_CLI_COMMAND (nat_show_ha_command, static) = {
1718 .path = "show nat44 ei ha",
1719 .short_help = "show nat44 ei ha",
1720 .function = nat_show_ha_command_fn,
1725 * @cliexstart{nat44 ei ha flush}
1726 * Flush the current HA data (for testing)
1729 VLIB_CLI_COMMAND (nat_ha_flush_command, static) = {
1730 .path = "nat44 ei ha flush",
1731 .short_help = "nat44 ei ha flush",
1732 .function = nat_ha_flush_command_fn,
1737 * @cliexstart{nat44 ei ha resync}
1738 * Resync HA (resend existing sessions to new failover)
1741 VLIB_CLI_COMMAND (nat_ha_resync_command, static) = {
1742 .path = "nat44 ei ha resync",
1743 .short_help = "nat44 ei ha resync",
1744 .function = nat_ha_resync_command_fn,
1749 * @cliexstart{show nat44 ei hash tables}
1750 * Show NAT44 hash tables
1753 VLIB_CLI_COMMAND (nat44_ei_show_hash, static) = {
1754 .path = "show nat44 ei hash tables",
1755 .short_help = "show nat44 ei hash tables [detail|verbose]",
1756 .function = nat44_ei_show_hash_command_fn,
1761 * @cliexstart{nat44 ei add address}
1762 * Add/delete NAT44 pool address.
1763 * To add NAT44 pool address use:
1764 * vpp# nat44 ei add address 172.16.1.3
1765 * vpp# nat44 ei add address 172.16.2.2 - 172.16.2.24
1766 * To add NAT44 pool address for specific tenant (identified by VRF id) use:
1767 * vpp# nat44 ei add address 172.16.1.3 tenant-vrf 10
1770 VLIB_CLI_COMMAND (add_address_command, static) = {
1771 .path = "nat44 ei add address",
1772 .short_help = "nat44 ei add address <ip4-range-start> [- <ip4-range-end>] "
1773 "[tenant-vrf <vrf-id>] [del]",
1774 .function = add_address_command_fn,
1779 * @cliexstart{show nat44 ei addresses}
1780 * Show NAT44 pool addresses.
1781 * vpp# show nat44 ei addresses
1782 * NAT44 pool addresses:
1784 * tenant VRF independent
1795 VLIB_CLI_COMMAND (nat44_ei_show_addresses_command, static) = {
1796 .path = "show nat44 ei addresses",
1797 .short_help = "show nat44 ei addresses",
1798 .function = nat44_ei_show_addresses_command_fn,
1803 * @cliexstart{set interface nat44}
1804 * Enable/disable NAT44 feature on the interface.
1805 * To enable NAT44 feature with local network interface use:
1806 * vpp# set interface nat44 ei in GigabitEthernet0/8/0
1807 * To enable NAT44 feature with external network interface use:
1808 * vpp# set interface nat44 ei out GigabitEthernet0/a/0
1811 VLIB_CLI_COMMAND (set_interface_nat44_ei_command, static) = {
1812 .path = "set interface nat44 ei",
1813 .function = nat44_ei_feature_command_fn,
1815 "set interface nat44 ei in <intfc> out <intfc> [output-feature] "
1821 * @cliexstart{show nat44 ei interfaces}
1822 * Show interfaces with NAT44 feature.
1823 * vpp# show nat44 ei interfaces
1825 * GigabitEthernet0/8/0 in
1826 * GigabitEthernet0/a/0 out
1829 VLIB_CLI_COMMAND (nat44_ei_show_interfaces_command, static) = {
1830 .path = "show nat44 ei interfaces",
1831 .short_help = "show nat44 ei interfaces",
1832 .function = nat44_ei_show_interfaces_command_fn,
1837 * @cliexstart{nat44 ei add static mapping}
1838 * Static mapping allows hosts on the external network to initiate connection
1839 * to to the local network host.
1840 * To create static mapping between local host address 10.0.0.3 port 6303 and
1841 * external address 4.4.4.4 port 3606 for TCP protocol use:
1842 * vpp# nat44 ei add static mapping tcp local 10.0.0.3 6303 external 4.4.4.4
1844 * If not runnig "static mapping only" NAT plugin mode use before:
1845 * vpp# nat44 ei add address 4.4.4.4
1846 * To create address only static mapping between local and external address
1848 * vpp# nat44 ei add static mapping local 10.0.0.3 external 4.4.4.4
1849 * To create ICMP static mapping between local and external with ICMP echo
1850 * identifier 10 use:
1851 * vpp# nat44 ei add static mapping icmp local 10.0.0.3 10 external 4.4.4.4 10
1854 VLIB_CLI_COMMAND (add_static_mapping_command, static) = {
1855 .path = "nat44 ei add static mapping",
1856 .function = add_static_mapping_command_fn,
1857 .short_help = "nat44 ei add static mapping tcp|udp|icmp local <addr> "
1858 "[<port|icmp-echo-id>] "
1859 "external <addr> [<port|icmp-echo-id>] [vrf <table-id>] [del]",
1864 * @cliexstart{nat44 ei add identity mapping}
1865 * Identity mapping translate an IP address to itself.
1866 * To create identity mapping for address 10.0.0.3 port 6303 for TCP protocol
1868 * vpp# nat44 ei add identity mapping 10.0.0.3 tcp 6303
1869 * To create identity mapping for address 10.0.0.3 use:
1870 * vpp# nat44 ei add identity mapping 10.0.0.3
1871 * To create identity mapping for DHCP addressed interface use:
1872 * vpp# nat44 ei add identity mapping external GigabitEthernet0/a/0 tcp 3606
1875 VLIB_CLI_COMMAND (add_identity_mapping_command, static) = {
1876 .path = "nat44 ei add identity mapping",
1877 .function = add_identity_mapping_command_fn,
1879 "nat44 ei add identity mapping <ip4-addr>|external <interface> "
1880 "[<protocol> <port>] [vrf <table-id>] [del]",
1885 * @cliexstart{show nat44 ei static mappings}
1886 * Show NAT44 static mappings.
1887 * vpp# show nat44 ei static mappings
1888 * NAT44 static mappings:
1889 * local 10.0.0.3 external 4.4.4.4 vrf 0
1890 * tcp local 192.168.0.4:6303 external 4.4.4.3:3606 vrf 0
1891 * tcp vrf 0 external 1.2.3.4:80
1892 * local 10.100.10.10:8080 probability 80
1893 * local 10.100.10.20:8080 probability 20
1894 * tcp local 10.0.0.10:3603 external GigabitEthernet0/a/0:6306 vrf 10
1897 VLIB_CLI_COMMAND (nat44_ei_show_static_mappings_command, static) = {
1898 .path = "show nat44 ei static mappings",
1899 .short_help = "show nat44 ei static mappings",
1900 .function = nat44_ei_show_static_mappings_command_fn,
1905 * @cliexstart{nat44 ei add interface address}
1906 * Use NAT44 pool address from specific interfce
1907 * To add NAT44 pool address from specific interface use:
1908 * vpp# nat44 ei add interface address GigabitEthernet0/8/0
1911 VLIB_CLI_COMMAND (nat44_ei_add_interface_address_command, static) = {
1912 .path = "nat44 ei add interface address",
1913 .short_help = "nat44 ei add interface address <interface> [del]",
1914 .function = nat44_ei_add_interface_address_command_fn,
1919 * @cliexstart{show nat44 ei interface address}
1920 * Show NAT44 pool address interfaces
1921 * vpp# show nat44 ei interface address
1922 * NAT44 pool address interfaces:
1923 * GigabitEthernet0/a/0
1926 VLIB_CLI_COMMAND (nat44_ei_show_interface_address_command, static) = {
1927 .path = "show nat44 ei interface address",
1928 .short_help = "show nat44 ei interface address",
1929 .function = nat44_ei_show_interface_address_command_fn,
1934 * @cliexstart{show nat44 ei sessions}
1935 * Show NAT44 sessions.
1938 VLIB_CLI_COMMAND (nat44_ei_show_sessions_command, static) = {
1939 .path = "show nat44 ei sessions",
1940 .short_help = "show nat44 ei sessions [detail] [filter saddr <ip>]",
1941 .function = nat44_ei_show_sessions_command_fn,
1946 * @cliexstart{nat44 ei del user}
1947 * To delete all NAT44 user sessions:
1948 * vpp# nat44 ei del user 10.0.0.3
1951 VLIB_CLI_COMMAND (nat44_ei_del_user_command, static) = {
1952 .path = "nat44 ei del user",
1953 .short_help = "nat44 ei del user <addr> [fib <index>]",
1954 .function = nat44_ei_del_user_command_fn,
1959 * @cliexstart{clear nat44 ei sessions}
1960 * To clear all NAT44 sessions
1961 * vpp# clear nat44 ei sessions
1964 VLIB_CLI_COMMAND (nat44_ei_clear_sessions_command, static) = {
1965 .path = "clear nat44 ei sessions",
1966 .short_help = "clear nat44 ei sessions",
1967 .function = nat44_ei_clear_sessions_command_fn,
1972 * @cliexstart{nat44 ei del session}
1973 * To administratively delete NAT44 session by inside address and port use:
1974 * vpp# nat44 ei del session in 10.0.0.3:6303 tcp
1975 * To administratively delete NAT44 session by outside address and port use:
1976 * vpp# nat44 ei del session out 1.0.0.3:6033 udp
1979 VLIB_CLI_COMMAND (nat44_ei_del_session_command, static) = {
1980 .path = "nat44 ei del session",
1981 .short_help = "nat44 ei del session in|out <addr>:<port> tcp|udp|icmp [vrf "
1982 "<id>] [external-host <addr>:<port>]",
1983 .function = nat44_ei_del_session_command_fn,
1988 * @cliexstart{nat44 ei forwarding}
1989 * Enable or disable forwarding
1990 * Forward packets which don't match existing translation
1991 * or static mapping instead of dropping them.
1992 * To enable forwarding, use:
1993 * vpp# nat44 ei forwarding enable
1994 * To disable forwarding, use:
1995 * vpp# nat44 ei forwarding disable
1998 VLIB_CLI_COMMAND (nat44_ei_forwarding_set_command, static) = {
1999 .path = "nat44 ei forwarding",
2000 .short_help = "nat44 ei forwarding enable|disable",
2001 .function = nat44_ei_forwarding_set_command_fn,
2005 * fd.io coding-style-patch-verification: ON
2008 * eval: (c-set-style "gnu")
Code Review / vpp.git / blob