2 * Copyright (c) 2018 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
21 #include <nat/nat_ipfix_logging.h>
22 #include <nat/nat_det.h>
23 #include <nat/nat64.h>
24 #include <nat/nat_inlines.h>
25 #include <nat/nat44/inlines.h>
26 #include <nat/nat_affinity.h>
27 #include <vnet/fib/fib_table.h>
28 #include <nat/nat_ha.h>
30 #define UNSUPPORTED_IN_DET_MODE_STR \
31 "This command is unsupported in deterministic mode"
32 #define SUPPORTED_ONLY_IN_DET_MODE_STR \
33 "This command is supported only in deterministic mode"
36 set_workers_command_fn (vlib_main_t * vm,
37 unformat_input_t * input, vlib_cli_command_t * cmd)
39 unformat_input_t _line_input, *line_input = &_line_input;
40 snat_main_t *sm = &snat_main;
43 clib_error_t *error = 0;
45 if (sm->deterministic)
46 return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
48 /* Get a line of input. */
49 if (!unformat_user (input, unformat_line_input, line_input))
52 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
54 if (unformat (line_input, "%U", unformat_bitmap_list, &bitmap))
58 error = clib_error_return (0, "unknown input '%U'",
59 format_unformat_error, line_input);
66 error = clib_error_return (0, "List of workers must be specified.");
70 rv = snat_set_workers (bitmap);
72 clib_bitmap_free (bitmap);
76 case VNET_API_ERROR_INVALID_WORKER:
77 error = clib_error_return (0, "Invalid worker(s).");
79 case VNET_API_ERROR_FEATURE_DISABLED:
80 error = clib_error_return (0,
81 "Supported only if 2 or more workes available.");
88 unformat_free (line_input);
94 nat_show_workers_commnad_fn (vlib_main_t * vm, unformat_input_t * input,
95 vlib_cli_command_t * cmd)
97 snat_main_t *sm = &snat_main;
100 if (sm->deterministic)
101 return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
103 if (sm->num_workers > 1)
105 vlib_cli_output (vm, "%d workers", vec_len (sm->workers));
107 vec_foreach (worker, sm->workers)
109 vlib_worker_thread_t *w =
110 vlib_worker_threads + *worker + sm->first_worker_index;
111 vlib_cli_output (vm, " %s", w->name);
119 static clib_error_t *
120 nat44_session_cleanup_command_fn (vlib_main_t * vm,
121 unformat_input_t * input,
122 vlib_cli_command_t * cmd)
124 clib_error_t *error = 0;
125 nat44_force_users_cleanup ();
129 static clib_error_t *
130 snat_set_log_level_command_fn (vlib_main_t * vm,
131 unformat_input_t * input,
132 vlib_cli_command_t * cmd)
134 unformat_input_t _line_input, *line_input = &_line_input;
135 snat_main_t *sm = &snat_main;
136 u8 log_level = SNAT_LOG_NONE;
137 clib_error_t *error = 0;
139 /* Get a line of input. */
140 if (!unformat_user (input, unformat_line_input, line_input))
143 if (!unformat (line_input, "%d", &log_level))
145 error = clib_error_return (0, "unknown input '%U'",
146 format_unformat_error, line_input);
149 if (log_level > SNAT_LOG_DEBUG)
151 error = clib_error_return (0, "unknown logging level '%d'", log_level);
154 sm->log_level = log_level;
157 unformat_free (line_input);
162 static clib_error_t *
163 snat_ipfix_logging_enable_disable_command_fn (vlib_main_t * vm,
164 unformat_input_t * input,
165 vlib_cli_command_t * cmd)
167 unformat_input_t _line_input, *line_input = &_line_input;
172 clib_error_t *error = 0;
174 /* Get a line of input. */
175 if (!unformat_user (input, unformat_line_input, line_input))
177 rv = snat_ipfix_logging_enable_disable (enable, domain_id,
180 return clib_error_return (0, "ipfix logging enable failed");
184 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
186 if (unformat (line_input, "domain %d", &domain_id))
188 else if (unformat (line_input, "src-port %d", &src_port))
190 else if (unformat (line_input, "disable"))
194 error = clib_error_return (0, "unknown input '%U'",
195 format_unformat_error, line_input);
200 rv = snat_ipfix_logging_enable_disable (enable, domain_id, (u16) src_port);
204 error = clib_error_return (0, "ipfix logging enable failed");
209 unformat_free (line_input);
214 static clib_error_t *
215 nat44_show_hash_commnad_fn (vlib_main_t * vm, unformat_input_t * input,
216 vlib_cli_command_t * cmd)
218 snat_main_t *sm = &snat_main;
219 snat_main_per_thread_data_t *tsm;
220 nat_affinity_main_t *nam = &nat_affinity_main;
224 if (unformat (input, "detail"))
226 else if (unformat (input, "verbose"))
229 vlib_cli_output (vm, "%U", format_bihash_8_8, &sm->static_mapping_by_local,
231 vlib_cli_output (vm, "%U",
232 format_bihash_8_8, &sm->static_mapping_by_external,
234 vec_foreach_index (i, sm->per_thread_data)
236 tsm = vec_elt_at_index (sm->per_thread_data, i);
237 vlib_cli_output (vm, "-------- thread %d %s --------\n",
238 i, vlib_worker_threads[i].name);
239 if (sm->endpoint_dependent)
241 vlib_cli_output (vm, "%U", format_bihash_16_8, &tsm->in2out_ed,
243 vlib_cli_output (vm, "%U", format_bihash_16_8, &tsm->out2in_ed,
248 vlib_cli_output (vm, "%U", format_bihash_8_8, &tsm->in2out, verbose);
249 vlib_cli_output (vm, "%U", format_bihash_8_8, &tsm->out2in, verbose);
251 vlib_cli_output (vm, "%U", format_bihash_8_8, &tsm->user_hash, verbose);
254 if (sm->endpoint_dependent)
255 vlib_cli_output (vm, "%U", format_bihash_16_8, &nam->affinity_hash,
260 static clib_error_t *
261 nat44_set_alloc_addr_and_port_alg_command_fn (vlib_main_t * vm,
262 unformat_input_t * input,
263 vlib_cli_command_t * cmd)
265 unformat_input_t _line_input, *line_input = &_line_input;
266 snat_main_t *sm = &snat_main;
267 clib_error_t *error = 0;
268 u32 psid, psid_offset, psid_length, port_start, port_end;
270 if (sm->deterministic)
271 return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
273 /* Get a line of input. */
274 if (!unformat_user (input, unformat_line_input, line_input))
277 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
279 if (unformat (line_input, "default"))
280 nat_set_alloc_addr_and_port_default ();
283 (line_input, "map-e psid %d psid-offset %d psid-len %d", &psid,
284 &psid_offset, &psid_length))
285 nat_set_alloc_addr_and_port_mape ((u16) psid, (u16) psid_offset,
289 (line_input, "port-range %d - %d", &port_start, &port_end))
291 if (port_end <= port_start)
294 clib_error_return (0,
295 "The end-port must be greater than start-port");
298 nat_set_alloc_addr_and_port_range ((u16) port_start,
303 error = clib_error_return (0, "unknown input '%U'",
304 format_unformat_error, line_input);
310 unformat_free (line_input);
315 static clib_error_t *
316 nat44_show_alloc_addr_and_port_alg_command_fn (vlib_main_t * vm,
317 unformat_input_t * input,
318 vlib_cli_command_t * cmd)
320 snat_main_t *sm = &snat_main;
322 if (sm->deterministic)
323 return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
325 vlib_cli_output (vm, "NAT address and port: %U",
326 format_nat_addr_and_port_alloc_alg,
327 sm->addr_and_port_alloc_alg);
328 switch (sm->addr_and_port_alloc_alg)
330 case NAT_ADDR_AND_PORT_ALLOC_ALG_MAPE:
331 vlib_cli_output (vm, " psid %d psid-offset %d psid-len %d", sm->psid,
332 sm->psid_offset, sm->psid_length);
334 case NAT_ADDR_AND_PORT_ALLOC_ALG_RANGE:
335 vlib_cli_output (vm, " start-port %d end-port %d", sm->start_port,
345 static clib_error_t *
346 nat_set_mss_clamping_command_fn (vlib_main_t * vm, unformat_input_t * input,
347 vlib_cli_command_t * cmd)
349 unformat_input_t _line_input, *line_input = &_line_input;
350 snat_main_t *sm = &snat_main;
351 clib_error_t *error = 0;
354 /* Get a line of input. */
355 if (!unformat_user (input, unformat_line_input, line_input))
358 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
360 if (unformat (line_input, "disable"))
361 sm->mss_clamping = 0;
362 else if (unformat (line_input, "%d", &mss))
364 sm->mss_clamping = (u16) mss;
365 sm->mss_value_net = clib_host_to_net_u16 (sm->mss_clamping);
369 error = clib_error_return (0, "unknown input '%U'",
370 format_unformat_error, line_input);
376 unformat_free (line_input);
381 static clib_error_t *
382 nat_show_mss_clamping_command_fn (vlib_main_t * vm, unformat_input_t * input,
383 vlib_cli_command_t * cmd)
385 snat_main_t *sm = &snat_main;
387 if (sm->mss_clamping)
388 vlib_cli_output (vm, "mss-clamping %d", sm->mss_clamping);
390 vlib_cli_output (vm, "mss-clamping disabled");
395 static clib_error_t *
396 nat_ha_failover_command_fn (vlib_main_t * vm, unformat_input_t * input,
397 vlib_cli_command_t * cmd)
399 unformat_input_t _line_input, *line_input = &_line_input;
401 u32 port, session_refresh_interval = 10;
403 clib_error_t *error = 0;
405 /* Get a line of input. */
406 if (!unformat_user (input, unformat_line_input, line_input))
409 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
411 if (unformat (line_input, "%U:%u", unformat_ip4_address, &addr, &port))
415 (line_input, "refresh-interval %u", &session_refresh_interval))
419 error = clib_error_return (0, "unknown input '%U'",
420 format_unformat_error, line_input);
425 rv = nat_ha_set_failover (&addr, (u16) port, session_refresh_interval);
427 error = clib_error_return (0, "set HA failover failed");
430 unformat_free (line_input);
435 static clib_error_t *
436 nat_ha_listener_command_fn (vlib_main_t * vm, unformat_input_t * input,
437 vlib_cli_command_t * cmd)
439 unformat_input_t _line_input, *line_input = &_line_input;
441 u32 port, path_mtu = 512;
443 clib_error_t *error = 0;
445 /* Get a line of input. */
446 if (!unformat_user (input, unformat_line_input, line_input))
449 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
451 if (unformat (line_input, "%U:%u", unformat_ip4_address, &addr, &port))
453 else if (unformat (line_input, "path-mtu %u", &path_mtu))
457 error = clib_error_return (0, "unknown input '%U'",
458 format_unformat_error, line_input);
463 rv = nat_ha_set_listener (&addr, (u16) port, path_mtu);
465 error = clib_error_return (0, "set HA listener failed");
468 unformat_free (line_input);
473 static clib_error_t *
474 nat_show_ha_command_fn (vlib_main_t * vm, unformat_input_t * input,
475 vlib_cli_command_t * cmd)
479 u32 path_mtu, session_refresh_interval, resync_ack_missed;
482 nat_ha_get_listener (&addr, &port, &path_mtu);
485 vlib_cli_output (vm, "NAT HA disabled\n");
489 vlib_cli_output (vm, "LISTENER:\n");
490 vlib_cli_output (vm, " %U:%u path-mtu %u\n",
491 format_ip4_address, &addr, port, path_mtu);
493 nat_ha_get_failover (&addr, &port, &session_refresh_interval);
494 vlib_cli_output (vm, "FAILOVER:\n");
496 vlib_cli_output (vm, " %U:%u refresh-interval %usec\n",
497 format_ip4_address, &addr, port,
498 session_refresh_interval);
500 vlib_cli_output (vm, " NA\n");
502 nat_ha_get_resync_status (&in_resync, &resync_ack_missed);
503 vlib_cli_output (vm, "RESYNC:\n");
505 vlib_cli_output (vm, " in progress\n");
507 vlib_cli_output (vm, " completed (%d ACK missed)\n", resync_ack_missed);
512 static clib_error_t *
513 nat_ha_flush_command_fn (vlib_main_t * vm, unformat_input_t * input,
514 vlib_cli_command_t * cmd)
520 static clib_error_t *
521 nat_ha_resync_command_fn (vlib_main_t * vm, unformat_input_t * input,
522 vlib_cli_command_t * cmd)
524 clib_error_t *error = 0;
526 if (nat_ha_resync (0, 0, 0))
527 error = clib_error_return (0, "NAT HA resync already running");
532 static clib_error_t *
533 add_address_command_fn (vlib_main_t * vm,
534 unformat_input_t * input, vlib_cli_command_t * cmd)
536 unformat_input_t _line_input, *line_input = &_line_input;
537 snat_main_t *sm = &snat_main;
538 ip4_address_t start_addr, end_addr, this_addr;
539 u32 start_host_order, end_host_order;
544 clib_error_t *error = 0;
547 if (sm->deterministic)
548 return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
550 /* Get a line of input. */
551 if (!unformat_user (input, unformat_line_input, line_input))
554 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
556 if (unformat (line_input, "%U - %U",
557 unformat_ip4_address, &start_addr,
558 unformat_ip4_address, &end_addr))
560 else if (unformat (line_input, "tenant-vrf %u", &vrf_id))
562 else if (unformat (line_input, "%U", unformat_ip4_address, &start_addr))
563 end_addr = start_addr;
564 else if (unformat (line_input, "twice-nat"))
566 else if (unformat (line_input, "del"))
570 error = clib_error_return (0, "unknown input '%U'",
571 format_unformat_error, line_input);
576 if (sm->static_mapping_only)
578 error = clib_error_return (0, "static mapping only mode");
582 start_host_order = clib_host_to_net_u32 (start_addr.as_u32);
583 end_host_order = clib_host_to_net_u32 (end_addr.as_u32);
585 if (end_host_order < start_host_order)
587 error = clib_error_return (0, "end address less than start address");
591 count = (end_host_order - start_host_order) + 1;
594 nat_log_info ("%U - %U, %d addresses...",
595 format_ip4_address, &start_addr,
596 format_ip4_address, &end_addr, count);
598 this_addr = start_addr;
600 for (i = 0; i < count; i++)
603 rv = snat_add_address (sm, &this_addr, vrf_id, twice_nat);
605 rv = snat_del_address (sm, this_addr, 0, twice_nat);
609 case VNET_API_ERROR_VALUE_EXIST:
610 error = clib_error_return (0, "NAT address already in use.");
612 case VNET_API_ERROR_NO_SUCH_ENTRY:
613 error = clib_error_return (0, "NAT address not exist.");
615 case VNET_API_ERROR_UNSPECIFIED:
617 clib_error_return (0, "NAT address used in static mapping.");
619 case VNET_API_ERROR_FEATURE_DISABLED:
621 clib_error_return (0,
622 "twice NAT available only for endpoint-dependent mode.");
629 nat44_add_del_address_dpo (this_addr, is_add);
631 increment_v4_address (&this_addr);
635 unformat_free (line_input);
640 static clib_error_t *
641 nat44_show_summary_command_fn (vlib_main_t * vm, unformat_input_t * input,
642 vlib_cli_command_t * cmd)
644 snat_main_per_thread_data_t *tsm;
645 snat_main_t *sm = &snat_main;
648 if (sm->deterministic || !sm->endpoint_dependent)
649 return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
651 // print session configuration values
652 vlib_cli_output (vm, "max translations: %u", sm->max_translations);
653 vlib_cli_output (vm, "max translations per user: %u",
654 sm->max_translations_per_user);
658 u64 now = vlib_time_now (sm->vlib_main);
659 u64 sess_timeout_time;
661 u32 udp_sessions = 0;
662 u32 tcp_sessions = 0;
663 u32 icmp_sessions = 0;
667 u32 transitory_wait_closed = 0;
668 u32 transitory_closed = 0;
671 if (sm->num_workers > 1)
674 vec_foreach (tsm, sm->per_thread_data)
676 pool_foreach (s, tsm->sessions,
678 sess_timeout_time = s->last_heard +
679 (f64) nat44_session_get_timeout (sm, s);
680 if (now >= sess_timeout_time)
683 switch (s->in2out.protocol)
685 case SNAT_PROTOCOL_ICMP:
688 case SNAT_PROTOCOL_TCP:
692 if (s->tcp_close_timestamp)
694 if (now >= s->tcp_close_timestamp)
700 ++transitory_wait_closed;
711 case SNAT_PROTOCOL_UDP:
717 count += pool_elts (tsm->sessions);
719 vlib_cli_output (vm, "tid[%u] session scavenging cleared: %u",
720 tsm->thread_index, tsm->cleared);
721 vlib_cli_output (vm, "tid[%u] session scavenging cleanup runs: %u",
722 tsm->thread_index, tsm->cleanup_runs);
724 if (now < tsm->cleanup_timeout)
725 vlib_cli_output (vm, "tid[%u] session scavenging next run in: %f",
726 tsm->thread_index, tsm->cleanup_timeout - now);
728 vlib_cli_output (vm, "tid[%u] session scavenging next run in: 0",
735 tsm = vec_elt_at_index (sm->per_thread_data, sm->num_workers);
737 pool_foreach (s, tsm->sessions,
739 sess_timeout_time = s->last_heard +
740 (f64) nat44_session_get_timeout (sm, s);
741 if (now >= sess_timeout_time)
744 switch (s->in2out.protocol)
746 case SNAT_PROTOCOL_ICMP:
749 case SNAT_PROTOCOL_TCP:
753 if (s->tcp_close_timestamp)
755 if (now >= s->tcp_close_timestamp)
761 ++transitory_wait_closed;
772 case SNAT_PROTOCOL_UDP:
779 count = pool_elts (tsm->sessions);
781 vlib_cli_output (vm, "tid[0] session scavenging cleared: %u",
783 vlib_cli_output (vm, "tid[0] session scavenging cleanup runs: %u",
786 if (now < tsm->cleanup_timeout)
787 vlib_cli_output (vm, "tid[0] session scavenging next run in: %f",
788 tsm->cleanup_timeout - now);
790 vlib_cli_output (vm, "tid[0] session scavenging next run in: 0");
793 vlib_cli_output (vm, "total timed out sessions: %u", timed_out);
794 vlib_cli_output (vm, "total sessions: %u", count);
795 vlib_cli_output (vm, "total tcp sessions: %u", tcp_sessions);
796 vlib_cli_output (vm, "total tcp established sessions: %u", established);
797 vlib_cli_output (vm, "total tcp transitory sessions: %u", transitory);
798 vlib_cli_output (vm, "total tcp transitory (WAIT-CLOSED) sessions: %u",
799 transitory_wait_closed);
800 vlib_cli_output (vm, "total tcp transitory (CLOSED) sessions: %u",
802 vlib_cli_output (vm, "total udp sessions: %u", udp_sessions);
803 vlib_cli_output (vm, "total icmp sessions: %u", icmp_sessions);
807 static clib_error_t *
808 nat44_show_addresses_command_fn (vlib_main_t * vm, unformat_input_t * input,
809 vlib_cli_command_t * cmd)
811 snat_main_t *sm = &snat_main;
814 if (sm->deterministic)
815 return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
817 vlib_cli_output (vm, "NAT44 pool addresses:");
819 vec_foreach (ap, sm->addresses)
821 vlib_cli_output (vm, "%U", format_ip4_address, &ap->addr);
822 if (ap->fib_index != ~0)
823 vlib_cli_output (vm, " tenant VRF: %u",
824 fib_table_get(ap->fib_index, FIB_PROTOCOL_IP4)->ft_table_id);
826 vlib_cli_output (vm, " tenant VRF independent");
827 #define _(N, i, n, s) \
828 vlib_cli_output (vm, " %d busy %s ports", ap->busy_##n##_ports, s);
829 foreach_snat_protocol
832 vlib_cli_output (vm, "NAT44 twice-nat pool addresses:");
833 vec_foreach (ap, sm->twice_nat_addresses)
835 vlib_cli_output (vm, "%U", format_ip4_address, &ap->addr);
836 if (ap->fib_index != ~0)
837 vlib_cli_output (vm, " tenant VRF: %u",
838 fib_table_get(ap->fib_index, FIB_PROTOCOL_IP4)->ft_table_id);
840 vlib_cli_output (vm, " tenant VRF independent");
841 #define _(N, i, n, s) \
842 vlib_cli_output (vm, " %d busy %s ports", ap->busy_##n##_ports, s);
843 foreach_snat_protocol
850 static clib_error_t *
851 snat_feature_command_fn (vlib_main_t * vm,
852 unformat_input_t * input, vlib_cli_command_t * cmd)
854 unformat_input_t _line_input, *line_input = &_line_input;
855 vnet_main_t *vnm = vnet_get_main ();
856 clib_error_t *error = 0;
858 u32 *inside_sw_if_indices = 0;
859 u32 *outside_sw_if_indices = 0;
860 u8 is_output_feature = 0;
866 /* Get a line of input. */
867 if (!unformat_user (input, unformat_line_input, line_input))
870 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
872 if (unformat (line_input, "in %U", unformat_vnet_sw_interface,
874 vec_add1 (inside_sw_if_indices, sw_if_index);
875 else if (unformat (line_input, "out %U", unformat_vnet_sw_interface,
877 vec_add1 (outside_sw_if_indices, sw_if_index);
878 else if (unformat (line_input, "output-feature"))
879 is_output_feature = 1;
880 else if (unformat (line_input, "del"))
884 error = clib_error_return (0, "unknown input '%U'",
885 format_unformat_error, line_input);
890 if (vec_len (inside_sw_if_indices))
892 for (i = 0; i < vec_len (inside_sw_if_indices); i++)
894 sw_if_index = inside_sw_if_indices[i];
895 if (is_output_feature)
897 if (snat_interface_add_del_output_feature
898 (sw_if_index, 1, is_del))
900 error = clib_error_return (0, "%s %U failed",
901 is_del ? "del" : "add",
902 format_vnet_sw_if_index_name,
909 if (snat_interface_add_del (sw_if_index, 1, is_del))
911 error = clib_error_return (0, "%s %U failed",
912 is_del ? "del" : "add",
913 format_vnet_sw_if_index_name,
921 if (vec_len (outside_sw_if_indices))
923 for (i = 0; i < vec_len (outside_sw_if_indices); i++)
925 sw_if_index = outside_sw_if_indices[i];
926 if (is_output_feature)
928 if (snat_interface_add_del_output_feature
929 (sw_if_index, 0, is_del))
931 error = clib_error_return (0, "%s %U failed",
932 is_del ? "del" : "add",
933 format_vnet_sw_if_index_name,
940 if (snat_interface_add_del (sw_if_index, 0, is_del))
942 error = clib_error_return (0, "%s %U failed",
943 is_del ? "del" : "add",
944 format_vnet_sw_if_index_name,
953 unformat_free (line_input);
954 vec_free (inside_sw_if_indices);
955 vec_free (outside_sw_if_indices);
960 static clib_error_t *
961 nat44_show_interfaces_command_fn (vlib_main_t * vm, unformat_input_t * input,
962 vlib_cli_command_t * cmd)
964 snat_main_t *sm = &snat_main;
966 vnet_main_t *vnm = vnet_get_main ();
968 vlib_cli_output (vm, "NAT44 interfaces:");
970 pool_foreach (i, sm->interfaces,
972 vlib_cli_output (vm, " %U %s", format_vnet_sw_if_index_name, vnm,
974 (nat_interface_is_inside(i) &&
975 nat_interface_is_outside(i)) ? "in out" :
976 (nat_interface_is_inside(i) ? "in" : "out"));
979 pool_foreach (i, sm->output_feature_interfaces,
981 vlib_cli_output (vm, " %U output-feature %s",
982 format_vnet_sw_if_index_name, vnm,
984 (nat_interface_is_inside(i) &&
985 nat_interface_is_outside(i)) ? "in out" :
986 (nat_interface_is_inside(i) ? "in" : "out"));
993 static clib_error_t *
994 add_static_mapping_command_fn (vlib_main_t * vm,
995 unformat_input_t * input,
996 vlib_cli_command_t * cmd)
998 unformat_input_t _line_input, *line_input = &_line_input;
999 snat_main_t *sm = &snat_main;
1000 clib_error_t *error = 0;
1001 ip4_address_t l_addr, e_addr;
1002 u32 l_port = 0, e_port = 0, vrf_id = ~0;
1005 u32 sw_if_index = ~0;
1006 vnet_main_t *vnm = vnet_get_main ();
1008 snat_protocol_t proto = ~0;
1010 twice_nat_type_t twice_nat = TWICE_NAT_DISABLED;
1013 if (sm->deterministic)
1014 return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
1016 /* Get a line of input. */
1017 if (!unformat_user (input, unformat_line_input, line_input))
1020 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1022 if (unformat (line_input, "local %U %u", unformat_ip4_address, &l_addr,
1026 if (unformat (line_input, "local %U", unformat_ip4_address, &l_addr))
1028 else if (unformat (line_input, "external %U %u", unformat_ip4_address,
1031 else if (unformat (line_input, "external %U", unformat_ip4_address,
1034 else if (unformat (line_input, "external %U %u",
1035 unformat_vnet_sw_interface, vnm, &sw_if_index,
1039 else if (unformat (line_input, "external %U",
1040 unformat_vnet_sw_interface, vnm, &sw_if_index))
1042 else if (unformat (line_input, "vrf %u", &vrf_id))
1044 else if (unformat (line_input, "%U", unformat_snat_protocol, &proto))
1046 else if (unformat (line_input, "twice-nat"))
1047 twice_nat = TWICE_NAT;
1048 else if (unformat (line_input, "self-twice-nat"))
1049 twice_nat = TWICE_NAT_SELF;
1050 else if (unformat (line_input, "out2in-only"))
1052 else if (unformat (line_input, "del"))
1056 error = clib_error_return (0, "unknown input: '%U'",
1057 format_unformat_error, line_input);
1062 if (twice_nat && addr_only)
1064 error = clib_error_return (0, "twice NAT only for 1:1 NAPT");
1068 if (!addr_only && !proto_set)
1070 error = clib_error_return (0, "missing protocol");
1074 rv = snat_add_static_mapping (l_addr, e_addr, (u16) l_port, (u16) e_port,
1075 vrf_id, addr_only, sw_if_index, proto, is_add,
1076 twice_nat, out2in_only, 0, 0);
1080 case VNET_API_ERROR_INVALID_VALUE:
1081 error = clib_error_return (0, "External port already in use.");
1083 case VNET_API_ERROR_NO_SUCH_ENTRY:
1085 error = clib_error_return (0, "External address must be allocated.");
1087 error = clib_error_return (0, "Mapping not exist.");
1089 case VNET_API_ERROR_NO_SUCH_FIB:
1090 error = clib_error_return (0, "No such VRF id.");
1092 case VNET_API_ERROR_VALUE_EXIST:
1093 error = clib_error_return (0, "Mapping already exist.");
1095 case VNET_API_ERROR_FEATURE_DISABLED:
1097 clib_error_return (0,
1098 "twice-nat/out2in-only available only for endpoint-dependent mode.");
1105 unformat_free (line_input);
1110 static clib_error_t *
1111 add_identity_mapping_command_fn (vlib_main_t * vm,
1112 unformat_input_t * input,
1113 vlib_cli_command_t * cmd)
1115 unformat_input_t _line_input, *line_input = &_line_input;
1116 snat_main_t *sm = &snat_main;
1117 clib_error_t *error = 0;
1119 u32 port = 0, vrf_id = ~0;
1122 u32 sw_if_index = ~0;
1123 vnet_main_t *vnm = vnet_get_main ();
1125 snat_protocol_t proto;
1127 if (sm->deterministic)
1128 return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
1132 /* Get a line of input. */
1133 if (!unformat_user (input, unformat_line_input, line_input))
1136 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1138 if (unformat (line_input, "%U", unformat_ip4_address, &addr))
1140 else if (unformat (line_input, "external %U",
1141 unformat_vnet_sw_interface, vnm, &sw_if_index))
1143 else if (unformat (line_input, "vrf %u", &vrf_id))
1145 else if (unformat (line_input, "%U %u", unformat_snat_protocol, &proto,
1148 else if (unformat (line_input, "del"))
1152 error = clib_error_return (0, "unknown input: '%U'",
1153 format_unformat_error, line_input);
1158 rv = snat_add_static_mapping (addr, addr, (u16) port, (u16) port,
1159 vrf_id, addr_only, sw_if_index, proto, is_add,
1164 case VNET_API_ERROR_INVALID_VALUE:
1165 error = clib_error_return (0, "External port already in use.");
1167 case VNET_API_ERROR_NO_SUCH_ENTRY:
1169 error = clib_error_return (0, "External address must be allocated.");
1171 error = clib_error_return (0, "Mapping not exist.");
1173 case VNET_API_ERROR_NO_SUCH_FIB:
1174 error = clib_error_return (0, "No such VRF id.");
1176 case VNET_API_ERROR_VALUE_EXIST:
1177 error = clib_error_return (0, "Mapping already exist.");
1184 unformat_free (line_input);
1189 static clib_error_t *
1190 add_lb_static_mapping_command_fn (vlib_main_t * vm,
1191 unformat_input_t * input,
1192 vlib_cli_command_t * cmd)
1194 unformat_input_t _line_input, *line_input = &_line_input;
1195 snat_main_t *sm = &snat_main;
1196 clib_error_t *error = 0;
1197 ip4_address_t l_addr, e_addr;
1198 u32 l_port = 0, e_port = 0, vrf_id = 0, probability = 0, affinity = 0;
1201 snat_protocol_t proto;
1203 nat44_lb_addr_port_t *locals = 0, local;
1204 twice_nat_type_t twice_nat = TWICE_NAT_DISABLED;
1207 if (sm->deterministic)
1208 return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
1210 /* Get a line of input. */
1211 if (!unformat_user (input, unformat_line_input, line_input))
1214 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1216 if (unformat (line_input, "local %U:%u probability %u",
1217 unformat_ip4_address, &l_addr, &l_port, &probability))
1219 clib_memset (&local, 0, sizeof (local));
1220 local.addr = l_addr;
1221 local.port = (u16) l_port;
1222 local.probability = (u8) probability;
1223 vec_add1 (locals, local);
1225 else if (unformat (line_input, "local %U:%u vrf %u probability %u",
1226 unformat_ip4_address, &l_addr, &l_port, &vrf_id,
1229 clib_memset (&local, 0, sizeof (local));
1230 local.addr = l_addr;
1231 local.port = (u16) l_port;
1232 local.probability = (u8) probability;
1233 local.vrf_id = vrf_id;
1234 vec_add1 (locals, local);
1236 else if (unformat (line_input, "external %U:%u", unformat_ip4_address,
1239 else if (unformat (line_input, "protocol %U", unformat_snat_protocol,
1242 else if (unformat (line_input, "twice-nat"))
1243 twice_nat = TWICE_NAT;
1244 else if (unformat (line_input, "self-twice-nat"))
1245 twice_nat = TWICE_NAT_SELF;
1246 else if (unformat (line_input, "out2in-only"))
1248 else if (unformat (line_input, "del"))
1250 else if (unformat (line_input, "affinity %u", &affinity))
1254 error = clib_error_return (0, "unknown input: '%U'",
1255 format_unformat_error, line_input);
1260 if (vec_len (locals) < 2)
1262 error = clib_error_return (0, "at least two local must be set");
1268 error = clib_error_return (0, "missing protocol");
1272 rv = nat44_add_del_lb_static_mapping (e_addr, (u16) e_port, proto, locals,
1273 is_add, twice_nat, out2in_only, 0,
1278 case VNET_API_ERROR_INVALID_VALUE:
1279 error = clib_error_return (0, "External port already in use.");
1281 case VNET_API_ERROR_NO_SUCH_ENTRY:
1283 error = clib_error_return (0, "External address must be allocated.");
1285 error = clib_error_return (0, "Mapping not exist.");
1287 case VNET_API_ERROR_VALUE_EXIST:
1288 error = clib_error_return (0, "Mapping already exist.");
1290 case VNET_API_ERROR_FEATURE_DISABLED:
1292 clib_error_return (0, "Available only for endpoint-dependent mode.");
1299 unformat_free (line_input);
1305 static clib_error_t *
1306 add_lb_backend_command_fn (vlib_main_t * vm,
1307 unformat_input_t * input, vlib_cli_command_t * cmd)
1309 unformat_input_t _line_input, *line_input = &_line_input;
1310 snat_main_t *sm = &snat_main;
1311 clib_error_t *error = 0;
1312 ip4_address_t l_addr, e_addr;
1313 u32 l_port = 0, e_port = 0, vrf_id = 0, probability = 0;
1316 snat_protocol_t proto;
1319 if (sm->deterministic)
1320 return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
1322 /* Get a line of input. */
1323 if (!unformat_user (input, unformat_line_input, line_input))
1326 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1328 if (unformat (line_input, "local %U:%u probability %u",
1329 unformat_ip4_address, &l_addr, &l_port, &probability))
1331 else if (unformat (line_input, "local %U:%u vrf %u probability %u",
1332 unformat_ip4_address, &l_addr, &l_port, &vrf_id,
1335 else if (unformat (line_input, "external %U:%u", unformat_ip4_address,
1338 else if (unformat (line_input, "protocol %U", unformat_snat_protocol,
1341 else if (unformat (line_input, "del"))
1345 error = clib_error_return (0, "unknown input: '%U'",
1346 format_unformat_error, line_input);
1351 if (!l_port || !e_port)
1353 error = clib_error_return (0, "local or external must be set");
1359 error = clib_error_return (0, "missing protocol");
1364 nat44_lb_static_mapping_add_del_local (e_addr, (u16) e_port, l_addr,
1365 l_port, proto, vrf_id, probability,
1370 case VNET_API_ERROR_INVALID_VALUE:
1371 error = clib_error_return (0, "External is not load-balancing static "
1374 case VNET_API_ERROR_NO_SUCH_ENTRY:
1375 error = clib_error_return (0, "Mapping or back-end not exist.");
1377 case VNET_API_ERROR_VALUE_EXIST:
1378 error = clib_error_return (0, "Back-end already exist.");
1380 case VNET_API_ERROR_FEATURE_DISABLED:
1382 clib_error_return (0, "Available only for endpoint-dependent mode.");
1384 case VNET_API_ERROR_UNSPECIFIED:
1385 error = clib_error_return (0, "At least two back-ends must remain");
1392 unformat_free (line_input);
1397 static clib_error_t *
1398 nat44_show_static_mappings_command_fn (vlib_main_t * vm,
1399 unformat_input_t * input,
1400 vlib_cli_command_t * cmd)
1402 snat_main_t *sm = &snat_main;
1403 snat_static_mapping_t *m;
1404 snat_static_map_resolve_t *rp;
1406 if (sm->deterministic)
1407 return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
1409 vlib_cli_output (vm, "NAT44 static mappings:");
1411 pool_foreach (m, sm->static_mappings,
1413 vlib_cli_output (vm, " %U", format_snat_static_mapping, m);
1415 vec_foreach (rp, sm->to_resolve)
1416 vlib_cli_output (vm, " %U", format_snat_static_map_to_resolve, rp);
1422 static clib_error_t *
1423 snat_add_interface_address_command_fn (vlib_main_t * vm,
1424 unformat_input_t * input,
1425 vlib_cli_command_t * cmd)
1427 snat_main_t *sm = &snat_main;
1428 unformat_input_t _line_input, *line_input = &_line_input;
1432 clib_error_t *error = 0;
1435 if (sm->deterministic)
1436 return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
1438 /* Get a line of input. */
1439 if (!unformat_user (input, unformat_line_input, line_input))
1442 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1444 if (unformat (line_input, "%U", unformat_vnet_sw_interface,
1445 sm->vnet_main, &sw_if_index))
1447 else if (unformat (line_input, "twice-nat"))
1449 else if (unformat (line_input, "del"))
1453 error = clib_error_return (0, "unknown input '%U'",
1454 format_unformat_error, line_input);
1459 rv = snat_add_interface_address (sm, sw_if_index, is_del, twice_nat);
1467 error = clib_error_return (0, "snat_add_interface_address returned %d",
1473 unformat_free (line_input);
1478 static clib_error_t *
1479 nat44_show_interface_address_command_fn (vlib_main_t * vm,
1480 unformat_input_t * input,
1481 vlib_cli_command_t * cmd)
1483 snat_main_t *sm = &snat_main;
1484 vnet_main_t *vnm = vnet_get_main ();
1487 if (sm->deterministic)
1488 return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
1491 vlib_cli_output (vm, "NAT44 pool address interfaces:");
1492 vec_foreach (sw_if_index, sm->auto_add_sw_if_indices)
1494 vlib_cli_output (vm, " %U", format_vnet_sw_if_index_name, vnm,
1497 vlib_cli_output (vm, "NAT44 twice-nat pool address interfaces:");
1498 vec_foreach (sw_if_index, sm->auto_add_sw_if_indices_twice_nat)
1500 vlib_cli_output (vm, " %U", format_vnet_sw_if_index_name, vnm,
1508 static clib_error_t *
1509 nat44_show_sessions_command_fn (vlib_main_t * vm, unformat_input_t * input,
1510 vlib_cli_command_t * cmd)
1512 unformat_input_t _line_input, *line_input = &_line_input;
1513 clib_error_t *error = 0;
1514 snat_main_t *sm = &snat_main;
1515 snat_main_per_thread_data_t *tsm;
1517 int detail = 0, metrics = 0;
1521 if (sm->deterministic)
1522 return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
1524 if (!unformat_user (input, unformat_line_input, line_input))
1527 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1529 if (unformat (line_input, "detail"))
1531 else if (unformat (line_input, "metrics"))
1535 error = clib_error_return (0, "unknown input '%U'",
1536 format_unformat_error, line_input);
1540 unformat_free (line_input);
1543 vlib_cli_output (vm, "NAT44 sessions:");
1545 vec_foreach_index (i, sm->per_thread_data)
1547 tsm = vec_elt_at_index (sm->per_thread_data, i);
1549 vlib_cli_output (vm, "-------- thread %d %s: %d sessions --------\n",
1550 i, vlib_worker_threads[i].name,
1551 pool_elts (tsm->sessions));
1554 u64 now = vlib_time_now (sm->vlib_main);
1555 pool_foreach (u, tsm->users,
1557 vlib_cli_output (vm, " %U", format_snat_user_v2, tsm, u, now);
1562 pool_foreach (u, tsm->users,
1564 vlib_cli_output (vm, " %U", format_snat_user, tsm, u, detail);
1572 static clib_error_t *
1573 nat44_del_user_command_fn (vlib_main_t * vm,
1574 unformat_input_t * input, vlib_cli_command_t * cmd)
1576 snat_main_t *sm = &snat_main;
1577 unformat_input_t _line_input, *line_input = &_line_input;
1578 clib_error_t *error = 0;
1583 if (sm->deterministic)
1584 return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
1586 /* Get a line of input. */
1587 if (!unformat_user (input, unformat_line_input, line_input))
1590 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1592 if (unformat (line_input, "%U", unformat_ip4_address, &addr))
1594 else if (unformat (line_input, "fib %u", &fib_index))
1598 error = clib_error_return (0, "unknown input '%U'",
1599 format_unformat_error, line_input);
1604 rv = nat44_user_del (&addr, fib_index);
1608 error = clib_error_return (0, "nat44_user_del returned %d", rv);
1612 unformat_free (line_input);
1617 static clib_error_t *
1618 nat44_del_session_command_fn (vlib_main_t * vm,
1619 unformat_input_t * input,
1620 vlib_cli_command_t * cmd)
1622 snat_main_t *sm = &snat_main;
1623 unformat_input_t _line_input, *line_input = &_line_input;
1624 int is_in = 0, is_ed = 0;
1625 clib_error_t *error = 0;
1626 ip4_address_t addr, eh_addr;
1627 u32 port = 0, eh_port = 0, vrf_id = sm->outside_vrf_id;
1628 snat_protocol_t proto;
1631 if (sm->deterministic)
1632 return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
1634 /* Get a line of input. */
1635 if (!unformat_user (input, unformat_line_input, line_input))
1638 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1641 (line_input, "%U:%u %U", unformat_ip4_address, &addr, &port,
1642 unformat_snat_protocol, &proto))
1644 else if (unformat (line_input, "in"))
1647 vrf_id = sm->inside_vrf_id;
1649 else if (unformat (line_input, "out"))
1652 vrf_id = sm->outside_vrf_id;
1654 else if (unformat (line_input, "vrf %u", &vrf_id))
1658 (line_input, "external-host %U:%u", unformat_ip4_address,
1659 &eh_addr, &eh_port))
1663 error = clib_error_return (0, "unknown input '%U'",
1664 format_unformat_error, line_input);
1671 nat44_del_ed_session (sm, &addr, port, &eh_addr, eh_port,
1672 snat_proto_to_ip_proto (proto), vrf_id, is_in);
1674 rv = nat44_del_session (sm, &addr, port, proto, vrf_id, is_in);
1682 error = clib_error_return (0, "nat44_del_session returned %d", rv);
1687 unformat_free (line_input);
1692 static clib_error_t *
1693 snat_forwarding_set_command_fn (vlib_main_t * vm,
1694 unformat_input_t * input,
1695 vlib_cli_command_t * cmd)
1697 snat_main_t *sm = &snat_main;
1698 unformat_input_t _line_input, *line_input = &_line_input;
1699 u8 forwarding_enable;
1700 u8 forwarding_enable_set = 0;
1701 clib_error_t *error = 0;
1703 if (sm->deterministic)
1704 return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
1706 /* Get a line of input. */
1707 if (!unformat_user (input, unformat_line_input, line_input))
1708 return clib_error_return (0, "'enable' or 'disable' expected");
1710 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1712 if (!forwarding_enable_set && unformat (line_input, "enable"))
1714 forwarding_enable = 1;
1715 forwarding_enable_set = 1;
1717 else if (!forwarding_enable_set && unformat (line_input, "disable"))
1719 forwarding_enable = 0;
1720 forwarding_enable_set = 1;
1724 error = clib_error_return (0, "unknown input '%U'",
1725 format_unformat_error, line_input);
1730 if (!forwarding_enable_set)
1732 error = clib_error_return (0, "'enable' or 'disable' expected");
1736 sm->forwarding_enabled = forwarding_enable;
1739 unformat_free (line_input);
1744 static clib_error_t *
1745 snat_det_map_command_fn (vlib_main_t * vm,
1746 unformat_input_t * input, vlib_cli_command_t * cmd)
1748 snat_main_t *sm = &snat_main;
1749 unformat_input_t _line_input, *line_input = &_line_input;
1750 ip4_address_t in_addr, out_addr;
1751 u32 in_plen, out_plen;
1753 clib_error_t *error = 0;
1755 if (!sm->deterministic)
1756 return clib_error_return (0, SUPPORTED_ONLY_IN_DET_MODE_STR);
1758 /* Get a line of input. */
1759 if (!unformat_user (input, unformat_line_input, line_input))
1762 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1765 (line_input, "in %U/%u", unformat_ip4_address, &in_addr, &in_plen))
1769 (line_input, "out %U/%u", unformat_ip4_address, &out_addr,
1772 else if (unformat (line_input, "del"))
1776 error = clib_error_return (0, "unknown input '%U'",
1777 format_unformat_error, line_input);
1782 rv = snat_det_add_map (sm, &in_addr, (u8) in_plen, &out_addr, (u8) out_plen,
1787 error = clib_error_return (0, "snat_det_add_map return %d", rv);
1792 unformat_free (line_input);
1797 static clib_error_t *
1798 nat44_det_show_mappings_command_fn (vlib_main_t * vm,
1799 unformat_input_t * input,
1800 vlib_cli_command_t * cmd)
1802 snat_main_t *sm = &snat_main;
1805 if (!sm->deterministic)
1806 return clib_error_return (0, SUPPORTED_ONLY_IN_DET_MODE_STR);
1808 vlib_cli_output (vm, "NAT44 deterministic mappings:");
1810 pool_foreach (dm, sm->det_maps,
1812 vlib_cli_output (vm, " in %U/%d out %U/%d\n",
1813 format_ip4_address, &dm->in_addr, dm->in_plen,
1814 format_ip4_address, &dm->out_addr, dm->out_plen);
1815 vlib_cli_output (vm, " outside address sharing ratio: %d\n",
1817 vlib_cli_output (vm, " number of ports per inside host: %d\n",
1818 dm->ports_per_host);
1819 vlib_cli_output (vm, " sessions number: %d\n", dm->ses_num);
1826 static clib_error_t *
1827 snat_det_forward_command_fn (vlib_main_t * vm,
1828 unformat_input_t * input,
1829 vlib_cli_command_t * cmd)
1831 snat_main_t *sm = &snat_main;
1832 unformat_input_t _line_input, *line_input = &_line_input;
1833 ip4_address_t in_addr, out_addr;
1836 clib_error_t *error = 0;
1838 if (!sm->deterministic)
1839 return clib_error_return (0, SUPPORTED_ONLY_IN_DET_MODE_STR);
1841 /* Get a line of input. */
1842 if (!unformat_user (input, unformat_line_input, line_input))
1845 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1847 if (unformat (line_input, "%U", unformat_ip4_address, &in_addr))
1851 error = clib_error_return (0, "unknown input '%U'",
1852 format_unformat_error, line_input);
1857 dm = snat_det_map_by_user (sm, &in_addr);
1859 vlib_cli_output (vm, "no match");
1862 snat_det_forward (dm, &in_addr, &out_addr, &lo_port);
1863 vlib_cli_output (vm, "%U:<%d-%d>", format_ip4_address, &out_addr,
1864 lo_port, lo_port + dm->ports_per_host - 1);
1868 unformat_free (line_input);
1873 static clib_error_t *
1874 snat_det_reverse_command_fn (vlib_main_t * vm,
1875 unformat_input_t * input,
1876 vlib_cli_command_t * cmd)
1878 snat_main_t *sm = &snat_main;
1879 unformat_input_t _line_input, *line_input = &_line_input;
1880 ip4_address_t in_addr, out_addr;
1883 clib_error_t *error = 0;
1885 if (!sm->deterministic)
1886 return clib_error_return (0, SUPPORTED_ONLY_IN_DET_MODE_STR);
1888 /* Get a line of input. */
1889 if (!unformat_user (input, unformat_line_input, line_input))
1892 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1895 (line_input, "%U:%d", unformat_ip4_address, &out_addr, &out_port))
1899 error = clib_error_return (0, "unknown input '%U'",
1900 format_unformat_error, line_input);
1905 if (out_port < 1024 || out_port > 65535)
1907 error = clib_error_return (0, "wrong port, must be <1024-65535>");
1911 dm = snat_det_map_by_out (sm, &out_addr);
1913 vlib_cli_output (vm, "no match");
1916 snat_det_reverse (dm, &out_addr, (u16) out_port, &in_addr);
1917 vlib_cli_output (vm, "%U", format_ip4_address, &in_addr);
1921 unformat_free (line_input);
1926 static clib_error_t *
1927 set_timeout_command_fn (vlib_main_t * vm,
1928 unformat_input_t * input, vlib_cli_command_t * cmd)
1930 snat_main_t *sm = &snat_main;
1931 unformat_input_t _line_input, *line_input = &_line_input;
1932 clib_error_t *error = 0;
1934 /* Get a line of input. */
1935 if (!unformat_user (input, unformat_line_input, line_input))
1938 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1940 if (unformat (line_input, "udp %u", &sm->udp_timeout))
1942 if (nat64_set_udp_timeout (sm->udp_timeout))
1944 error = clib_error_return (0, "Invalid UDP timeout value");
1948 else if (unformat (line_input, "tcp-established %u",
1949 &sm->tcp_established_timeout))
1951 if (nat64_set_tcp_timeouts
1952 (sm->tcp_transitory_timeout, sm->tcp_established_timeout))
1955 clib_error_return (0,
1956 "Invalid TCP established timeouts value");
1960 else if (unformat (line_input, "tcp-transitory %u",
1961 &sm->tcp_transitory_timeout))
1963 if (nat64_set_tcp_timeouts
1964 (sm->tcp_transitory_timeout, sm->tcp_established_timeout))
1967 clib_error_return (0,
1968 "Invalid TCP transitory timeouts value");
1972 else if (unformat (line_input, "icmp %u", &sm->icmp_timeout))
1974 if (nat64_set_icmp_timeout (sm->icmp_timeout))
1976 error = clib_error_return (0, "Invalid ICMP timeout value");
1980 else if (unformat (line_input, "reset"))
1982 sm->udp_timeout = SNAT_UDP_TIMEOUT;
1983 sm->tcp_established_timeout = SNAT_TCP_ESTABLISHED_TIMEOUT;
1984 sm->tcp_transitory_timeout = SNAT_TCP_TRANSITORY_TIMEOUT;
1985 sm->icmp_timeout = SNAT_ICMP_TIMEOUT;
1986 nat64_set_udp_timeout (0);
1987 nat64_set_icmp_timeout (0);
1988 nat64_set_tcp_timeouts (0, 0);
1992 error = clib_error_return (0, "unknown input '%U'",
1993 format_unformat_error, line_input);
1998 unformat_free (line_input);
1999 sm->min_timeout = nat44_minimal_timeout (sm);
2003 static clib_error_t *
2004 nat_show_timeouts_command_fn (vlib_main_t * vm,
2005 unformat_input_t * input,
2006 vlib_cli_command_t * cmd)
2008 snat_main_t *sm = &snat_main;
2011 vlib_cli_output (vm, "min session cleanup timeout: %dsec", sm->min_timeout);
2012 vlib_cli_output (vm, "udp timeout: %dsec", sm->udp_timeout);
2013 vlib_cli_output (vm, "tcp-established timeout: %dsec",
2014 sm->tcp_established_timeout);
2015 vlib_cli_output (vm, "tcp-transitory timeout: %dsec",
2016 sm->tcp_transitory_timeout);
2017 vlib_cli_output (vm, "icmp timeout: %dsec", sm->icmp_timeout);
2022 static clib_error_t *
2023 nat44_det_show_sessions_command_fn (vlib_main_t * vm,
2024 unformat_input_t * input,
2025 vlib_cli_command_t * cmd)
2027 snat_main_t *sm = &snat_main;
2029 snat_det_session_t *ses;
2032 if (!sm->deterministic)
2033 return clib_error_return (0, SUPPORTED_ONLY_IN_DET_MODE_STR);
2035 vlib_cli_output (vm, "NAT44 deterministic sessions:");
2037 pool_foreach (dm, sm->det_maps,
2039 vec_foreach_index (i, dm->sessions)
2041 ses = vec_elt_at_index (dm->sessions, i);
2043 vlib_cli_output (vm, " %U", format_det_map_ses, dm, ses, &i);
2050 static clib_error_t *
2051 snat_det_close_session_out_fn (vlib_main_t * vm,
2052 unformat_input_t * input,
2053 vlib_cli_command_t * cmd)
2055 snat_main_t *sm = &snat_main;
2056 unformat_input_t _line_input, *line_input = &_line_input;
2057 ip4_address_t out_addr, ext_addr, in_addr;
2058 u32 out_port, ext_port;
2060 snat_det_session_t *ses;
2061 snat_det_out_key_t key;
2062 clib_error_t *error = 0;
2064 if (!sm->deterministic)
2065 return clib_error_return (0, SUPPORTED_ONLY_IN_DET_MODE_STR);
2067 /* Get a line of input. */
2068 if (!unformat_user (input, unformat_line_input, line_input))
2071 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
2073 if (unformat (line_input, "%U:%d %U:%d",
2074 unformat_ip4_address, &out_addr, &out_port,
2075 unformat_ip4_address, &ext_addr, &ext_port))
2079 error = clib_error_return (0, "unknown input '%U'",
2080 format_unformat_error, line_input);
2085 unformat_free (line_input);
2087 dm = snat_det_map_by_out (sm, &out_addr);
2089 vlib_cli_output (vm, "no match");
2092 snat_det_reverse (dm, &ext_addr, (u16) out_port, &in_addr);
2093 key.ext_host_addr = out_addr;
2094 key.ext_host_port = ntohs ((u16) ext_port);
2095 key.out_port = ntohs ((u16) out_port);
2096 ses = snat_det_get_ses_by_out (dm, &out_addr, key.as_u64);
2098 vlib_cli_output (vm, "no match");
2100 snat_det_ses_close (dm, ses);
2104 unformat_free (line_input);
2109 static clib_error_t *
2110 snat_det_close_session_in_fn (vlib_main_t * vm,
2111 unformat_input_t * input,
2112 vlib_cli_command_t * cmd)
2114 snat_main_t *sm = &snat_main;
2115 unformat_input_t _line_input, *line_input = &_line_input;
2116 ip4_address_t in_addr, ext_addr;
2117 u32 in_port, ext_port;
2119 snat_det_session_t *ses;
2120 snat_det_out_key_t key;
2121 clib_error_t *error = 0;
2123 if (!sm->deterministic)
2124 return clib_error_return (0, SUPPORTED_ONLY_IN_DET_MODE_STR);
2126 /* Get a line of input. */
2127 if (!unformat_user (input, unformat_line_input, line_input))
2130 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
2132 if (unformat (line_input, "%U:%d %U:%d",
2133 unformat_ip4_address, &in_addr, &in_port,
2134 unformat_ip4_address, &ext_addr, &ext_port))
2138 error = clib_error_return (0, "unknown input '%U'",
2139 format_unformat_error, line_input);
2144 unformat_free (line_input);
2146 dm = snat_det_map_by_user (sm, &in_addr);
2148 vlib_cli_output (vm, "no match");
2151 key.ext_host_addr = ext_addr;
2152 key.ext_host_port = ntohs ((u16) ext_port);
2154 snat_det_find_ses_by_in (dm, &in_addr, ntohs ((u16) in_port), key);
2156 vlib_cli_output (vm, "no match");
2158 snat_det_ses_close (dm, ses);
2162 unformat_free (line_input);
2170 * @cliexstart{set snat workers}
2171 * Set NAT workers if 2 or more workers available, use:
2172 * vpp# set snat workers 0-2,5
2175 VLIB_CLI_COMMAND (set_workers_command, static) = {
2176 .path = "set nat workers",
2177 .function = set_workers_command_fn,
2178 .short_help = "set nat workers <workers-list>",
2183 * @cliexstart{show nat workers}
2185 * vpp# show nat workers:
2191 VLIB_CLI_COMMAND (nat_show_workers_command, static) = {
2192 .path = "show nat workers",
2193 .short_help = "show nat workers",
2194 .function = nat_show_workers_commnad_fn,
2199 * @cliexstart{set nat timeout}
2200 * Set values of timeouts for NAT sessions (in seconds), use:
2201 * vpp# set nat timeout udp 120 tcp-established 7500 tcp-transitory 250 icmp 90
2202 * To reset default values use:
2203 * vpp# set nat44 deterministic timeout reset
2206 VLIB_CLI_COMMAND (set_timeout_command, static) = {
2207 .path = "set nat timeout",
2208 .function = set_timeout_command_fn,
2210 "set nat timeout [udp <sec> | tcp-established <sec> "
2211 "tcp-transitory <sec> | icmp <sec> | reset]",
2216 * @cliexstart{show nat timeouts}
2217 * Show values of timeouts for NAT sessions.
2218 * vpp# show nat timeouts
2219 * udp timeout: 300sec
2220 * tcp-established timeout: 7440sec
2221 * tcp-transitory timeout: 240sec
2222 * icmp timeout: 60sec
2225 VLIB_CLI_COMMAND (nat_show_timeouts_command, static) = {
2226 .path = "show nat timeouts",
2227 .short_help = "show nat timeouts",
2228 .function = nat_show_timeouts_command_fn,
2233 * @cliexstart{nat set logging level}
2234 * To force garbage collection of nat sessions
2235 * vpp# nat44 session cleanup
2238 VLIB_CLI_COMMAND (nat44_session_cleanup_command, static) = {
2239 .path = "nat44 session cleanup",
2240 .function = nat44_session_cleanup_command_fn,
2241 .short_help = "nat44 session cleanup",
2246 * @cliexstart{nat set logging level}
2247 * To set NAT logging level use:
2248 * Set nat logging level
2251 VLIB_CLI_COMMAND (snat_set_log_level_command, static) = {
2252 .path = "nat set logging level",
2253 .function = snat_set_log_level_command_fn,
2254 .short_help = "nat set logging level <level>",
2259 * @cliexstart{snat ipfix logging}
2260 * To enable NAT IPFIX logging use:
2261 * vpp# nat ipfix logging
2262 * To set IPFIX exporter use:
2263 * vpp# set ipfix exporter collector 10.10.10.3 src 10.10.10.1
2266 VLIB_CLI_COMMAND (snat_ipfix_logging_enable_disable_command, static) = {
2267 .path = "nat ipfix logging",
2268 .function = snat_ipfix_logging_enable_disable_command_fn,
2269 .short_help = "nat ipfix logging [domain <domain-id>] [src-port <port>] [disable]",
2274 * @cliexstart{nat addr-port-assignment-alg}
2275 * Set address and port assignment algorithm
2276 * For the MAP-E CE limit port choice based on PSID use:
2277 * vpp# nat addr-port-assignment-alg map-e psid 10 psid-offset 6 psid-len 6
2278 * For port range use:
2279 * vpp# nat addr-port-assignment-alg port-range <start-port> - <end-port>
2280 * To set standard (default) address and port assignment algorithm use:
2281 * vpp# nat addr-port-assignment-alg default
2284 VLIB_CLI_COMMAND (nat44_set_alloc_addr_and_port_alg_command, static) = {
2285 .path = "nat addr-port-assignment-alg",
2286 .short_help = "nat addr-port-assignment-alg <alg-name> [<alg-params>]",
2287 .function = nat44_set_alloc_addr_and_port_alg_command_fn,
2292 * @cliexstart{show nat addr-port-assignment-alg}
2293 * Show address and port assignment algorithm
2296 VLIB_CLI_COMMAND (nat44_show_alloc_addr_and_port_alg_command, static) = {
2297 .path = "show nat addr-port-assignment-alg",
2298 .short_help = "show nat addr-port-assignment-alg",
2299 .function = nat44_show_alloc_addr_and_port_alg_command_fn,
2304 * @cliexstart{nat mss-clamping}
2305 * Set TCP MSS rewriting configuration
2306 * To enable TCP MSS rewriting use:
2307 * vpp# nat mss-clamping 1452
2308 * To disbale TCP MSS rewriting use:
2309 * vpp# nat mss-clamping disable
2312 VLIB_CLI_COMMAND (nat_set_mss_clamping_command, static) = {
2313 .path = "nat mss-clamping",
2314 .short_help = "nat mss-clamping <mss-value>|disable",
2315 .function = nat_set_mss_clamping_command_fn,
2320 * @cliexstart{show nat mss-clamping}
2321 * Show TCP MSS rewriting configuration
2324 VLIB_CLI_COMMAND (nat_show_mss_clamping_command, static) = {
2325 .path = "show nat mss-clamping",
2326 .short_help = "show nat mss-clamping",
2327 .function = nat_show_mss_clamping_command_fn,
2332 * @cliexstart{nat ha failover}
2333 * Set HA failover (remote settings)
2336 VLIB_CLI_COMMAND (nat_ha_failover_command, static) = {
2337 .path = "nat ha failover",
2338 .short_help = "nat ha failover <ip4-address>:<port> [refresh-interval <sec>]",
2339 .function = nat_ha_failover_command_fn,
2344 * @cliexstart{nat ha listener}
2345 * Set HA listener (local settings)
2348 VLIB_CLI_COMMAND (nat_ha_listener_command, static) = {
2349 .path = "nat ha listener",
2350 .short_help = "nat ha listener <ip4-address>:<port> [path-mtu <path-mtu>]",
2351 .function = nat_ha_listener_command_fn,
2356 * @cliexstart{show nat ha}
2357 * Show HA configuration/status
2360 VLIB_CLI_COMMAND (nat_show_ha_command, static) = {
2361 .path = "show nat ha",
2362 .short_help = "show nat ha",
2363 .function = nat_show_ha_command_fn,
2368 * @cliexstart{nat ha flush}
2369 * Flush the current HA data (for testing)
2372 VLIB_CLI_COMMAND (nat_ha_flush_command, static) = {
2373 .path = "nat ha flush",
2374 .short_help = "nat ha flush",
2375 .function = nat_ha_flush_command_fn,
2380 * @cliexstart{nat ha resync}
2381 * Resync HA (resend existing sessions to new failover)
2384 VLIB_CLI_COMMAND (nat_ha_resync_command, static) = {
2385 .path = "nat ha resync",
2386 .short_help = "nat ha resync",
2387 .function = nat_ha_resync_command_fn,
2392 * @cliexstart{show nat44 hash tables}
2393 * Show NAT44 hash tables
2396 VLIB_CLI_COMMAND (nat44_show_hash, static) = {
2397 .path = "show nat44 hash tables",
2398 .short_help = "show nat44 hash tables [detail|verbose]",
2399 .function = nat44_show_hash_commnad_fn,
2404 * @cliexstart{nat44 add address}
2405 * Add/delete NAT44 pool address.
2406 * To add NAT44 pool address use:
2407 * vpp# nat44 add address 172.16.1.3
2408 * vpp# nat44 add address 172.16.2.2 - 172.16.2.24
2409 * To add NAT44 pool address for specific tenant (identified by VRF id) use:
2410 * vpp# nat44 add address 172.16.1.3 tenant-vrf 10
2413 VLIB_CLI_COMMAND (add_address_command, static) = {
2414 .path = "nat44 add address",
2415 .short_help = "nat44 add address <ip4-range-start> [- <ip4-range-end>] "
2416 "[tenant-vrf <vrf-id>] [twice-nat] [del]",
2417 .function = add_address_command_fn,
2422 * @cliexstart{show nat44 summary}
2423 * Show NAT44 summary
2424 * vpp# show nat44 summary
2427 VLIB_CLI_COMMAND (nat44_show_summary_command, static) = {
2428 .path = "show nat44 summary",
2429 .short_help = "show nat44 summary",
2430 .function = nat44_show_summary_command_fn,
2435 * @cliexstart{show nat44 addresses}
2436 * Show NAT44 pool addresses.
2437 * vpp# show nat44 addresses
2438 * NAT44 pool addresses:
2440 * tenant VRF independent
2449 * NAT44 twice-nat pool addresses:
2451 * tenant VRF independent
2457 VLIB_CLI_COMMAND (nat44_show_addresses_command, static) = {
2458 .path = "show nat44 addresses",
2459 .short_help = "show nat44 addresses",
2460 .function = nat44_show_addresses_command_fn,
2465 * @cliexstart{set interface nat44}
2466 * Enable/disable NAT44 feature on the interface.
2467 * To enable NAT44 feature with local network interface use:
2468 * vpp# set interface nat44 in GigabitEthernet0/8/0
2469 * To enable NAT44 feature with external network interface use:
2470 * vpp# set interface nat44 out GigabitEthernet0/a/0
2473 VLIB_CLI_COMMAND (set_interface_snat_command, static) = {
2474 .path = "set interface nat44",
2475 .function = snat_feature_command_fn,
2476 .short_help = "set interface nat44 in <intfc> out <intfc> [output-feature] "
2482 * @cliexstart{show nat44 interfaces}
2483 * Show interfaces with NAT44 feature.
2484 * vpp# show nat44 interfaces
2486 * GigabitEthernet0/8/0 in
2487 * GigabitEthernet0/a/0 out
2490 VLIB_CLI_COMMAND (nat44_show_interfaces_command, static) = {
2491 .path = "show nat44 interfaces",
2492 .short_help = "show nat44 interfaces",
2493 .function = nat44_show_interfaces_command_fn,
2498 * @cliexstart{nat44 add static mapping}
2499 * Static mapping allows hosts on the external network to initiate connection
2500 * to to the local network host.
2501 * To create static mapping between local host address 10.0.0.3 port 6303 and
2502 * external address 4.4.4.4 port 3606 for TCP protocol use:
2503 * vpp# nat44 add static mapping tcp local 10.0.0.3 6303 external 4.4.4.4 3606
2504 * If not runnig "static mapping only" NAT plugin mode use before:
2505 * vpp# nat44 add address 4.4.4.4
2506 * To create static mapping between local and external address use:
2507 * vpp# nat44 add static mapping local 10.0.0.3 external 4.4.4.4
2510 VLIB_CLI_COMMAND (add_static_mapping_command, static) = {
2511 .path = "nat44 add static mapping",
2512 .function = add_static_mapping_command_fn,
2514 "nat44 add static mapping tcp|udp|icmp local <addr> [<port>] "
2515 "external <addr> [<port>] [vrf <table-id>] [twice-nat|self-twice-nat] "
2516 "[out2in-only] [del]",
2521 * @cliexstart{nat44 add identity mapping}
2522 * Identity mapping translate an IP address to itself.
2523 * To create identity mapping for address 10.0.0.3 port 6303 for TCP protocol
2525 * vpp# nat44 add identity mapping 10.0.0.3 tcp 6303
2526 * To create identity mapping for address 10.0.0.3 use:
2527 * vpp# nat44 add identity mapping 10.0.0.3
2528 * To create identity mapping for DHCP addressed interface use:
2529 * vpp# nat44 add identity mapping external GigabitEthernet0/a/0 tcp 3606
2532 VLIB_CLI_COMMAND (add_identity_mapping_command, static) = {
2533 .path = "nat44 add identity mapping",
2534 .function = add_identity_mapping_command_fn,
2535 .short_help = "nat44 add identity mapping <ip4-addr>|external <interface> "
2536 "[<protocol> <port>] [vrf <table-id>] [del]",
2541 * @cliexstart{nat44 add load-balancing static mapping}
2542 * Service load balancing using NAT44
2543 * To add static mapping with load balancing for service with external IP
2544 * address 1.2.3.4 and TCP port 80 and mapped to 2 local servers
2545 * 10.100.10.10:8080 and 10.100.10.20:8080 with probability 80% resp. 20% use:
2546 * vpp# nat44 add load-balancing static mapping protocol tcp external 1.2.3.4:80 local 10.100.10.10:8080 probability 80 local 10.100.10.20:8080 probability 20
2549 VLIB_CLI_COMMAND (add_lb_static_mapping_command, static) = {
2550 .path = "nat44 add load-balancing static mapping",
2551 .function = add_lb_static_mapping_command_fn,
2553 "nat44 add load-balancing static mapping protocol tcp|udp "
2554 "external <addr>:<port> local <addr>:<port> [vrf <table-id>] "
2555 "probability <n> [twice-nat|self-twice-nat] [out2in-only] "
2556 "[affinity <timeout-seconds>] [del]",
2561 * @cliexstart{nat44 add load-balancing static mapping}
2562 * Modify service load balancing using NAT44
2563 * To add new back-end server 10.100.10.30:8080 for service load balancing
2564 * static mapping with external IP address 1.2.3.4 and TCP port 80 use:
2565 * vpp# nat44 add load-balancing back-end protocol tcp external 1.2.3.4:80 local 10.100.10.30:8080 probability 25
2568 VLIB_CLI_COMMAND (add_lb_backend_command, static) = {
2569 .path = "nat44 add load-balancing back-end",
2570 .function = add_lb_backend_command_fn,
2572 "nat44 add load-balancing back-end protocol tcp|udp "
2573 "external <addr>:<port> local <addr>:<port> [vrf <table-id>] "
2574 "probability <n> [del]",
2579 * @cliexstart{show nat44 static mappings}
2580 * Show NAT44 static mappings.
2581 * vpp# show nat44 static mappings
2582 * NAT44 static mappings:
2583 * local 10.0.0.3 external 4.4.4.4 vrf 0
2584 * tcp local 192.168.0.4:6303 external 4.4.4.3:3606 vrf 0
2585 * tcp vrf 0 external 1.2.3.4:80 out2in-only
2586 * local 10.100.10.10:8080 probability 80
2587 * local 10.100.10.20:8080 probability 20
2588 * tcp local 10.100.3.8:8080 external 169.10.10.1:80 vrf 0 twice-nat
2589 * tcp local 10.0.0.10:3603 external GigabitEthernet0/a/0:6306 vrf 10
2592 VLIB_CLI_COMMAND (nat44_show_static_mappings_command, static) = {
2593 .path = "show nat44 static mappings",
2594 .short_help = "show nat44 static mappings",
2595 .function = nat44_show_static_mappings_command_fn,
2600 * @cliexstart{nat44 add interface address}
2601 * Use NAT44 pool address from specific interfce
2602 * To add NAT44 pool address from specific interface use:
2603 * vpp# nat44 add interface address GigabitEthernet0/8/0
2606 VLIB_CLI_COMMAND (snat_add_interface_address_command, static) = {
2607 .path = "nat44 add interface address",
2608 .short_help = "nat44 add interface address <interface> [twice-nat] [del]",
2609 .function = snat_add_interface_address_command_fn,
2614 * @cliexstart{show nat44 interface address}
2615 * Show NAT44 pool address interfaces
2616 * vpp# show nat44 interface address
2617 * NAT44 pool address interfaces:
2618 * GigabitEthernet0/a/0
2619 * NAT44 twice-nat pool address interfaces:
2620 * GigabitEthernet0/8/0
2623 VLIB_CLI_COMMAND (nat44_show_interface_address_command, static) = {
2624 .path = "show nat44 interface address",
2625 .short_help = "show nat44 interface address",
2626 .function = nat44_show_interface_address_command_fn,
2631 * @cliexstart{show nat44 sessions}
2632 * Show NAT44 sessions.
2635 VLIB_CLI_COMMAND (nat44_show_sessions_command, static) = {
2636 .path = "show nat44 sessions",
2637 .short_help = "show nat44 sessions [detail|metrics]",
2638 .function = nat44_show_sessions_command_fn,
2643 * @cliexstart{nat44 del user}
2644 * To delete all NAT44 user sessions:
2645 * vpp# nat44 del user 10.0.0.3
2648 VLIB_CLI_COMMAND (nat44_del_user_command, static) = {
2649 .path = "nat44 del user",
2650 .short_help = "nat44 del user <addr> [fib <index>]",
2651 .function = nat44_del_user_command_fn,
2656 * @cliexstart{nat44 del session}
2657 * To administratively delete NAT44 session by inside address and port use:
2658 * vpp# nat44 del session in 10.0.0.3:6303 tcp
2659 * To administratively delete NAT44 session by outside address and port use:
2660 * vpp# nat44 del session out 1.0.0.3:6033 udp
2663 VLIB_CLI_COMMAND (nat44_del_session_command, static) = {
2664 .path = "nat44 del session",
2665 .short_help = "nat44 del session in|out <addr>:<port> tcp|udp|icmp [vrf <id>] [external-host <addr>:<port>]",
2666 .function = nat44_del_session_command_fn,
2671 * @cliexstart{nat44 forwarding}
2672 * Enable or disable forwarding
2673 * Forward packets which don't match existing translation
2674 * or static mapping instead of dropping them.
2675 * To enable forwarding, use:
2676 * vpp# nat44 forwarding enable
2677 * To disable forwarding, use:
2678 * vpp# nat44 forwarding disable
2681 VLIB_CLI_COMMAND (snat_forwarding_set_command, static) = {
2682 .path = "nat44 forwarding",
2683 .short_help = "nat44 forwarding enable|disable",
2684 .function = snat_forwarding_set_command_fn,
2689 * @cliexstart{nat44 deterministic add}
2690 * Create bijective mapping of inside address to outside address and port range
2691 * pairs, with the purpose of enabling deterministic NAT to reduce logging in
2693 * To create deterministic mapping between inside network 10.0.0.0/18 and
2694 * outside network 1.1.1.0/30 use:
2695 * # vpp# nat44 deterministic add in 10.0.0.0/18 out 1.1.1.0/30
2698 VLIB_CLI_COMMAND (snat_det_map_command, static) = {
2699 .path = "nat44 deterministic add",
2700 .short_help = "nat44 deterministic add in <addr>/<plen> out <addr>/<plen> [del]",
2701 .function = snat_det_map_command_fn,
2706 * @cliexpstart{show nat44 deterministic mappings}
2707 * Show NAT44 deterministic mappings
2708 * vpp# show nat44 deterministic mappings
2709 * NAT44 deterministic mappings:
2710 * in 10.0.0.0/24 out 1.1.1.1/32
2711 * outside address sharing ratio: 256
2712 * number of ports per inside host: 252
2713 * sessions number: 0
2716 VLIB_CLI_COMMAND (nat44_det_show_mappings_command, static) = {
2717 .path = "show nat44 deterministic mappings",
2718 .short_help = "show nat44 deterministic mappings",
2719 .function = nat44_det_show_mappings_command_fn,
2724 * @cliexstart{nat44 deterministic forward}
2725 * Return outside address and port range from inside address for deterministic
2727 * To obtain outside address and port of inside host use:
2728 * vpp# nat44 deterministic forward 10.0.0.2
2729 * 1.1.1.0:<1054-1068>
2732 VLIB_CLI_COMMAND (snat_det_forward_command, static) = {
2733 .path = "nat44 deterministic forward",
2734 .short_help = "nat44 deterministic forward <addr>",
2735 .function = snat_det_forward_command_fn,
2740 * @cliexstart{nat44 deterministic reverse}
2741 * Return inside address from outside address and port for deterministic NAT.
2742 * To obtain inside host address from outside address and port use:
2743 * #vpp nat44 deterministic reverse 1.1.1.1:1276
2747 VLIB_CLI_COMMAND (snat_det_reverse_command, static) = {
2748 .path = "nat44 deterministic reverse",
2749 .short_help = "nat44 deterministic reverse <addr>:<port>",
2750 .function = snat_det_reverse_command_fn,
2755 * @cliexstart{show nat44 deterministic sessions}
2756 * Show NAT44 deterministic sessions.
2757 * vpp# show nat44 deterministic sessions
2758 * NAT44 deterministic sessions:
2759 * in 10.0.0.3:3005 out 1.1.1.2:1146 external host 172.16.1.2:3006 state: udp-active expire: 306
2760 * in 10.0.0.3:3000 out 1.1.1.2:1141 external host 172.16.1.2:3001 state: udp-active expire: 306
2761 * in 10.0.0.4:3005 out 1.1.1.2:1177 external host 172.16.1.2:3006 state: udp-active expire: 306
2764 VLIB_CLI_COMMAND (nat44_det_show_sessions_command, static) = {
2765 .path = "show nat44 deterministic sessions",
2766 .short_help = "show nat44 deterministic sessions",
2767 .function = nat44_det_show_sessions_command_fn,
2772 * @cliexstart{nat44 deterministic close session out}
2773 * Close session using outside ip address and port
2774 * and external ip address and port, use:
2775 * vpp# nat44 deterministic close session out 1.1.1.1:1276 2.2.2.2:2387
2778 VLIB_CLI_COMMAND (snat_det_close_sesion_out_command, static) = {
2779 .path = "nat44 deterministic close session out",
2780 .short_help = "nat44 deterministic close session out "
2781 "<out_addr>:<out_port> <ext_addr>:<ext_port>",
2782 .function = snat_det_close_session_out_fn,
2787 * @cliexstart{nat44 deterministic close session in}
2788 * Close session using inside ip address and port
2789 * and external ip address and port, use:
2790 * vpp# nat44 deterministic close session in 3.3.3.3:3487 2.2.2.2:2387
2793 VLIB_CLI_COMMAND (snat_det_close_session_in_command, static) = {
2794 .path = "nat44 deterministic close session in",
2795 .short_help = "nat44 deterministic close session in "
2796 "<in_addr>:<in_port> <ext_addr>:<ext_port>",
2797 .function = snat_det_close_session_in_fn,
2803 * fd.io coding-style-patch-verification: ON
2806 * eval: (c-set-style "gnu")
Code Review / vpp.git / blob