2 * Copyright (c) 2018 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
21 #include <nat/nat_ipfix_logging.h>
22 #include <nat/nat_det.h>
23 #include <nat/nat_inlines.h>
24 #include <vnet/fib/fib_table.h>
26 #define UNSUPPORTED_IN_DET_MODE_STR \
27 "This command is unsupported in deterministic mode"
28 #define SUPPORTED_ONLY_IN_DET_MODE_STR \
29 "This command is supported only in deterministic mode"
32 set_workers_command_fn (vlib_main_t * vm,
33 unformat_input_t * input, vlib_cli_command_t * cmd)
35 unformat_input_t _line_input, *line_input = &_line_input;
36 snat_main_t *sm = &snat_main;
39 clib_error_t *error = 0;
41 if (sm->deterministic)
42 return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
44 /* Get a line of input. */
45 if (!unformat_user (input, unformat_line_input, line_input))
48 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
50 if (unformat (line_input, "%U", unformat_bitmap_list, &bitmap))
54 error = clib_error_return (0, "unknown input '%U'",
55 format_unformat_error, line_input);
62 error = clib_error_return (0, "List of workers must be specified.");
66 rv = snat_set_workers (bitmap);
68 clib_bitmap_free (bitmap);
72 case VNET_API_ERROR_INVALID_WORKER:
73 error = clib_error_return (0, "Invalid worker(s).");
75 case VNET_API_ERROR_FEATURE_DISABLED:
76 error = clib_error_return (0,
77 "Supported only if 2 or more workes available.");
84 unformat_free (line_input);
90 nat_show_workers_commnad_fn (vlib_main_t * vm, unformat_input_t * input,
91 vlib_cli_command_t * cmd)
93 snat_main_t *sm = &snat_main;
96 if (sm->deterministic)
97 return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
99 if (sm->num_workers > 1)
101 vlib_cli_output (vm, "%d workers", vec_len (sm->workers));
103 vec_foreach (worker, sm->workers)
105 vlib_worker_thread_t *w =
106 vlib_worker_threads + *worker + sm->first_worker_index;
107 vlib_cli_output (vm, " %s", w->name);
115 static clib_error_t *
116 snat_ipfix_logging_enable_disable_command_fn (vlib_main_t * vm,
117 unformat_input_t * input,
118 vlib_cli_command_t * cmd)
120 unformat_input_t _line_input, *line_input = &_line_input;
125 clib_error_t *error = 0;
127 /* Get a line of input. */
128 if (!unformat_user (input, unformat_line_input, line_input))
131 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
133 if (unformat (line_input, "domain %d", &domain_id))
135 else if (unformat (line_input, "src-port %d", &src_port))
137 else if (unformat (line_input, "disable"))
141 error = clib_error_return (0, "unknown input '%U'",
142 format_unformat_error, line_input);
147 rv = snat_ipfix_logging_enable_disable (enable, domain_id, (u16) src_port);
151 error = clib_error_return (0, "ipfix logging enable failed");
156 unformat_free (line_input);
161 static clib_error_t *
162 nat44_show_hash_commnad_fn (vlib_main_t * vm, unformat_input_t * input,
163 vlib_cli_command_t * cmd)
165 snat_main_t *sm = &snat_main;
166 snat_main_per_thread_data_t *tsm;
170 if (unformat (input, "detail"))
172 else if (unformat (input, "verbose"))
175 vlib_cli_output (vm, "%U", format_bihash_8_8, &sm->static_mapping_by_local,
177 vlib_cli_output (vm, "%U",
178 format_bihash_8_8, &sm->static_mapping_by_external,
180 vec_foreach_index (i, sm->per_thread_data)
182 tsm = vec_elt_at_index (sm->per_thread_data, i);
183 vlib_cli_output (vm, "-------- thread %d %s --------\n",
184 i, vlib_worker_threads[i].name);
185 if (sm->endpoint_dependent)
187 vlib_cli_output (vm, "%U", format_bihash_16_8, &tsm->in2out_ed,
189 vlib_cli_output (vm, "%U", format_bihash_16_8, &tsm->out2in_ed,
194 vlib_cli_output (vm, "%U", format_bihash_8_8, &tsm->in2out, verbose);
195 vlib_cli_output (vm, "%U", format_bihash_8_8, &tsm->out2in, verbose);
197 vlib_cli_output (vm, "%U", format_bihash_8_8, &tsm->user_hash, verbose);
203 static clib_error_t *
204 nat44_set_alloc_addr_and_port_alg_command_fn (vlib_main_t * vm,
205 unformat_input_t * input,
206 vlib_cli_command_t * cmd)
208 unformat_input_t _line_input, *line_input = &_line_input;
209 snat_main_t *sm = &snat_main;
210 clib_error_t *error = 0;
211 u32 psid, psid_offset, psid_length;
213 if (sm->deterministic)
214 return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
216 /* Get a line of input. */
217 if (!unformat_user (input, unformat_line_input, line_input))
220 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
222 if (unformat (line_input, "default"))
223 nat_set_alloc_addr_and_port_default ();
226 (line_input, "map-e psid %d psid-offset %d psid-len %d", &psid,
227 &psid_offset, &psid_length))
228 nat_set_alloc_addr_and_port_mape ((u16) psid, (u16) psid_offset,
232 error = clib_error_return (0, "unknown input '%U'",
233 format_unformat_error, line_input);
239 unformat_free (line_input);
244 static clib_error_t *
245 add_address_command_fn (vlib_main_t * vm,
246 unformat_input_t * input, vlib_cli_command_t * cmd)
248 unformat_input_t _line_input, *line_input = &_line_input;
249 snat_main_t *sm = &snat_main;
250 ip4_address_t start_addr, end_addr, this_addr;
251 u32 start_host_order, end_host_order;
256 clib_error_t *error = 0;
259 if (sm->deterministic)
260 return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
262 /* Get a line of input. */
263 if (!unformat_user (input, unformat_line_input, line_input))
266 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
268 if (unformat (line_input, "%U - %U",
269 unformat_ip4_address, &start_addr,
270 unformat_ip4_address, &end_addr))
272 else if (unformat (line_input, "tenant-vrf %u", &vrf_id))
274 else if (unformat (line_input, "%U", unformat_ip4_address, &start_addr))
275 end_addr = start_addr;
276 else if (unformat (line_input, "twice-nat"))
278 else if (unformat (line_input, "del"))
282 error = clib_error_return (0, "unknown input '%U'",
283 format_unformat_error, line_input);
288 if (sm->static_mapping_only)
290 error = clib_error_return (0, "static mapping only mode");
294 start_host_order = clib_host_to_net_u32 (start_addr.as_u32);
295 end_host_order = clib_host_to_net_u32 (end_addr.as_u32);
297 if (end_host_order < start_host_order)
299 error = clib_error_return (0, "end address less than start address");
303 count = (end_host_order - start_host_order) + 1;
306 nat_log_info ("%U - %U, %d addresses...",
307 format_ip4_address, &start_addr,
308 format_ip4_address, &end_addr, count);
310 this_addr = start_addr;
312 for (i = 0; i < count; i++)
315 rv = snat_add_address (sm, &this_addr, vrf_id, twice_nat);
317 rv = snat_del_address (sm, this_addr, 0, twice_nat);
321 case VNET_API_ERROR_VALUE_EXIST:
322 error = clib_error_return (0, "NAT address already in use.");
324 case VNET_API_ERROR_NO_SUCH_ENTRY:
325 error = clib_error_return (0, "NAT address not exist.");
327 case VNET_API_ERROR_UNSPECIFIED:
329 clib_error_return (0, "NAT address used in static mapping.");
331 case VNET_API_ERROR_FEATURE_DISABLED:
333 clib_error_return (0,
334 "twice NAT available only for endpoint-dependent mode.");
341 nat44_add_del_address_dpo (this_addr, is_add);
343 increment_v4_address (&this_addr);
347 unformat_free (line_input);
352 static clib_error_t *
353 nat44_show_addresses_command_fn (vlib_main_t * vm, unformat_input_t * input,
354 vlib_cli_command_t * cmd)
356 snat_main_t *sm = &snat_main;
359 if (sm->deterministic)
360 return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
362 vlib_cli_output (vm, "NAT44 pool addresses:");
364 vec_foreach (ap, sm->addresses)
366 vlib_cli_output (vm, "%U", format_ip4_address, &ap->addr);
367 if (ap->fib_index != ~0)
368 vlib_cli_output (vm, " tenant VRF: %u",
369 fib_table_get(ap->fib_index, FIB_PROTOCOL_IP4)->ft_table_id);
371 vlib_cli_output (vm, " tenant VRF independent");
372 #define _(N, i, n, s) \
373 vlib_cli_output (vm, " %d busy %s ports", ap->busy_##n##_ports, s);
374 foreach_snat_protocol
377 vlib_cli_output (vm, "NAT44 twice-nat pool addresses:");
378 vec_foreach (ap, sm->twice_nat_addresses)
380 vlib_cli_output (vm, "%U", format_ip4_address, &ap->addr);
381 if (ap->fib_index != ~0)
382 vlib_cli_output (vm, " tenant VRF: %u",
383 fib_table_get(ap->fib_index, FIB_PROTOCOL_IP4)->ft_table_id);
385 vlib_cli_output (vm, " tenant VRF independent");
386 #define _(N, i, n, s) \
387 vlib_cli_output (vm, " %d busy %s ports", ap->busy_##n##_ports, s);
388 foreach_snat_protocol
395 static clib_error_t *
396 snat_feature_command_fn (vlib_main_t * vm,
397 unformat_input_t * input, vlib_cli_command_t * cmd)
399 unformat_input_t _line_input, *line_input = &_line_input;
400 vnet_main_t *vnm = vnet_get_main ();
401 clib_error_t *error = 0;
403 u32 *inside_sw_if_indices = 0;
404 u32 *outside_sw_if_indices = 0;
405 u8 is_output_feature = 0;
411 /* Get a line of input. */
412 if (!unformat_user (input, unformat_line_input, line_input))
415 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
417 if (unformat (line_input, "in %U", unformat_vnet_sw_interface,
419 vec_add1 (inside_sw_if_indices, sw_if_index);
420 else if (unformat (line_input, "out %U", unformat_vnet_sw_interface,
422 vec_add1 (outside_sw_if_indices, sw_if_index);
423 else if (unformat (line_input, "output-feature"))
424 is_output_feature = 1;
425 else if (unformat (line_input, "del"))
429 error = clib_error_return (0, "unknown input '%U'",
430 format_unformat_error, line_input);
435 if (vec_len (inside_sw_if_indices))
437 for (i = 0; i < vec_len (inside_sw_if_indices); i++)
439 sw_if_index = inside_sw_if_indices[i];
440 if (is_output_feature)
442 if (snat_interface_add_del_output_feature
443 (sw_if_index, 1, is_del))
445 error = clib_error_return (0, "%s %U failed",
446 is_del ? "del" : "add",
447 format_vnet_sw_if_index_name,
454 if (snat_interface_add_del (sw_if_index, 1, is_del))
456 error = clib_error_return (0, "%s %U failed",
457 is_del ? "del" : "add",
458 format_vnet_sw_if_index_name,
466 if (vec_len (outside_sw_if_indices))
468 for (i = 0; i < vec_len (outside_sw_if_indices); i++)
470 sw_if_index = outside_sw_if_indices[i];
471 if (is_output_feature)
473 if (snat_interface_add_del_output_feature
474 (sw_if_index, 0, is_del))
476 error = clib_error_return (0, "%s %U failed",
477 is_del ? "del" : "add",
478 format_vnet_sw_if_index_name,
485 if (snat_interface_add_del (sw_if_index, 0, is_del))
487 error = clib_error_return (0, "%s %U failed",
488 is_del ? "del" : "add",
489 format_vnet_sw_if_index_name,
498 unformat_free (line_input);
499 vec_free (inside_sw_if_indices);
500 vec_free (outside_sw_if_indices);
505 static clib_error_t *
506 nat44_show_interfaces_command_fn (vlib_main_t * vm, unformat_input_t * input,
507 vlib_cli_command_t * cmd)
509 snat_main_t *sm = &snat_main;
511 vnet_main_t *vnm = vnet_get_main ();
513 vlib_cli_output (vm, "NAT44 interfaces:");
515 pool_foreach (i, sm->interfaces,
517 vlib_cli_output (vm, " %U %s", format_vnet_sw_if_index_name, vnm,
519 (nat_interface_is_inside(i) &&
520 nat_interface_is_outside(i)) ? "in out" :
521 (nat_interface_is_inside(i) ? "in" : "out"));
524 pool_foreach (i, sm->output_feature_interfaces,
526 vlib_cli_output (vm, " %U output-feature %s",
527 format_vnet_sw_if_index_name, vnm,
529 (nat_interface_is_inside(i) &&
530 nat_interface_is_outside(i)) ? "in out" :
531 (nat_interface_is_inside(i) ? "in" : "out"));
538 static clib_error_t *
539 add_static_mapping_command_fn (vlib_main_t * vm,
540 unformat_input_t * input,
541 vlib_cli_command_t * cmd)
543 unformat_input_t _line_input, *line_input = &_line_input;
544 snat_main_t *sm = &snat_main;
545 clib_error_t *error = 0;
546 ip4_address_t l_addr, e_addr;
547 u32 l_port = 0, e_port = 0, vrf_id = ~0;
550 u32 sw_if_index = ~0;
551 vnet_main_t *vnm = vnet_get_main ();
553 snat_protocol_t proto = ~0;
555 twice_nat_type_t twice_nat = TWICE_NAT_DISABLED;
558 if (sm->deterministic)
559 return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
561 /* Get a line of input. */
562 if (!unformat_user (input, unformat_line_input, line_input))
565 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
567 if (unformat (line_input, "local %U %u", unformat_ip4_address, &l_addr,
571 if (unformat (line_input, "local %U", unformat_ip4_address, &l_addr))
573 else if (unformat (line_input, "external %U %u", unformat_ip4_address,
576 else if (unformat (line_input, "external %U", unformat_ip4_address,
579 else if (unformat (line_input, "external %U %u",
580 unformat_vnet_sw_interface, vnm, &sw_if_index,
584 else if (unformat (line_input, "external %U",
585 unformat_vnet_sw_interface, vnm, &sw_if_index))
587 else if (unformat (line_input, "vrf %u", &vrf_id))
589 else if (unformat (line_input, "%U", unformat_snat_protocol, &proto))
591 else if (unformat (line_input, "twice-nat"))
592 twice_nat = TWICE_NAT;
593 else if (unformat (line_input, "self-twice-nat"))
594 twice_nat = TWICE_NAT_SELF;
595 else if (unformat (line_input, "out2in-only"))
597 else if (unformat (line_input, "del"))
601 error = clib_error_return (0, "unknown input: '%U'",
602 format_unformat_error, line_input);
607 if (twice_nat && addr_only)
609 error = clib_error_return (0, "twice NAT only for 1:1 NAPT");
613 if (!addr_only && !proto_set)
615 error = clib_error_return (0, "missing protocol");
619 rv = snat_add_static_mapping (l_addr, e_addr, (u16) l_port, (u16) e_port,
620 vrf_id, addr_only, sw_if_index, proto, is_add,
621 twice_nat, out2in_only, 0);
625 case VNET_API_ERROR_INVALID_VALUE:
626 error = clib_error_return (0, "External port already in use.");
628 case VNET_API_ERROR_NO_SUCH_ENTRY:
630 error = clib_error_return (0, "External addres must be allocated.");
632 error = clib_error_return (0, "Mapping not exist.");
634 case VNET_API_ERROR_NO_SUCH_FIB:
635 error = clib_error_return (0, "No such VRF id.");
637 case VNET_API_ERROR_VALUE_EXIST:
638 error = clib_error_return (0, "Mapping already exist.");
640 case VNET_API_ERROR_FEATURE_DISABLED:
642 clib_error_return (0,
643 "twice-nat/out2in-only available only for endpoint-dependent mode.");
650 unformat_free (line_input);
655 static clib_error_t *
656 add_identity_mapping_command_fn (vlib_main_t * vm,
657 unformat_input_t * input,
658 vlib_cli_command_t * cmd)
660 unformat_input_t _line_input, *line_input = &_line_input;
661 snat_main_t *sm = &snat_main;
662 clib_error_t *error = 0;
664 u32 port = 0, vrf_id = ~0;
667 u32 sw_if_index = ~0;
668 vnet_main_t *vnm = vnet_get_main ();
670 snat_protocol_t proto;
672 if (sm->deterministic)
673 return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
677 /* Get a line of input. */
678 if (!unformat_user (input, unformat_line_input, line_input))
681 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
683 if (unformat (line_input, "%U", unformat_ip4_address, &addr))
685 else if (unformat (line_input, "external %U",
686 unformat_vnet_sw_interface, vnm, &sw_if_index))
688 else if (unformat (line_input, "vrf %u", &vrf_id))
690 else if (unformat (line_input, "%U %u", unformat_snat_protocol, &proto,
693 else if (unformat (line_input, "del"))
697 error = clib_error_return (0, "unknown input: '%U'",
698 format_unformat_error, line_input);
703 rv = snat_add_static_mapping (addr, addr, (u16) port, (u16) port,
704 vrf_id, addr_only, sw_if_index, proto, is_add,
709 case VNET_API_ERROR_INVALID_VALUE:
710 error = clib_error_return (0, "External port already in use.");
712 case VNET_API_ERROR_NO_SUCH_ENTRY:
714 error = clib_error_return (0, "External addres must be allocated.");
716 error = clib_error_return (0, "Mapping not exist.");
718 case VNET_API_ERROR_NO_SUCH_FIB:
719 error = clib_error_return (0, "No such VRF id.");
721 case VNET_API_ERROR_VALUE_EXIST:
722 error = clib_error_return (0, "Mapping already exist.");
729 unformat_free (line_input);
734 static clib_error_t *
735 add_lb_static_mapping_command_fn (vlib_main_t * vm,
736 unformat_input_t * input,
737 vlib_cli_command_t * cmd)
739 unformat_input_t _line_input, *line_input = &_line_input;
740 snat_main_t *sm = &snat_main;
741 clib_error_t *error = 0;
742 ip4_address_t l_addr, e_addr;
743 u32 l_port = 0, e_port = 0, vrf_id = 0, probability = 0;
746 snat_protocol_t proto;
748 nat44_lb_addr_port_t *locals = 0, local;
749 twice_nat_type_t twice_nat = TWICE_NAT_DISABLED;
752 if (sm->deterministic)
753 return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
755 /* Get a line of input. */
756 if (!unformat_user (input, unformat_line_input, line_input))
759 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
761 if (unformat (line_input, "local %U:%u probability %u",
762 unformat_ip4_address, &l_addr, &l_port, &probability))
764 memset (&local, 0, sizeof (local));
766 local.port = (u16) l_port;
767 local.probability = (u8) probability;
768 vec_add1 (locals, local);
770 else if (unformat (line_input, "local %U:%u vrf %u probability %u",
771 unformat_ip4_address, &l_addr, &l_port, &vrf_id,
774 memset (&local, 0, sizeof (local));
776 local.port = (u16) l_port;
777 local.probability = (u8) probability;
778 local.vrf_id = vrf_id;
779 vec_add1 (locals, local);
781 else if (unformat (line_input, "external %U:%u", unformat_ip4_address,
784 else if (unformat (line_input, "protocol %U", unformat_snat_protocol,
787 else if (unformat (line_input, "twice-nat"))
788 twice_nat = TWICE_NAT;
789 else if (unformat (line_input, "self-twice-nat"))
790 twice_nat = TWICE_NAT_SELF;
791 else if (unformat (line_input, "out2in-only"))
793 else if (unformat (line_input, "del"))
797 error = clib_error_return (0, "unknown input: '%U'",
798 format_unformat_error, line_input);
803 if (vec_len (locals) < 2)
805 error = clib_error_return (0, "at least two local must be set");
811 error = clib_error_return (0, "missing protocol");
815 rv = nat44_add_del_lb_static_mapping (e_addr, (u16) e_port, proto, locals,
816 is_add, twice_nat, out2in_only, 0);
820 case VNET_API_ERROR_INVALID_VALUE:
821 error = clib_error_return (0, "External port already in use.");
823 case VNET_API_ERROR_NO_SUCH_ENTRY:
825 error = clib_error_return (0, "External addres must be allocated.");
827 error = clib_error_return (0, "Mapping not exist.");
829 case VNET_API_ERROR_VALUE_EXIST:
830 error = clib_error_return (0, "Mapping already exist.");
832 case VNET_API_ERROR_FEATURE_DISABLED:
834 clib_error_return (0, "Available only for endpoint-dependent mode.");
841 unformat_free (line_input);
847 static clib_error_t *
848 nat44_show_static_mappings_command_fn (vlib_main_t * vm,
849 unformat_input_t * input,
850 vlib_cli_command_t * cmd)
852 snat_main_t *sm = &snat_main;
853 snat_static_mapping_t *m;
854 snat_static_map_resolve_t *rp;
856 if (sm->deterministic)
857 return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
859 vlib_cli_output (vm, "NAT44 static mappings:");
861 pool_foreach (m, sm->static_mappings,
863 vlib_cli_output (vm, " %U", format_snat_static_mapping, m);
865 vec_foreach (rp, sm->to_resolve)
866 vlib_cli_output (vm, " %U", format_snat_static_map_to_resolve, rp);
872 static clib_error_t *
873 snat_add_interface_address_command_fn (vlib_main_t * vm,
874 unformat_input_t * input,
875 vlib_cli_command_t * cmd)
877 snat_main_t *sm = &snat_main;
878 unformat_input_t _line_input, *line_input = &_line_input;
882 clib_error_t *error = 0;
885 if (sm->deterministic)
886 return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
888 /* Get a line of input. */
889 if (!unformat_user (input, unformat_line_input, line_input))
892 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
894 if (unformat (line_input, "%U", unformat_vnet_sw_interface,
895 sm->vnet_main, &sw_if_index))
897 else if (unformat (line_input, "twice-nat"))
899 else if (unformat (line_input, "del"))
903 error = clib_error_return (0, "unknown input '%U'",
904 format_unformat_error, line_input);
909 rv = snat_add_interface_address (sm, sw_if_index, is_del, twice_nat);
917 error = clib_error_return (0, "snat_add_interface_address returned %d",
923 unformat_free (line_input);
928 static clib_error_t *
929 nat44_show_interface_address_command_fn (vlib_main_t * vm,
930 unformat_input_t * input,
931 vlib_cli_command_t * cmd)
933 snat_main_t *sm = &snat_main;
934 vnet_main_t *vnm = vnet_get_main ();
937 if (sm->deterministic)
938 return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
941 vlib_cli_output (vm, "NAT44 pool address interfaces:");
942 vec_foreach (sw_if_index, sm->auto_add_sw_if_indices)
944 vlib_cli_output (vm, " %U", format_vnet_sw_if_index_name, vnm,
947 vlib_cli_output (vm, "NAT44 twice-nat pool address interfaces:");
948 vec_foreach (sw_if_index, sm->auto_add_sw_if_indices_twice_nat)
950 vlib_cli_output (vm, " %U", format_vnet_sw_if_index_name, vnm,
958 static clib_error_t *
959 nat44_show_sessions_command_fn (vlib_main_t * vm, unformat_input_t * input,
960 vlib_cli_command_t * cmd)
963 snat_main_t *sm = &snat_main;
964 snat_main_per_thread_data_t *tsm;
968 if (sm->deterministic)
969 return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
971 if (unformat (input, "detail"))
974 vlib_cli_output (vm, "NAT44 sessions:");
977 vec_foreach_index (i, sm->per_thread_data)
979 tsm = vec_elt_at_index (sm->per_thread_data, i);
981 vlib_cli_output (vm, "-------- thread %d %s --------\n",
982 i, vlib_worker_threads[i].name);
983 pool_foreach (u, tsm->users,
985 vlib_cli_output (vm, " %U", format_snat_user, tsm, u, verbose);
993 static clib_error_t *
994 nat44_del_session_command_fn (vlib_main_t * vm,
995 unformat_input_t * input,
996 vlib_cli_command_t * cmd)
998 snat_main_t *sm = &snat_main;
999 unformat_input_t _line_input, *line_input = &_line_input;
1000 int is_in = 0, is_ed = 0;
1001 clib_error_t *error = 0;
1002 ip4_address_t addr, eh_addr;
1003 u32 port = 0, eh_port = 0, vrf_id = sm->outside_vrf_id;
1004 snat_protocol_t proto;
1007 if (sm->deterministic)
1008 return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
1010 /* Get a line of input. */
1011 if (!unformat_user (input, unformat_line_input, line_input))
1014 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1017 (line_input, "%U:%u %U", unformat_ip4_address, &addr, &port,
1018 unformat_snat_protocol, &proto))
1020 else if (unformat (line_input, "in"))
1023 vrf_id = sm->inside_vrf_id;
1025 else if (unformat (line_input, "out"))
1028 vrf_id = sm->outside_vrf_id;
1030 else if (unformat (line_input, "vrf %u", &vrf_id))
1034 (line_input, "external-host %U:%u", unformat_ip4_address,
1035 &eh_addr, &eh_port))
1039 error = clib_error_return (0, "unknown input '%U'",
1040 format_unformat_error, line_input);
1047 nat44_del_ed_session (sm, &addr, port, &eh_addr, eh_port,
1048 snat_proto_to_ip_proto (proto), vrf_id, is_in);
1050 rv = nat44_del_session (sm, &addr, port, proto, vrf_id, is_in);
1058 error = clib_error_return (0, "nat44_del_session returned %d", rv);
1063 unformat_free (line_input);
1068 static clib_error_t *
1069 snat_forwarding_set_command_fn (vlib_main_t * vm,
1070 unformat_input_t * input,
1071 vlib_cli_command_t * cmd)
1073 snat_main_t *sm = &snat_main;
1074 unformat_input_t _line_input, *line_input = &_line_input;
1075 u8 forwarding_enable;
1076 u8 forwarding_enable_set = 0;
1077 clib_error_t *error = 0;
1079 if (sm->deterministic)
1080 return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
1082 /* Get a line of input. */
1083 if (!unformat_user (input, unformat_line_input, line_input))
1084 return clib_error_return (0, "'enable' or 'disable' expected");
1086 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1088 if (!forwarding_enable_set && unformat (line_input, "enable"))
1090 forwarding_enable = 1;
1091 forwarding_enable_set = 1;
1093 else if (!forwarding_enable_set && unformat (line_input, "disable"))
1095 forwarding_enable = 0;
1096 forwarding_enable_set = 1;
1100 error = clib_error_return (0, "unknown input '%U'",
1101 format_unformat_error, line_input);
1106 if (!forwarding_enable_set)
1108 error = clib_error_return (0, "'enable' or 'disable' expected");
1112 sm->forwarding_enabled = forwarding_enable;
1115 unformat_free (line_input);
1120 static clib_error_t *
1121 snat_det_map_command_fn (vlib_main_t * vm,
1122 unformat_input_t * input, vlib_cli_command_t * cmd)
1124 snat_main_t *sm = &snat_main;
1125 unformat_input_t _line_input, *line_input = &_line_input;
1126 ip4_address_t in_addr, out_addr;
1127 u32 in_plen, out_plen;
1129 clib_error_t *error = 0;
1131 if (!sm->deterministic)
1132 return clib_error_return (0, SUPPORTED_ONLY_IN_DET_MODE_STR);
1134 /* Get a line of input. */
1135 if (!unformat_user (input, unformat_line_input, line_input))
1138 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1141 (line_input, "in %U/%u", unformat_ip4_address, &in_addr, &in_plen))
1145 (line_input, "out %U/%u", unformat_ip4_address, &out_addr,
1148 else if (unformat (line_input, "del"))
1152 error = clib_error_return (0, "unknown input '%U'",
1153 format_unformat_error, line_input);
1158 rv = snat_det_add_map (sm, &in_addr, (u8) in_plen, &out_addr, (u8) out_plen,
1163 error = clib_error_return (0, "snat_det_add_map return %d", rv);
1168 unformat_free (line_input);
1173 static clib_error_t *
1174 nat44_det_show_mappings_command_fn (vlib_main_t * vm,
1175 unformat_input_t * input,
1176 vlib_cli_command_t * cmd)
1178 snat_main_t *sm = &snat_main;
1181 if (!sm->deterministic)
1182 return clib_error_return (0, SUPPORTED_ONLY_IN_DET_MODE_STR);
1184 vlib_cli_output (vm, "NAT44 deterministic mappings:");
1186 pool_foreach (dm, sm->det_maps,
1188 vlib_cli_output (vm, " in %U/%d out %U/%d\n",
1189 format_ip4_address, &dm->in_addr, dm->in_plen,
1190 format_ip4_address, &dm->out_addr, dm->out_plen);
1191 vlib_cli_output (vm, " outside address sharing ratio: %d\n",
1193 vlib_cli_output (vm, " number of ports per inside host: %d\n",
1194 dm->ports_per_host);
1195 vlib_cli_output (vm, " sessions number: %d\n", dm->ses_num);
1202 static clib_error_t *
1203 snat_det_forward_command_fn (vlib_main_t * vm,
1204 unformat_input_t * input,
1205 vlib_cli_command_t * cmd)
1207 snat_main_t *sm = &snat_main;
1208 unformat_input_t _line_input, *line_input = &_line_input;
1209 ip4_address_t in_addr, out_addr;
1212 clib_error_t *error = 0;
1214 if (!sm->deterministic)
1215 return clib_error_return (0, SUPPORTED_ONLY_IN_DET_MODE_STR);
1217 /* Get a line of input. */
1218 if (!unformat_user (input, unformat_line_input, line_input))
1221 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1223 if (unformat (line_input, "%U", unformat_ip4_address, &in_addr))
1227 error = clib_error_return (0, "unknown input '%U'",
1228 format_unformat_error, line_input);
1233 dm = snat_det_map_by_user (sm, &in_addr);
1235 vlib_cli_output (vm, "no match");
1238 snat_det_forward (dm, &in_addr, &out_addr, &lo_port);
1239 vlib_cli_output (vm, "%U:<%d-%d>", format_ip4_address, &out_addr,
1240 lo_port, lo_port + dm->ports_per_host - 1);
1244 unformat_free (line_input);
1249 static clib_error_t *
1250 snat_det_reverse_command_fn (vlib_main_t * vm,
1251 unformat_input_t * input,
1252 vlib_cli_command_t * cmd)
1254 snat_main_t *sm = &snat_main;
1255 unformat_input_t _line_input, *line_input = &_line_input;
1256 ip4_address_t in_addr, out_addr;
1259 clib_error_t *error = 0;
1261 if (!sm->deterministic)
1262 return clib_error_return (0, SUPPORTED_ONLY_IN_DET_MODE_STR);
1264 /* Get a line of input. */
1265 if (!unformat_user (input, unformat_line_input, line_input))
1268 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1271 (line_input, "%U:%d", unformat_ip4_address, &out_addr, &out_port))
1275 error = clib_error_return (0, "unknown input '%U'",
1276 format_unformat_error, line_input);
1281 if (out_port < 1024 || out_port > 65535)
1283 error = clib_error_return (0, "wrong port, must be <1024-65535>");
1287 dm = snat_det_map_by_out (sm, &out_addr);
1289 vlib_cli_output (vm, "no match");
1292 snat_det_reverse (dm, &out_addr, (u16) out_port, &in_addr);
1293 vlib_cli_output (vm, "%U", format_ip4_address, &in_addr);
1297 unformat_free (line_input);
1302 static clib_error_t *
1303 set_timeout_command_fn (vlib_main_t * vm,
1304 unformat_input_t * input, vlib_cli_command_t * cmd)
1306 snat_main_t *sm = &snat_main;
1307 unformat_input_t _line_input, *line_input = &_line_input;
1308 clib_error_t *error = 0;
1310 if (!sm->deterministic)
1311 return clib_error_return (0, SUPPORTED_ONLY_IN_DET_MODE_STR);
1313 /* Get a line of input. */
1314 if (!unformat_user (input, unformat_line_input, line_input))
1317 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1319 if (unformat (line_input, "udp %u", &sm->udp_timeout))
1321 else if (unformat (line_input, "tcp-established %u",
1322 &sm->tcp_established_timeout))
1324 else if (unformat (line_input, "tcp-transitory %u",
1325 &sm->tcp_transitory_timeout))
1327 else if (unformat (line_input, "icmp %u", &sm->icmp_timeout))
1329 else if (unformat (line_input, "reset"))
1331 sm->udp_timeout = SNAT_UDP_TIMEOUT;
1332 sm->tcp_established_timeout = SNAT_TCP_ESTABLISHED_TIMEOUT;
1333 sm->tcp_transitory_timeout = SNAT_TCP_TRANSITORY_TIMEOUT;
1334 sm->icmp_timeout = SNAT_ICMP_TIMEOUT;
1338 error = clib_error_return (0, "unknown input '%U'",
1339 format_unformat_error, line_input);
1345 unformat_free (line_input);
1350 static clib_error_t *
1351 nat44_det_show_timeouts_command_fn (vlib_main_t * vm,
1352 unformat_input_t * input,
1353 vlib_cli_command_t * cmd)
1355 snat_main_t *sm = &snat_main;
1357 if (!sm->deterministic)
1358 return clib_error_return (0, SUPPORTED_ONLY_IN_DET_MODE_STR);
1360 vlib_cli_output (vm, "udp timeout: %dsec", sm->udp_timeout);
1361 vlib_cli_output (vm, "tcp-established timeout: %dsec",
1362 sm->tcp_established_timeout);
1363 vlib_cli_output (vm, "tcp-transitory timeout: %dsec",
1364 sm->tcp_transitory_timeout);
1365 vlib_cli_output (vm, "icmp timeout: %dsec", sm->icmp_timeout);
1370 static clib_error_t *
1371 nat44_det_show_sessions_command_fn (vlib_main_t * vm,
1372 unformat_input_t * input,
1373 vlib_cli_command_t * cmd)
1375 snat_main_t *sm = &snat_main;
1377 snat_det_session_t *ses;
1380 if (!sm->deterministic)
1381 return clib_error_return (0, SUPPORTED_ONLY_IN_DET_MODE_STR);
1383 vlib_cli_output (vm, "NAT44 deterministic sessions:");
1385 pool_foreach (dm, sm->det_maps,
1387 vec_foreach_index (i, dm->sessions)
1389 ses = vec_elt_at_index (dm->sessions, i);
1391 vlib_cli_output (vm, " %U", format_det_map_ses, dm, ses, &i);
1398 static clib_error_t *
1399 snat_det_close_session_out_fn (vlib_main_t * vm,
1400 unformat_input_t * input,
1401 vlib_cli_command_t * cmd)
1403 snat_main_t *sm = &snat_main;
1404 unformat_input_t _line_input, *line_input = &_line_input;
1405 ip4_address_t out_addr, ext_addr, in_addr;
1406 u32 out_port, ext_port;
1408 snat_det_session_t *ses;
1409 snat_det_out_key_t key;
1410 clib_error_t *error = 0;
1412 if (!sm->deterministic)
1413 return clib_error_return (0, SUPPORTED_ONLY_IN_DET_MODE_STR);
1415 /* Get a line of input. */
1416 if (!unformat_user (input, unformat_line_input, line_input))
1419 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1421 if (unformat (line_input, "%U:%d %U:%d",
1422 unformat_ip4_address, &out_addr, &out_port,
1423 unformat_ip4_address, &ext_addr, &ext_port))
1427 error = clib_error_return (0, "unknown input '%U'",
1428 format_unformat_error, line_input);
1433 unformat_free (line_input);
1435 dm = snat_det_map_by_out (sm, &out_addr);
1437 vlib_cli_output (vm, "no match");
1440 snat_det_reverse (dm, &ext_addr, (u16) out_port, &in_addr);
1441 key.ext_host_addr = out_addr;
1442 key.ext_host_port = ntohs ((u16) ext_port);
1443 key.out_port = ntohs ((u16) out_port);
1444 ses = snat_det_get_ses_by_out (dm, &out_addr, key.as_u64);
1446 vlib_cli_output (vm, "no match");
1448 snat_det_ses_close (dm, ses);
1452 unformat_free (line_input);
1457 static clib_error_t *
1458 snat_det_close_session_in_fn (vlib_main_t * vm,
1459 unformat_input_t * input,
1460 vlib_cli_command_t * cmd)
1462 snat_main_t *sm = &snat_main;
1463 unformat_input_t _line_input, *line_input = &_line_input;
1464 ip4_address_t in_addr, ext_addr;
1465 u32 in_port, ext_port;
1467 snat_det_session_t *ses;
1468 snat_det_out_key_t key;
1469 clib_error_t *error = 0;
1471 if (!sm->deterministic)
1472 return clib_error_return (0, SUPPORTED_ONLY_IN_DET_MODE_STR);
1474 /* Get a line of input. */
1475 if (!unformat_user (input, unformat_line_input, line_input))
1478 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1480 if (unformat (line_input, "%U:%d %U:%d",
1481 unformat_ip4_address, &in_addr, &in_port,
1482 unformat_ip4_address, &ext_addr, &ext_port))
1486 error = clib_error_return (0, "unknown input '%U'",
1487 format_unformat_error, line_input);
1492 unformat_free (line_input);
1494 dm = snat_det_map_by_user (sm, &in_addr);
1496 vlib_cli_output (vm, "no match");
1499 key.ext_host_addr = ext_addr;
1500 key.ext_host_port = ntohs ((u16) ext_port);
1502 snat_det_find_ses_by_in (dm, &in_addr, ntohs ((u16) in_port), key);
1504 vlib_cli_output (vm, "no match");
1506 snat_det_ses_close (dm, ses);
1510 unformat_free (line_input);
1518 * @cliexstart{set snat workers}
1519 * Set NAT workers if 2 or more workers available, use:
1520 * vpp# set snat workers 0-2,5
1523 VLIB_CLI_COMMAND (set_workers_command, static) = {
1524 .path = "set nat workers",
1525 .function = set_workers_command_fn,
1526 .short_help = "set nat workers <workers-list>",
1531 * @cliexstart{show nat workers}
1533 * vpp# show nat workers:
1539 VLIB_CLI_COMMAND (nat_show_workers_command, static) = {
1540 .path = "show nat workers",
1541 .short_help = "show nat workers",
1542 .function = nat_show_workers_commnad_fn,
1547 * @cliexstart{snat ipfix logging}
1548 * To enable NAT IPFIX logging use:
1549 * vpp# nat ipfix logging
1550 * To set IPFIX exporter use:
1551 * vpp# set ipfix exporter collector 10.10.10.3 src 10.10.10.1
1554 VLIB_CLI_COMMAND (snat_ipfix_logging_enable_disable_command, static) = {
1555 .path = "nat ipfix logging",
1556 .function = snat_ipfix_logging_enable_disable_command_fn,
1557 .short_help = "nat ipfix logging [domain <domain-id>] [src-port <port>] [disable]",
1562 * @cliexstart{nat addr-port-assignment-alg}
1563 * Set address and port assignment algorithm
1564 * For the MAP-E CE limit port choice based on PSID use:
1565 * vpp# nat addr-port-assignment-alg map-e psid 10 psid-offset 6 psid-len 6
1566 * To set standard (default) address and port assignment algorithm use:
1567 * vpp# nat addr-port-assignment-alg default
1570 VLIB_CLI_COMMAND (nat44_set_alloc_addr_and_port_alg_command, static) = {
1571 .path = "nat addr-port-assignment-alg",
1572 .short_help = "nat addr-port-assignment-alg <alg-name> [<alg-params>]",
1573 .function = nat44_set_alloc_addr_and_port_alg_command_fn,
1578 * @cliexstart{show nat44 hash tables}
1579 * Show NAT44 hash tables
1582 VLIB_CLI_COMMAND (nat44_show_hash, static) = {
1583 .path = "show nat44 hash tables",
1584 .short_help = "show nat44 hash tables [detail|verbose]",
1585 .function = nat44_show_hash_commnad_fn,
1590 * @cliexstart{nat44 add address}
1591 * Add/delete NAT44 pool address.
1592 * To add NAT44 pool address use:
1593 * vpp# nat44 add address 172.16.1.3
1594 * vpp# nat44 add address 172.16.2.2 - 172.16.2.24
1595 * To add NAT44 pool address for specific tenant (identified by VRF id) use:
1596 * vpp# nat44 add address 172.16.1.3 tenant-vrf 10
1599 VLIB_CLI_COMMAND (add_address_command, static) = {
1600 .path = "nat44 add address",
1601 .short_help = "nat44 add address <ip4-range-start> [- <ip4-range-end>] "
1602 "[tenant-vrf <vrf-id>] [twice-nat] [del]",
1603 .function = add_address_command_fn,
1608 * @cliexstart{show nat44 addresses}
1609 * Show NAT44 pool addresses.
1610 * vpp# show nat44 addresses
1611 * NAT44 pool addresses:
1613 * tenant VRF independent
1622 * NAT44 twice-nat pool addresses:
1624 * tenant VRF independent
1630 VLIB_CLI_COMMAND (nat44_show_addresses_command, static) = {
1631 .path = "show nat44 addresses",
1632 .short_help = "show nat44 addresses",
1633 .function = nat44_show_addresses_command_fn,
1638 * @cliexstart{set interface nat44}
1639 * Enable/disable NAT44 feature on the interface.
1640 * To enable NAT44 feature with local network interface use:
1641 * vpp# set interface nat44 in GigabitEthernet0/8/0
1642 * To enable NAT44 feature with external network interface use:
1643 * vpp# set interface nat44 out GigabitEthernet0/a/0
1646 VLIB_CLI_COMMAND (set_interface_snat_command, static) = {
1647 .path = "set interface nat44",
1648 .function = snat_feature_command_fn,
1649 .short_help = "set interface nat44 in <intfc> out <intfc> [output-feature] "
1655 * @cliexstart{show nat44 interfaces}
1656 * Show interfaces with NAT44 feature.
1657 * vpp# show nat44 interfaces
1659 * GigabitEthernet0/8/0 in
1660 * GigabitEthernet0/a/0 out
1663 VLIB_CLI_COMMAND (nat44_show_interfaces_command, static) = {
1664 .path = "show nat44 interfaces",
1665 .short_help = "show nat44 interfaces",
1666 .function = nat44_show_interfaces_command_fn,
1671 * @cliexstart{nat44 add static mapping}
1672 * Static mapping allows hosts on the external network to initiate connection
1673 * to to the local network host.
1674 * To create static mapping between local host address 10.0.0.3 port 6303 and
1675 * external address 4.4.4.4 port 3606 for TCP protocol use:
1676 * vpp# nat44 add static mapping tcp local 10.0.0.3 6303 external 4.4.4.4 3606
1677 * If not runnig "static mapping only" NAT plugin mode use before:
1678 * vpp# nat44 add address 4.4.4.4
1679 * To create static mapping between local and external address use:
1680 * vpp# nat44 add static mapping local 10.0.0.3 external 4.4.4.4
1683 VLIB_CLI_COMMAND (add_static_mapping_command, static) = {
1684 .path = "nat44 add static mapping",
1685 .function = add_static_mapping_command_fn,
1687 "nat44 add static mapping tcp|udp|icmp local <addr> [<port>] "
1688 "external <addr> [<port>] [vrf <table-id>] [twice-nat|self-twice-nat] "
1689 "[out2in-only] [del]",
1694 * @cliexstart{nat44 add identity mapping}
1695 * Identity mapping translate an IP address to itself.
1696 * To create identity mapping for address 10.0.0.3 port 6303 for TCP protocol
1698 * vpp# nat44 add identity mapping 10.0.0.3 tcp 6303
1699 * To create identity mapping for address 10.0.0.3 use:
1700 * vpp# nat44 add identity mapping 10.0.0.3
1701 * To create identity mapping for DHCP addressed interface use:
1702 * vpp# nat44 add identity mapping GigabitEthernet0/a/0 tcp 3606
1705 VLIB_CLI_COMMAND (add_identity_mapping_command, static) = {
1706 .path = "nat44 add identity mapping",
1707 .function = add_identity_mapping_command_fn,
1708 .short_help = "nat44 add identity mapping <interface>|<ip4-addr> "
1709 "[<protocol> <port>] [vrf <table-id>] [del]",
1714 * @cliexstart{nat44 add load-balancing static mapping}
1715 * Service load balancing using NAT44
1716 * To add static mapping with load balancing for service with external IP
1717 * address 1.2.3.4 and TCP port 80 and mapped to 2 local servers
1718 * 10.100.10.10:8080 and 10.100.10.20:8080 with probability 80% resp. 20% use:
1719 * vpp# nat44 add load-balancing static mapping protocol tcp external 1.2.3.4:80 local 10.100.10.10:8080 probability 80 local 10.100.10.20:8080 probability 20
1722 VLIB_CLI_COMMAND (add_lb_static_mapping_command, static) = {
1723 .path = "nat44 add load-balancing static mapping",
1724 .function = add_lb_static_mapping_command_fn,
1726 "nat44 add load-balancing static mapping protocol tcp|udp "
1727 "external <addr>:<port> local <addr>:<port> [vrf <table-id>] "
1728 "probability <n> [twice-nat|self-twice-nat] [out2in-only] [del]",
1733 * @cliexstart{show nat44 static mappings}
1734 * Show NAT44 static mappings.
1735 * vpp# show nat44 static mappings
1736 * NAT44 static mappings:
1737 * local 10.0.0.3 external 4.4.4.4 vrf 0
1738 * tcp local 192.168.0.4:6303 external 4.4.4.3:3606 vrf 0
1739 * tcp vrf 0 external 1.2.3.4:80 out2in-only
1740 * local 10.100.10.10:8080 probability 80
1741 * local 10.100.10.20:8080 probability 20
1742 * tcp local 10.100.3.8:8080 external 169.10.10.1:80 vrf 0 twice-nat
1743 * tcp local 10.0.0.10:3603 external GigabitEthernet0/a/0:6306 vrf 10
1746 VLIB_CLI_COMMAND (nat44_show_static_mappings_command, static) = {
1747 .path = "show nat44 static mappings",
1748 .short_help = "show nat44 static mappings",
1749 .function = nat44_show_static_mappings_command_fn,
1754 * @cliexstart{nat44 add interface address}
1755 * Use NAT44 pool address from specific interfce
1756 * To add NAT44 pool address from specific interface use:
1757 * vpp# nat44 add interface address GigabitEthernet0/8/0
1760 VLIB_CLI_COMMAND (snat_add_interface_address_command, static) = {
1761 .path = "nat44 add interface address",
1762 .short_help = "nat44 add interface address <interface> [twice-nat] [del]",
1763 .function = snat_add_interface_address_command_fn,
1768 * @cliexstart{show nat44 interface address}
1769 * Show NAT44 pool address interfaces
1770 * vpp# show nat44 interface address
1771 * NAT44 pool address interfaces:
1772 * GigabitEthernet0/a/0
1773 * NAT44 twice-nat pool address interfaces:
1774 * GigabitEthernet0/8/0
1777 VLIB_CLI_COMMAND (nat44_show_interface_address_command, static) = {
1778 .path = "show nat44 interface address",
1779 .short_help = "show nat44 interface address",
1780 .function = nat44_show_interface_address_command_fn,
1785 * @cliexstart{show nat44 sessions}
1786 * Show NAT44 sessions.
1789 VLIB_CLI_COMMAND (nat44_show_sessions_command, static) = {
1790 .path = "show nat44 sessions",
1791 .short_help = "show nat44 sessions [detail]",
1792 .function = nat44_show_sessions_command_fn,
1797 * @cliexstart{nat44 del session}
1798 * To administratively delete NAT44 session by inside address and port use:
1799 * vpp# nat44 del session in 10.0.0.3:6303 tcp
1800 * To administratively delete NAT44 session by outside address and port use:
1801 * vpp# nat44 del session out 1.0.0.3:6033 udp
1804 VLIB_CLI_COMMAND (nat44_del_session_command, static) = {
1805 .path = "nat44 del session",
1806 .short_help = "nat44 del session in|out <addr>:<port> tcp|udp|icmp [vrf <id>] [external-host <addr>:<port>]",
1807 .function = nat44_del_session_command_fn,
1812 * @cliexstart{nat44 forwarding}
1813 * Enable or disable forwarding
1814 * Forward packets which don't match existing translation
1815 * or static mapping instead of dropping them.
1816 * To enable forwarding, use:
1817 * vpp# nat44 forwarding enable
1818 * To disable forwarding, use:
1819 * vpp# nat44 forwarding disable
1822 VLIB_CLI_COMMAND (snat_forwarding_set_command, static) = {
1823 .path = "nat44 forwarding",
1824 .short_help = "nat44 forwarding enable|disable",
1825 .function = snat_forwarding_set_command_fn,
1830 * @cliexstart{nat44 deterministic add}
1831 * Create bijective mapping of inside address to outside address and port range
1832 * pairs, with the purpose of enabling deterministic NAT to reduce logging in
1834 * To create deterministic mapping between inside network 10.0.0.0/18 and
1835 * outside network 1.1.1.0/30 use:
1836 * # vpp# nat44 deterministic add in 10.0.0.0/18 out 1.1.1.0/30
1839 VLIB_CLI_COMMAND (snat_det_map_command, static) = {
1840 .path = "nat44 deterministic add",
1841 .short_help = "nat44 deterministic add in <addr>/<plen> out <addr>/<plen> [del]",
1842 .function = snat_det_map_command_fn,
1847 * @cliexpstart{show nat44 deterministic mappings}
1848 * Show NAT44 deterministic mappings
1849 * vpp# show nat44 deterministic mappings
1850 * NAT44 deterministic mappings:
1851 * in 10.0.0.0/24 out 1.1.1.1/32
1852 * outside address sharing ratio: 256
1853 * number of ports per inside host: 252
1854 * sessions number: 0
1857 VLIB_CLI_COMMAND (nat44_det_show_mappings_command, static) = {
1858 .path = "show nat44 deterministic mappings",
1859 .short_help = "show nat44 deterministic mappings",
1860 .function = nat44_det_show_mappings_command_fn,
1865 * @cliexstart{nat44 deterministic forward}
1866 * Return outside address and port range from inside address for deterministic
1868 * To obtain outside address and port of inside host use:
1869 * vpp# nat44 deterministic forward 10.0.0.2
1870 * 1.1.1.0:<1054-1068>
1873 VLIB_CLI_COMMAND (snat_det_forward_command, static) = {
1874 .path = "nat44 deterministic forward",
1875 .short_help = "nat44 deterministic forward <addr>",
1876 .function = snat_det_forward_command_fn,
1881 * @cliexstart{nat44 deterministic reverse}
1882 * Return inside address from outside address and port for deterministic NAT.
1883 * To obtain inside host address from outside address and port use:
1884 * #vpp nat44 deterministic reverse 1.1.1.1:1276
1888 VLIB_CLI_COMMAND (snat_det_reverse_command, static) = {
1889 .path = "nat44 deterministic reverse",
1890 .short_help = "nat44 deterministic reverse <addr>:<port>",
1891 .function = snat_det_reverse_command_fn,
1896 * @cliexstart{set nat44 deterministic timeout}
1897 * Set values of timeouts for deterministic NAT (in seconds), use:
1898 * vpp# set nat44 deterministic timeout udp 120 tcp-established 7500
1899 * tcp-transitory 250 icmp 90
1900 * To reset default values use:
1901 * vpp# set nat44 deterministic timeout reset
1904 VLIB_CLI_COMMAND (set_timeout_command, static) = {
1905 .path = "set nat44 deterministic timeout",
1906 .function = set_timeout_command_fn,
1908 "set nat44 deterministic timeout [udp <sec> | tcp-established <sec> "
1909 "tcp-transitory <sec> | icmp <sec> | reset]",
1914 * @cliexstart{show nat44 deterministic timeouts}
1915 * Show values of timeouts for deterministic NAT.
1916 * vpp# show nat44 deterministic timeouts
1917 * udp timeout: 300sec
1918 * tcp-established timeout: 7440sec
1919 * tcp-transitory timeout: 240sec
1920 * icmp timeout: 60sec
1923 VLIB_CLI_COMMAND (nat44_det_show_timeouts_command, static) = {
1924 .path = "show nat44 deterministic timeouts",
1925 .short_help = "show nat44 deterministic timeouts",
1926 .function = nat44_det_show_timeouts_command_fn,
1931 * @cliexstart{show nat44 deterministic sessions}
1932 * Show NAT44 deterministic sessions.
1933 * vpp# show nat44 deterministic sessions
1934 * NAT44 deterministic sessions:
1935 * in 10.0.0.3:3005 out 1.1.1.2:1146 external host 172.16.1.2:3006 state: udp-active expire: 306
1936 * in 10.0.0.3:3000 out 1.1.1.2:1141 external host 172.16.1.2:3001 state: udp-active expire: 306
1937 * in 10.0.0.4:3005 out 1.1.1.2:1177 external host 172.16.1.2:3006 state: udp-active expire: 306
1940 VLIB_CLI_COMMAND (nat44_det_show_sessions_command, static) = {
1941 .path = "show nat44 deterministic sessions",
1942 .short_help = "show nat44 deterministic sessions",
1943 .function = nat44_det_show_sessions_command_fn,
1948 * @cliexstart{nat44 deterministic close session out}
1949 * Close session using outside ip address and port
1950 * and external ip address and port, use:
1951 * vpp# nat44 deterministic close session out 1.1.1.1:1276 2.2.2.2:2387
1954 VLIB_CLI_COMMAND (snat_det_close_sesion_out_command, static) = {
1955 .path = "nat44 deterministic close session out",
1956 .short_help = "nat44 deterministic close session out "
1957 "<out_addr>:<out_port> <ext_addr>:<ext_port>",
1958 .function = snat_det_close_session_out_fn,
1963 * @cliexstart{nat44 deterministic close session in}
1964 * Close session using inside ip address and port
1965 * and external ip address and port, use:
1966 * vpp# nat44 deterministic close session in 3.3.3.3:3487 2.2.2.2:2387
1969 VLIB_CLI_COMMAND (snat_det_close_session_in_command, static) = {
1970 .path = "nat44 deterministic close session in",
1971 .short_help = "nat44 deterministic close session in "
1972 "<in_addr>:<in_port> <ext_addr>:<ext_port>",
1973 .function = snat_det_close_session_in_fn,
1979 * fd.io coding-style-patch-verification: ON
1982 * eval: (c-set-style "gnu")
Code Review / vpp.git / blob