2 * Copyright (c) 2018 Cisco and/or its affiliates.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at:
7 * http://www.apache.org/licenses/LICENSE-2.0
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
21 #include <nat/nat_ipfix_logging.h>
22 #include <nat/nat_det.h>
23 #include <nat/nat64.h>
24 #include <nat/nat_inlines.h>
25 #include <nat/nat44/inlines.h>
26 #include <nat/nat_affinity.h>
27 #include <vnet/fib/fib_table.h>
28 #include <nat/nat_ha.h>
30 #define UNSUPPORTED_IN_DET_MODE_STR \
31 "This command is unsupported in deterministic mode"
32 #define SUPPORTED_ONLY_IN_DET_MODE_STR \
33 "This command is supported only in deterministic mode"
36 set_workers_command_fn (vlib_main_t * vm,
37 unformat_input_t * input, vlib_cli_command_t * cmd)
39 unformat_input_t _line_input, *line_input = &_line_input;
40 snat_main_t *sm = &snat_main;
43 clib_error_t *error = 0;
45 if (sm->deterministic)
46 return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
48 /* Get a line of input. */
49 if (!unformat_user (input, unformat_line_input, line_input))
52 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
54 if (unformat (line_input, "%U", unformat_bitmap_list, &bitmap))
58 error = clib_error_return (0, "unknown input '%U'",
59 format_unformat_error, line_input);
66 error = clib_error_return (0, "List of workers must be specified.");
70 rv = snat_set_workers (bitmap);
72 clib_bitmap_free (bitmap);
76 case VNET_API_ERROR_INVALID_WORKER:
77 error = clib_error_return (0, "Invalid worker(s).");
79 case VNET_API_ERROR_FEATURE_DISABLED:
80 error = clib_error_return (0,
81 "Supported only if 2 or more workes available.");
88 unformat_free (line_input);
94 nat_show_workers_commnad_fn (vlib_main_t * vm, unformat_input_t * input,
95 vlib_cli_command_t * cmd)
97 snat_main_t *sm = &snat_main;
100 if (sm->deterministic)
101 return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
103 if (sm->num_workers > 1)
105 vlib_cli_output (vm, "%d workers", vec_len (sm->workers));
107 vec_foreach (worker, sm->workers)
109 vlib_worker_thread_t *w =
110 vlib_worker_threads + *worker + sm->first_worker_index;
111 vlib_cli_output (vm, " %s", w->name);
119 static clib_error_t *
120 snat_set_log_level_command_fn (vlib_main_t * vm,
121 unformat_input_t * input,
122 vlib_cli_command_t * cmd)
124 unformat_input_t _line_input, *line_input = &_line_input;
125 snat_main_t *sm = &snat_main;
126 u8 log_level = SNAT_LOG_NONE;
127 clib_error_t *error = 0;
129 /* Get a line of input. */
130 if (!unformat_user (input, unformat_line_input, line_input))
133 if (!unformat (line_input, "%d", &log_level))
135 error = clib_error_return (0, "unknown input '%U'",
136 format_unformat_error, line_input);
139 if (log_level > SNAT_LOG_DEBUG)
141 error = clib_error_return (0, "unknown logging level '%d'", log_level);
144 sm->log_level = log_level;
147 unformat_free (line_input);
152 static clib_error_t *
153 snat_ipfix_logging_enable_disable_command_fn (vlib_main_t * vm,
154 unformat_input_t * input,
155 vlib_cli_command_t * cmd)
157 unformat_input_t _line_input, *line_input = &_line_input;
162 clib_error_t *error = 0;
164 /* Get a line of input. */
165 if (!unformat_user (input, unformat_line_input, line_input))
167 rv = snat_ipfix_logging_enable_disable (enable, domain_id,
170 return clib_error_return (0, "ipfix logging enable failed");
174 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
176 if (unformat (line_input, "domain %d", &domain_id))
178 else if (unformat (line_input, "src-port %d", &src_port))
180 else if (unformat (line_input, "disable"))
184 error = clib_error_return (0, "unknown input '%U'",
185 format_unformat_error, line_input);
190 rv = snat_ipfix_logging_enable_disable (enable, domain_id, (u16) src_port);
194 error = clib_error_return (0, "ipfix logging enable failed");
199 unformat_free (line_input);
204 static clib_error_t *
205 nat44_show_hash_commnad_fn (vlib_main_t * vm, unformat_input_t * input,
206 vlib_cli_command_t * cmd)
208 snat_main_t *sm = &snat_main;
209 snat_main_per_thread_data_t *tsm;
210 nat_affinity_main_t *nam = &nat_affinity_main;
214 if (unformat (input, "detail"))
216 else if (unformat (input, "verbose"))
219 vlib_cli_output (vm, "%U", format_bihash_8_8, &sm->static_mapping_by_local,
221 vlib_cli_output (vm, "%U",
222 format_bihash_8_8, &sm->static_mapping_by_external,
224 vec_foreach_index (i, sm->per_thread_data)
226 tsm = vec_elt_at_index (sm->per_thread_data, i);
227 vlib_cli_output (vm, "-------- thread %d %s --------\n",
228 i, vlib_worker_threads[i].name);
229 if (sm->endpoint_dependent)
231 vlib_cli_output (vm, "%U", format_bihash_16_8, &tsm->in2out_ed,
233 vlib_cli_output (vm, "%U", format_bihash_16_8, &tsm->out2in_ed,
238 vlib_cli_output (vm, "%U", format_bihash_8_8, &tsm->in2out, verbose);
239 vlib_cli_output (vm, "%U", format_bihash_8_8, &tsm->out2in, verbose);
241 vlib_cli_output (vm, "%U", format_bihash_8_8, &tsm->user_hash, verbose);
244 if (sm->endpoint_dependent)
246 vlib_cli_output (vm, "%U", format_bihash_16_8, &nam->affinity_hash,
252 static clib_error_t *
253 nat44_set_alloc_addr_and_port_alg_command_fn (vlib_main_t * vm,
254 unformat_input_t * input,
255 vlib_cli_command_t * cmd)
257 unformat_input_t _line_input, *line_input = &_line_input;
258 snat_main_t *sm = &snat_main;
259 clib_error_t *error = 0;
260 u32 psid, psid_offset, psid_length, port_start, port_end;
262 if (sm->deterministic)
263 return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
265 /* Get a line of input. */
266 if (!unformat_user (input, unformat_line_input, line_input))
269 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
271 if (unformat (line_input, "default"))
272 nat_set_alloc_addr_and_port_default ();
275 (line_input, "map-e psid %d psid-offset %d psid-len %d", &psid,
276 &psid_offset, &psid_length))
277 nat_set_alloc_addr_and_port_mape ((u16) psid, (u16) psid_offset,
281 (line_input, "port-range %d - %d", &port_start, &port_end))
283 if (port_end <= port_start)
286 clib_error_return (0,
287 "The end-port must be greater than start-port");
290 nat_set_alloc_addr_and_port_range ((u16) port_start,
295 error = clib_error_return (0, "unknown input '%U'",
296 format_unformat_error, line_input);
302 unformat_free (line_input);
307 static clib_error_t *
308 nat44_show_alloc_addr_and_port_alg_command_fn (vlib_main_t * vm,
309 unformat_input_t * input,
310 vlib_cli_command_t * cmd)
312 snat_main_t *sm = &snat_main;
314 if (sm->deterministic)
315 return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
317 vlib_cli_output (vm, "NAT address and port: %U",
318 format_nat_addr_and_port_alloc_alg,
319 sm->addr_and_port_alloc_alg);
320 switch (sm->addr_and_port_alloc_alg)
322 case NAT_ADDR_AND_PORT_ALLOC_ALG_MAPE:
323 vlib_cli_output (vm, " psid %d psid-offset %d psid-len %d", sm->psid,
324 sm->psid_offset, sm->psid_length);
326 case NAT_ADDR_AND_PORT_ALLOC_ALG_RANGE:
327 vlib_cli_output (vm, " start-port %d end-port %d", sm->start_port,
337 static clib_error_t *
338 nat_set_mss_clamping_command_fn (vlib_main_t * vm, unformat_input_t * input,
339 vlib_cli_command_t * cmd)
341 unformat_input_t _line_input, *line_input = &_line_input;
342 snat_main_t *sm = &snat_main;
343 clib_error_t *error = 0;
346 /* Get a line of input. */
347 if (!unformat_user (input, unformat_line_input, line_input))
350 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
352 if (unformat (line_input, "disable"))
353 sm->mss_clamping = 0;
354 else if (unformat (line_input, "%d", &mss))
356 sm->mss_clamping = (u16) mss;
357 sm->mss_value_net = clib_host_to_net_u16 (sm->mss_clamping);
361 error = clib_error_return (0, "unknown input '%U'",
362 format_unformat_error, line_input);
368 unformat_free (line_input);
373 static clib_error_t *
374 nat_show_mss_clamping_command_fn (vlib_main_t * vm, unformat_input_t * input,
375 vlib_cli_command_t * cmd)
377 snat_main_t *sm = &snat_main;
379 if (sm->mss_clamping)
380 vlib_cli_output (vm, "mss-clamping %d", sm->mss_clamping);
382 vlib_cli_output (vm, "mss-clamping disabled");
387 static clib_error_t *
388 nat_ha_failover_command_fn (vlib_main_t * vm, unformat_input_t * input,
389 vlib_cli_command_t * cmd)
391 unformat_input_t _line_input, *line_input = &_line_input;
393 u32 port, session_refresh_interval = 10;
395 clib_error_t *error = 0;
397 /* Get a line of input. */
398 if (!unformat_user (input, unformat_line_input, line_input))
401 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
403 if (unformat (line_input, "%U:%u", unformat_ip4_address, &addr, &port))
407 (line_input, "refresh-interval %u", &session_refresh_interval))
411 error = clib_error_return (0, "unknown input '%U'",
412 format_unformat_error, line_input);
417 rv = nat_ha_set_failover (&addr, (u16) port, session_refresh_interval);
419 error = clib_error_return (0, "set HA failover failed");
422 unformat_free (line_input);
427 static clib_error_t *
428 nat_ha_listener_command_fn (vlib_main_t * vm, unformat_input_t * input,
429 vlib_cli_command_t * cmd)
431 unformat_input_t _line_input, *line_input = &_line_input;
433 u32 port, path_mtu = 512;
435 clib_error_t *error = 0;
437 /* Get a line of input. */
438 if (!unformat_user (input, unformat_line_input, line_input))
441 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
443 if (unformat (line_input, "%U:%u", unformat_ip4_address, &addr, &port))
445 else if (unformat (line_input, "path-mtu %u", &path_mtu))
449 error = clib_error_return (0, "unknown input '%U'",
450 format_unformat_error, line_input);
455 rv = nat_ha_set_listener (&addr, (u16) port, path_mtu);
457 error = clib_error_return (0, "set HA listener failed");
460 unformat_free (line_input);
465 static clib_error_t *
466 nat_show_ha_command_fn (vlib_main_t * vm, unformat_input_t * input,
467 vlib_cli_command_t * cmd)
471 u32 path_mtu, session_refresh_interval, resync_ack_missed;
474 nat_ha_get_listener (&addr, &port, &path_mtu);
477 vlib_cli_output (vm, "NAT HA disabled\n");
481 vlib_cli_output (vm, "LISTENER:\n");
482 vlib_cli_output (vm, " %U:%u path-mtu %u\n",
483 format_ip4_address, &addr, port, path_mtu);
485 nat_ha_get_failover (&addr, &port, &session_refresh_interval);
486 vlib_cli_output (vm, "FAILOVER:\n");
488 vlib_cli_output (vm, " %U:%u refresh-interval %usec\n",
489 format_ip4_address, &addr, port,
490 session_refresh_interval);
492 vlib_cli_output (vm, " NA\n");
494 nat_ha_get_resync_status (&in_resync, &resync_ack_missed);
495 vlib_cli_output (vm, "RESYNC:\n");
497 vlib_cli_output (vm, " in progress\n");
499 vlib_cli_output (vm, " completed (%d ACK missed)\n", resync_ack_missed);
504 static clib_error_t *
505 nat_ha_flush_command_fn (vlib_main_t * vm, unformat_input_t * input,
506 vlib_cli_command_t * cmd)
512 static clib_error_t *
513 nat_ha_resync_command_fn (vlib_main_t * vm, unformat_input_t * input,
514 vlib_cli_command_t * cmd)
516 clib_error_t *error = 0;
518 if (nat_ha_resync (0, 0, 0))
519 error = clib_error_return (0, "NAT HA resync already running");
524 static clib_error_t *
525 add_address_command_fn (vlib_main_t * vm,
526 unformat_input_t * input, vlib_cli_command_t * cmd)
528 unformat_input_t _line_input, *line_input = &_line_input;
529 snat_main_t *sm = &snat_main;
530 ip4_address_t start_addr, end_addr, this_addr;
531 u32 start_host_order, end_host_order;
536 clib_error_t *error = 0;
539 if (sm->deterministic)
540 return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
542 /* Get a line of input. */
543 if (!unformat_user (input, unformat_line_input, line_input))
546 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
548 if (unformat (line_input, "%U - %U",
549 unformat_ip4_address, &start_addr,
550 unformat_ip4_address, &end_addr))
552 else if (unformat (line_input, "tenant-vrf %u", &vrf_id))
554 else if (unformat (line_input, "%U", unformat_ip4_address, &start_addr))
555 end_addr = start_addr;
556 else if (unformat (line_input, "twice-nat"))
558 else if (unformat (line_input, "del"))
562 error = clib_error_return (0, "unknown input '%U'",
563 format_unformat_error, line_input);
568 if (sm->static_mapping_only)
570 error = clib_error_return (0, "static mapping only mode");
574 start_host_order = clib_host_to_net_u32 (start_addr.as_u32);
575 end_host_order = clib_host_to_net_u32 (end_addr.as_u32);
577 if (end_host_order < start_host_order)
579 error = clib_error_return (0, "end address less than start address");
583 count = (end_host_order - start_host_order) + 1;
586 nat_log_info ("%U - %U, %d addresses...",
587 format_ip4_address, &start_addr,
588 format_ip4_address, &end_addr, count);
590 this_addr = start_addr;
592 for (i = 0; i < count; i++)
595 rv = snat_add_address (sm, &this_addr, vrf_id, twice_nat);
597 rv = snat_del_address (sm, this_addr, 0, twice_nat);
601 case VNET_API_ERROR_VALUE_EXIST:
602 error = clib_error_return (0, "NAT address already in use.");
604 case VNET_API_ERROR_NO_SUCH_ENTRY:
605 error = clib_error_return (0, "NAT address not exist.");
607 case VNET_API_ERROR_UNSPECIFIED:
609 clib_error_return (0, "NAT address used in static mapping.");
611 case VNET_API_ERROR_FEATURE_DISABLED:
613 clib_error_return (0,
614 "twice NAT available only for endpoint-dependent mode.");
621 nat44_add_del_address_dpo (this_addr, is_add);
623 increment_v4_address (&this_addr);
627 unformat_free (line_input);
632 static clib_error_t *
633 nat44_show_summary_command_fn (vlib_main_t * vm, unformat_input_t * input,
634 vlib_cli_command_t * cmd)
636 snat_main_per_thread_data_t *tsm;
637 snat_main_t *sm = &snat_main;
640 if (sm->deterministic || !sm->endpoint_dependent)
641 return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
643 // print session configuration values
644 vlib_cli_output (vm, "max translations: %u", sm->max_translations);
645 vlib_cli_output (vm, "max translations per user: %u",
646 sm->max_translations_per_user);
650 u64 now = vlib_time_now (sm->vlib_main);
651 u64 sess_timeout_time;
653 u32 udp_sessions = 0;
654 u32 tcp_sessions = 0;
655 u32 icmp_sessions = 0;
659 u32 transitory_wait_closed = 0;
660 u32 transitory_closed = 0;
663 if (sm->num_workers > 1)
666 vec_foreach (tsm, sm->per_thread_data)
668 pool_foreach (s, tsm->sessions,
670 sess_timeout_time = s->last_heard +
671 (f64) nat44_session_get_timeout (sm, s);
672 if (now >= sess_timeout_time)
675 switch (s->in2out.protocol)
677 case SNAT_PROTOCOL_ICMP:
680 case SNAT_PROTOCOL_TCP:
684 if (s->tcp_close_timestamp)
686 if (now >= s->tcp_close_timestamp)
692 ++transitory_wait_closed;
700 case SNAT_PROTOCOL_UDP:
706 count += pool_elts (tsm->sessions);
712 tsm = vec_elt_at_index (sm->per_thread_data, sm->num_workers);
714 pool_foreach (s, tsm->sessions,
716 sess_timeout_time = s->last_heard +
717 (f64) nat44_session_get_timeout (sm, s);
718 if (now >= sess_timeout_time)
721 switch (s->in2out.protocol)
723 case SNAT_PROTOCOL_ICMP:
726 case SNAT_PROTOCOL_TCP:
730 if (s->tcp_close_timestamp)
732 if (now >= s->tcp_close_timestamp)
738 ++transitory_wait_closed;
746 case SNAT_PROTOCOL_UDP:
753 count = pool_elts (tsm->sessions);
756 vlib_cli_output (vm, "total timed out sessions: %u", timed_out);
757 vlib_cli_output (vm, "total sessions: %u", count);
758 vlib_cli_output (vm, "total tcp sessions: %u", tcp_sessions);
759 vlib_cli_output (vm, "total tcp established sessions: %u", established);
760 vlib_cli_output (vm, "total tcp transitory sessions: %u", transitory);
761 vlib_cli_output (vm, "total tcp transitory (WAIT-CLOSED) sessions: %u",
762 transitory_wait_closed);
763 vlib_cli_output (vm, "total tcp transitory (CLOSED) sessions: %u",
765 vlib_cli_output (vm, "total udp sessions: %u", udp_sessions);
766 vlib_cli_output (vm, "total icmp sessions: %u", icmp_sessions);
770 static clib_error_t *
771 nat44_show_addresses_command_fn (vlib_main_t * vm, unformat_input_t * input,
772 vlib_cli_command_t * cmd)
774 snat_main_t *sm = &snat_main;
777 if (sm->deterministic)
778 return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
780 vlib_cli_output (vm, "NAT44 pool addresses:");
782 vec_foreach (ap, sm->addresses)
784 vlib_cli_output (vm, "%U", format_ip4_address, &ap->addr);
785 if (ap->fib_index != ~0)
786 vlib_cli_output (vm, " tenant VRF: %u",
787 fib_table_get(ap->fib_index, FIB_PROTOCOL_IP4)->ft_table_id);
789 vlib_cli_output (vm, " tenant VRF independent");
790 #define _(N, i, n, s) \
791 vlib_cli_output (vm, " %d busy %s ports", ap->busy_##n##_ports, s);
792 foreach_snat_protocol
795 vlib_cli_output (vm, "NAT44 twice-nat pool addresses:");
796 vec_foreach (ap, sm->twice_nat_addresses)
798 vlib_cli_output (vm, "%U", format_ip4_address, &ap->addr);
799 if (ap->fib_index != ~0)
800 vlib_cli_output (vm, " tenant VRF: %u",
801 fib_table_get(ap->fib_index, FIB_PROTOCOL_IP4)->ft_table_id);
803 vlib_cli_output (vm, " tenant VRF independent");
804 #define _(N, i, n, s) \
805 vlib_cli_output (vm, " %d busy %s ports", ap->busy_##n##_ports, s);
806 foreach_snat_protocol
813 static clib_error_t *
814 snat_feature_command_fn (vlib_main_t * vm,
815 unformat_input_t * input, vlib_cli_command_t * cmd)
817 unformat_input_t _line_input, *line_input = &_line_input;
818 vnet_main_t *vnm = vnet_get_main ();
819 clib_error_t *error = 0;
821 u32 *inside_sw_if_indices = 0;
822 u32 *outside_sw_if_indices = 0;
823 u8 is_output_feature = 0;
829 /* Get a line of input. */
830 if (!unformat_user (input, unformat_line_input, line_input))
833 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
835 if (unformat (line_input, "in %U", unformat_vnet_sw_interface,
837 vec_add1 (inside_sw_if_indices, sw_if_index);
838 else if (unformat (line_input, "out %U", unformat_vnet_sw_interface,
840 vec_add1 (outside_sw_if_indices, sw_if_index);
841 else if (unformat (line_input, "output-feature"))
842 is_output_feature = 1;
843 else if (unformat (line_input, "del"))
847 error = clib_error_return (0, "unknown input '%U'",
848 format_unformat_error, line_input);
853 if (vec_len (inside_sw_if_indices))
855 for (i = 0; i < vec_len (inside_sw_if_indices); i++)
857 sw_if_index = inside_sw_if_indices[i];
858 if (is_output_feature)
860 if (snat_interface_add_del_output_feature
861 (sw_if_index, 1, is_del))
863 error = clib_error_return (0, "%s %U failed",
864 is_del ? "del" : "add",
865 format_vnet_sw_if_index_name,
872 if (snat_interface_add_del (sw_if_index, 1, is_del))
874 error = clib_error_return (0, "%s %U failed",
875 is_del ? "del" : "add",
876 format_vnet_sw_if_index_name,
884 if (vec_len (outside_sw_if_indices))
886 for (i = 0; i < vec_len (outside_sw_if_indices); i++)
888 sw_if_index = outside_sw_if_indices[i];
889 if (is_output_feature)
891 if (snat_interface_add_del_output_feature
892 (sw_if_index, 0, is_del))
894 error = clib_error_return (0, "%s %U failed",
895 is_del ? "del" : "add",
896 format_vnet_sw_if_index_name,
903 if (snat_interface_add_del (sw_if_index, 0, is_del))
905 error = clib_error_return (0, "%s %U failed",
906 is_del ? "del" : "add",
907 format_vnet_sw_if_index_name,
916 unformat_free (line_input);
917 vec_free (inside_sw_if_indices);
918 vec_free (outside_sw_if_indices);
923 static clib_error_t *
924 nat44_show_interfaces_command_fn (vlib_main_t * vm, unformat_input_t * input,
925 vlib_cli_command_t * cmd)
927 snat_main_t *sm = &snat_main;
929 vnet_main_t *vnm = vnet_get_main ();
931 vlib_cli_output (vm, "NAT44 interfaces:");
933 pool_foreach (i, sm->interfaces,
935 vlib_cli_output (vm, " %U %s", format_vnet_sw_if_index_name, vnm,
937 (nat_interface_is_inside(i) &&
938 nat_interface_is_outside(i)) ? "in out" :
939 (nat_interface_is_inside(i) ? "in" : "out"));
942 pool_foreach (i, sm->output_feature_interfaces,
944 vlib_cli_output (vm, " %U output-feature %s",
945 format_vnet_sw_if_index_name, vnm,
947 (nat_interface_is_inside(i) &&
948 nat_interface_is_outside(i)) ? "in out" :
949 (nat_interface_is_inside(i) ? "in" : "out"));
956 static clib_error_t *
957 add_static_mapping_command_fn (vlib_main_t * vm,
958 unformat_input_t * input,
959 vlib_cli_command_t * cmd)
961 unformat_input_t _line_input, *line_input = &_line_input;
962 snat_main_t *sm = &snat_main;
963 clib_error_t *error = 0;
964 ip4_address_t l_addr, e_addr;
965 u32 l_port = 0, e_port = 0, vrf_id = ~0;
968 u32 sw_if_index = ~0;
969 vnet_main_t *vnm = vnet_get_main ();
971 snat_protocol_t proto = ~0;
973 twice_nat_type_t twice_nat = TWICE_NAT_DISABLED;
976 if (sm->deterministic)
977 return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
979 /* Get a line of input. */
980 if (!unformat_user (input, unformat_line_input, line_input))
983 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
985 if (unformat (line_input, "local %U %u", unformat_ip4_address, &l_addr,
989 if (unformat (line_input, "local %U", unformat_ip4_address, &l_addr))
991 else if (unformat (line_input, "external %U %u", unformat_ip4_address,
994 else if (unformat (line_input, "external %U", unformat_ip4_address,
997 else if (unformat (line_input, "external %U %u",
998 unformat_vnet_sw_interface, vnm, &sw_if_index,
1002 else if (unformat (line_input, "external %U",
1003 unformat_vnet_sw_interface, vnm, &sw_if_index))
1005 else if (unformat (line_input, "vrf %u", &vrf_id))
1007 else if (unformat (line_input, "%U", unformat_snat_protocol, &proto))
1009 else if (unformat (line_input, "twice-nat"))
1010 twice_nat = TWICE_NAT;
1011 else if (unformat (line_input, "self-twice-nat"))
1012 twice_nat = TWICE_NAT_SELF;
1013 else if (unformat (line_input, "out2in-only"))
1015 else if (unformat (line_input, "del"))
1019 error = clib_error_return (0, "unknown input: '%U'",
1020 format_unformat_error, line_input);
1025 if (twice_nat && addr_only)
1027 error = clib_error_return (0, "twice NAT only for 1:1 NAPT");
1031 if (!addr_only && !proto_set)
1033 error = clib_error_return (0, "missing protocol");
1037 rv = snat_add_static_mapping (l_addr, e_addr, (u16) l_port, (u16) e_port,
1038 vrf_id, addr_only, sw_if_index, proto, is_add,
1039 twice_nat, out2in_only, 0, 0);
1043 case VNET_API_ERROR_INVALID_VALUE:
1044 error = clib_error_return (0, "External port already in use.");
1046 case VNET_API_ERROR_NO_SUCH_ENTRY:
1048 error = clib_error_return (0, "External address must be allocated.");
1050 error = clib_error_return (0, "Mapping not exist.");
1052 case VNET_API_ERROR_NO_SUCH_FIB:
1053 error = clib_error_return (0, "No such VRF id.");
1055 case VNET_API_ERROR_VALUE_EXIST:
1056 error = clib_error_return (0, "Mapping already exist.");
1058 case VNET_API_ERROR_FEATURE_DISABLED:
1060 clib_error_return (0,
1061 "twice-nat/out2in-only available only for endpoint-dependent mode.");
1068 unformat_free (line_input);
1073 static clib_error_t *
1074 add_identity_mapping_command_fn (vlib_main_t * vm,
1075 unformat_input_t * input,
1076 vlib_cli_command_t * cmd)
1078 unformat_input_t _line_input, *line_input = &_line_input;
1079 snat_main_t *sm = &snat_main;
1080 clib_error_t *error = 0;
1082 u32 port = 0, vrf_id = ~0;
1085 u32 sw_if_index = ~0;
1086 vnet_main_t *vnm = vnet_get_main ();
1088 snat_protocol_t proto;
1090 if (sm->deterministic)
1091 return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
1095 /* Get a line of input. */
1096 if (!unformat_user (input, unformat_line_input, line_input))
1099 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1101 if (unformat (line_input, "%U", unformat_ip4_address, &addr))
1103 else if (unformat (line_input, "external %U",
1104 unformat_vnet_sw_interface, vnm, &sw_if_index))
1106 else if (unformat (line_input, "vrf %u", &vrf_id))
1108 else if (unformat (line_input, "%U %u", unformat_snat_protocol, &proto,
1111 else if (unformat (line_input, "del"))
1115 error = clib_error_return (0, "unknown input: '%U'",
1116 format_unformat_error, line_input);
1121 rv = snat_add_static_mapping (addr, addr, (u16) port, (u16) port,
1122 vrf_id, addr_only, sw_if_index, proto, is_add,
1127 case VNET_API_ERROR_INVALID_VALUE:
1128 error = clib_error_return (0, "External port already in use.");
1130 case VNET_API_ERROR_NO_SUCH_ENTRY:
1132 error = clib_error_return (0, "External address must be allocated.");
1134 error = clib_error_return (0, "Mapping not exist.");
1136 case VNET_API_ERROR_NO_SUCH_FIB:
1137 error = clib_error_return (0, "No such VRF id.");
1139 case VNET_API_ERROR_VALUE_EXIST:
1140 error = clib_error_return (0, "Mapping already exist.");
1147 unformat_free (line_input);
1152 static clib_error_t *
1153 add_lb_static_mapping_command_fn (vlib_main_t * vm,
1154 unformat_input_t * input,
1155 vlib_cli_command_t * cmd)
1157 unformat_input_t _line_input, *line_input = &_line_input;
1158 snat_main_t *sm = &snat_main;
1159 clib_error_t *error = 0;
1160 ip4_address_t l_addr, e_addr;
1161 u32 l_port = 0, e_port = 0, vrf_id = 0, probability = 0, affinity = 0;
1164 snat_protocol_t proto;
1166 nat44_lb_addr_port_t *locals = 0, local;
1167 twice_nat_type_t twice_nat = TWICE_NAT_DISABLED;
1170 if (sm->deterministic)
1171 return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
1173 /* Get a line of input. */
1174 if (!unformat_user (input, unformat_line_input, line_input))
1177 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1179 if (unformat (line_input, "local %U:%u probability %u",
1180 unformat_ip4_address, &l_addr, &l_port, &probability))
1182 clib_memset (&local, 0, sizeof (local));
1183 local.addr = l_addr;
1184 local.port = (u16) l_port;
1185 local.probability = (u8) probability;
1186 vec_add1 (locals, local);
1188 else if (unformat (line_input, "local %U:%u vrf %u probability %u",
1189 unformat_ip4_address, &l_addr, &l_port, &vrf_id,
1192 clib_memset (&local, 0, sizeof (local));
1193 local.addr = l_addr;
1194 local.port = (u16) l_port;
1195 local.probability = (u8) probability;
1196 local.vrf_id = vrf_id;
1197 vec_add1 (locals, local);
1199 else if (unformat (line_input, "external %U:%u", unformat_ip4_address,
1202 else if (unformat (line_input, "protocol %U", unformat_snat_protocol,
1205 else if (unformat (line_input, "twice-nat"))
1206 twice_nat = TWICE_NAT;
1207 else if (unformat (line_input, "self-twice-nat"))
1208 twice_nat = TWICE_NAT_SELF;
1209 else if (unformat (line_input, "out2in-only"))
1211 else if (unformat (line_input, "del"))
1213 else if (unformat (line_input, "affinity %u", &affinity))
1217 error = clib_error_return (0, "unknown input: '%U'",
1218 format_unformat_error, line_input);
1223 if (vec_len (locals) < 2)
1225 error = clib_error_return (0, "at least two local must be set");
1231 error = clib_error_return (0, "missing protocol");
1235 rv = nat44_add_del_lb_static_mapping (e_addr, (u16) e_port, proto, locals,
1236 is_add, twice_nat, out2in_only, 0,
1241 case VNET_API_ERROR_INVALID_VALUE:
1242 error = clib_error_return (0, "External port already in use.");
1244 case VNET_API_ERROR_NO_SUCH_ENTRY:
1246 error = clib_error_return (0, "External address must be allocated.");
1248 error = clib_error_return (0, "Mapping not exist.");
1250 case VNET_API_ERROR_VALUE_EXIST:
1251 error = clib_error_return (0, "Mapping already exist.");
1253 case VNET_API_ERROR_FEATURE_DISABLED:
1255 clib_error_return (0, "Available only for endpoint-dependent mode.");
1262 unformat_free (line_input);
1268 static clib_error_t *
1269 add_lb_backend_command_fn (vlib_main_t * vm,
1270 unformat_input_t * input, vlib_cli_command_t * cmd)
1272 unformat_input_t _line_input, *line_input = &_line_input;
1273 snat_main_t *sm = &snat_main;
1274 clib_error_t *error = 0;
1275 ip4_address_t l_addr, e_addr;
1276 u32 l_port = 0, e_port = 0, vrf_id = 0, probability = 0;
1279 snat_protocol_t proto;
1282 if (sm->deterministic)
1283 return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
1285 /* Get a line of input. */
1286 if (!unformat_user (input, unformat_line_input, line_input))
1289 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1291 if (unformat (line_input, "local %U:%u probability %u",
1292 unformat_ip4_address, &l_addr, &l_port, &probability))
1294 else if (unformat (line_input, "local %U:%u vrf %u probability %u",
1295 unformat_ip4_address, &l_addr, &l_port, &vrf_id,
1298 else if (unformat (line_input, "external %U:%u", unformat_ip4_address,
1301 else if (unformat (line_input, "protocol %U", unformat_snat_protocol,
1304 else if (unformat (line_input, "del"))
1308 error = clib_error_return (0, "unknown input: '%U'",
1309 format_unformat_error, line_input);
1314 if (!l_port || !e_port)
1316 error = clib_error_return (0, "local or external must be set");
1322 error = clib_error_return (0, "missing protocol");
1327 nat44_lb_static_mapping_add_del_local (e_addr, (u16) e_port, l_addr,
1328 l_port, proto, vrf_id, probability,
1333 case VNET_API_ERROR_INVALID_VALUE:
1334 error = clib_error_return (0, "External is not load-balancing static "
1337 case VNET_API_ERROR_NO_SUCH_ENTRY:
1338 error = clib_error_return (0, "Mapping or back-end not exist.");
1340 case VNET_API_ERROR_VALUE_EXIST:
1341 error = clib_error_return (0, "Back-end already exist.");
1343 case VNET_API_ERROR_FEATURE_DISABLED:
1345 clib_error_return (0, "Available only for endpoint-dependent mode.");
1347 case VNET_API_ERROR_UNSPECIFIED:
1348 error = clib_error_return (0, "At least two back-ends must remain");
1355 unformat_free (line_input);
1360 static clib_error_t *
1361 nat44_show_static_mappings_command_fn (vlib_main_t * vm,
1362 unformat_input_t * input,
1363 vlib_cli_command_t * cmd)
1365 snat_main_t *sm = &snat_main;
1366 snat_static_mapping_t *m;
1367 snat_static_map_resolve_t *rp;
1369 if (sm->deterministic)
1370 return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
1372 vlib_cli_output (vm, "NAT44 static mappings:");
1374 pool_foreach (m, sm->static_mappings,
1376 vlib_cli_output (vm, " %U", format_snat_static_mapping, m);
1378 vec_foreach (rp, sm->to_resolve)
1379 vlib_cli_output (vm, " %U", format_snat_static_map_to_resolve, rp);
1385 static clib_error_t *
1386 snat_add_interface_address_command_fn (vlib_main_t * vm,
1387 unformat_input_t * input,
1388 vlib_cli_command_t * cmd)
1390 snat_main_t *sm = &snat_main;
1391 unformat_input_t _line_input, *line_input = &_line_input;
1395 clib_error_t *error = 0;
1398 if (sm->deterministic)
1399 return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
1401 /* Get a line of input. */
1402 if (!unformat_user (input, unformat_line_input, line_input))
1405 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1407 if (unformat (line_input, "%U", unformat_vnet_sw_interface,
1408 sm->vnet_main, &sw_if_index))
1410 else if (unformat (line_input, "twice-nat"))
1412 else if (unformat (line_input, "del"))
1416 error = clib_error_return (0, "unknown input '%U'",
1417 format_unformat_error, line_input);
1422 rv = snat_add_interface_address (sm, sw_if_index, is_del, twice_nat);
1430 error = clib_error_return (0, "snat_add_interface_address returned %d",
1436 unformat_free (line_input);
1441 static clib_error_t *
1442 nat44_show_interface_address_command_fn (vlib_main_t * vm,
1443 unformat_input_t * input,
1444 vlib_cli_command_t * cmd)
1446 snat_main_t *sm = &snat_main;
1447 vnet_main_t *vnm = vnet_get_main ();
1450 if (sm->deterministic)
1451 return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
1454 vlib_cli_output (vm, "NAT44 pool address interfaces:");
1455 vec_foreach (sw_if_index, sm->auto_add_sw_if_indices)
1457 vlib_cli_output (vm, " %U", format_vnet_sw_if_index_name, vnm,
1460 vlib_cli_output (vm, "NAT44 twice-nat pool address interfaces:");
1461 vec_foreach (sw_if_index, sm->auto_add_sw_if_indices_twice_nat)
1463 vlib_cli_output (vm, " %U", format_vnet_sw_if_index_name, vnm,
1471 static clib_error_t *
1472 nat44_show_sessions_command_fn (vlib_main_t * vm, unformat_input_t * input,
1473 vlib_cli_command_t * cmd)
1475 unformat_input_t _line_input, *line_input = &_line_input;
1476 clib_error_t *error = 0;
1477 snat_main_t *sm = &snat_main;
1478 snat_main_per_thread_data_t *tsm;
1480 int detail = 0, metrics = 0;
1484 if (sm->deterministic)
1485 return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
1487 if (!unformat_user (input, unformat_line_input, line_input))
1490 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1492 if (unformat (line_input, "detail"))
1494 else if (unformat (line_input, "metrics"))
1498 error = clib_error_return (0, "unknown input '%U'",
1499 format_unformat_error, line_input);
1503 unformat_free (line_input);
1506 vlib_cli_output (vm, "NAT44 sessions:");
1508 vec_foreach_index (i, sm->per_thread_data)
1510 tsm = vec_elt_at_index (sm->per_thread_data, i);
1512 vlib_cli_output (vm, "-------- thread %d %s: %d sessions --------\n",
1513 i, vlib_worker_threads[i].name,
1514 pool_elts (tsm->sessions));
1517 u64 now = vlib_time_now (sm->vlib_main);
1518 pool_foreach (u, tsm->users,
1520 vlib_cli_output (vm, " %U", format_snat_user_v2, tsm, u, now);
1525 pool_foreach (u, tsm->users,
1527 vlib_cli_output (vm, " %U", format_snat_user, tsm, u, detail);
1535 static clib_error_t *
1536 nat44_set_session_limit_command_fn (vlib_main_t * vm,
1537 unformat_input_t * input,
1538 vlib_cli_command_t * cmd)
1540 snat_main_t *sm = &snat_main;
1541 unformat_input_t _line_input, *line_input = &_line_input;
1542 clib_error_t *error = 0;
1544 u32 session_limit = 0, vrf_id = 0;
1546 if (sm->deterministic)
1547 return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
1549 /* Get a line of input. */
1550 if (!unformat_user (input, unformat_line_input, line_input))
1553 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1555 if (unformat (line_input, "%u", &session_limit))
1557 else if (unformat (line_input, "vrf %u", &vrf_id))
1561 error = clib_error_return (0, "unknown input '%U'",
1562 format_unformat_error, line_input);
1568 error = clib_error_return (0, "missing value of session limit");
1569 else if (nat44_set_session_limit (session_limit, vrf_id))
1570 error = clib_error_return (0, "nat44_set_session_limit failed");
1573 unformat_free (line_input);
1578 static clib_error_t *
1579 nat44_del_user_command_fn (vlib_main_t * vm,
1580 unformat_input_t * input, vlib_cli_command_t * cmd)
1582 snat_main_t *sm = &snat_main;
1583 unformat_input_t _line_input, *line_input = &_line_input;
1584 clib_error_t *error = 0;
1589 if (sm->deterministic)
1590 return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
1592 /* Get a line of input. */
1593 if (!unformat_user (input, unformat_line_input, line_input))
1596 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1598 if (unformat (line_input, "%U", unformat_ip4_address, &addr))
1600 else if (unformat (line_input, "fib %u", &fib_index))
1604 error = clib_error_return (0, "unknown input '%U'",
1605 format_unformat_error, line_input);
1610 rv = nat44_user_del (&addr, fib_index);
1614 error = clib_error_return (0, "nat44_user_del returned %d", rv);
1618 unformat_free (line_input);
1623 static clib_error_t *
1624 nat44_del_session_command_fn (vlib_main_t * vm,
1625 unformat_input_t * input,
1626 vlib_cli_command_t * cmd)
1628 snat_main_t *sm = &snat_main;
1629 unformat_input_t _line_input, *line_input = &_line_input;
1630 int is_in = 0, is_ed = 0;
1631 clib_error_t *error = 0;
1632 ip4_address_t addr, eh_addr;
1633 u32 port = 0, eh_port = 0, vrf_id = sm->outside_vrf_id;
1634 snat_protocol_t proto;
1637 if (sm->deterministic)
1638 return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
1640 /* Get a line of input. */
1641 if (!unformat_user (input, unformat_line_input, line_input))
1644 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1647 (line_input, "%U:%u %U", unformat_ip4_address, &addr, &port,
1648 unformat_snat_protocol, &proto))
1650 else if (unformat (line_input, "in"))
1653 vrf_id = sm->inside_vrf_id;
1655 else if (unformat (line_input, "out"))
1658 vrf_id = sm->outside_vrf_id;
1660 else if (unformat (line_input, "vrf %u", &vrf_id))
1664 (line_input, "external-host %U:%u", unformat_ip4_address,
1665 &eh_addr, &eh_port))
1669 error = clib_error_return (0, "unknown input '%U'",
1670 format_unformat_error, line_input);
1677 nat44_del_ed_session (sm, &addr, port, &eh_addr, eh_port,
1678 snat_proto_to_ip_proto (proto), vrf_id, is_in);
1680 rv = nat44_del_session (sm, &addr, port, proto, vrf_id, is_in);
1688 error = clib_error_return (0, "nat44_del_session returned %d", rv);
1693 unformat_free (line_input);
1698 static clib_error_t *
1699 snat_forwarding_set_command_fn (vlib_main_t * vm,
1700 unformat_input_t * input,
1701 vlib_cli_command_t * cmd)
1703 snat_main_t *sm = &snat_main;
1704 unformat_input_t _line_input, *line_input = &_line_input;
1705 u8 forwarding_enable;
1706 u8 forwarding_enable_set = 0;
1707 clib_error_t *error = 0;
1709 if (sm->deterministic)
1710 return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
1712 /* Get a line of input. */
1713 if (!unformat_user (input, unformat_line_input, line_input))
1714 return clib_error_return (0, "'enable' or 'disable' expected");
1716 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1718 if (!forwarding_enable_set && unformat (line_input, "enable"))
1720 forwarding_enable = 1;
1721 forwarding_enable_set = 1;
1723 else if (!forwarding_enable_set && unformat (line_input, "disable"))
1725 forwarding_enable = 0;
1726 forwarding_enable_set = 1;
1730 error = clib_error_return (0, "unknown input '%U'",
1731 format_unformat_error, line_input);
1736 if (!forwarding_enable_set)
1738 error = clib_error_return (0, "'enable' or 'disable' expected");
1742 sm->forwarding_enabled = forwarding_enable;
1745 unformat_free (line_input);
1750 static clib_error_t *
1751 snat_det_map_command_fn (vlib_main_t * vm,
1752 unformat_input_t * input, vlib_cli_command_t * cmd)
1754 snat_main_t *sm = &snat_main;
1755 unformat_input_t _line_input, *line_input = &_line_input;
1756 ip4_address_t in_addr, out_addr;
1757 u32 in_plen, out_plen;
1759 clib_error_t *error = 0;
1761 if (!sm->deterministic)
1762 return clib_error_return (0, SUPPORTED_ONLY_IN_DET_MODE_STR);
1764 /* Get a line of input. */
1765 if (!unformat_user (input, unformat_line_input, line_input))
1768 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1771 (line_input, "in %U/%u", unformat_ip4_address, &in_addr, &in_plen))
1775 (line_input, "out %U/%u", unformat_ip4_address, &out_addr,
1778 else if (unformat (line_input, "del"))
1782 error = clib_error_return (0, "unknown input '%U'",
1783 format_unformat_error, line_input);
1788 rv = snat_det_add_map (sm, &in_addr, (u8) in_plen, &out_addr, (u8) out_plen,
1793 error = clib_error_return (0, "snat_det_add_map return %d", rv);
1798 unformat_free (line_input);
1803 static clib_error_t *
1804 nat44_det_show_mappings_command_fn (vlib_main_t * vm,
1805 unformat_input_t * input,
1806 vlib_cli_command_t * cmd)
1808 snat_main_t *sm = &snat_main;
1811 if (!sm->deterministic)
1812 return clib_error_return (0, SUPPORTED_ONLY_IN_DET_MODE_STR);
1814 vlib_cli_output (vm, "NAT44 deterministic mappings:");
1816 pool_foreach (dm, sm->det_maps,
1818 vlib_cli_output (vm, " in %U/%d out %U/%d\n",
1819 format_ip4_address, &dm->in_addr, dm->in_plen,
1820 format_ip4_address, &dm->out_addr, dm->out_plen);
1821 vlib_cli_output (vm, " outside address sharing ratio: %d\n",
1823 vlib_cli_output (vm, " number of ports per inside host: %d\n",
1824 dm->ports_per_host);
1825 vlib_cli_output (vm, " sessions number: %d\n", dm->ses_num);
1832 static clib_error_t *
1833 snat_det_forward_command_fn (vlib_main_t * vm,
1834 unformat_input_t * input,
1835 vlib_cli_command_t * cmd)
1837 snat_main_t *sm = &snat_main;
1838 unformat_input_t _line_input, *line_input = &_line_input;
1839 ip4_address_t in_addr, out_addr;
1842 clib_error_t *error = 0;
1844 if (!sm->deterministic)
1845 return clib_error_return (0, SUPPORTED_ONLY_IN_DET_MODE_STR);
1847 /* Get a line of input. */
1848 if (!unformat_user (input, unformat_line_input, line_input))
1851 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1853 if (unformat (line_input, "%U", unformat_ip4_address, &in_addr))
1857 error = clib_error_return (0, "unknown input '%U'",
1858 format_unformat_error, line_input);
1863 dm = snat_det_map_by_user (sm, &in_addr);
1865 vlib_cli_output (vm, "no match");
1868 snat_det_forward (dm, &in_addr, &out_addr, &lo_port);
1869 vlib_cli_output (vm, "%U:<%d-%d>", format_ip4_address, &out_addr,
1870 lo_port, lo_port + dm->ports_per_host - 1);
1874 unformat_free (line_input);
1879 static clib_error_t *
1880 snat_det_reverse_command_fn (vlib_main_t * vm,
1881 unformat_input_t * input,
1882 vlib_cli_command_t * cmd)
1884 snat_main_t *sm = &snat_main;
1885 unformat_input_t _line_input, *line_input = &_line_input;
1886 ip4_address_t in_addr, out_addr;
1889 clib_error_t *error = 0;
1891 if (!sm->deterministic)
1892 return clib_error_return (0, SUPPORTED_ONLY_IN_DET_MODE_STR);
1894 /* Get a line of input. */
1895 if (!unformat_user (input, unformat_line_input, line_input))
1898 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1901 (line_input, "%U:%d", unformat_ip4_address, &out_addr, &out_port))
1905 error = clib_error_return (0, "unknown input '%U'",
1906 format_unformat_error, line_input);
1911 if (out_port < 1024 || out_port > 65535)
1913 error = clib_error_return (0, "wrong port, must be <1024-65535>");
1917 dm = snat_det_map_by_out (sm, &out_addr);
1919 vlib_cli_output (vm, "no match");
1922 snat_det_reverse (dm, &out_addr, (u16) out_port, &in_addr);
1923 vlib_cli_output (vm, "%U", format_ip4_address, &in_addr);
1927 unformat_free (line_input);
1932 static clib_error_t *
1933 set_timeout_command_fn (vlib_main_t * vm,
1934 unformat_input_t * input, vlib_cli_command_t * cmd)
1936 snat_main_t *sm = &snat_main;
1937 unformat_input_t _line_input, *line_input = &_line_input;
1938 clib_error_t *error = 0;
1940 /* Get a line of input. */
1941 if (!unformat_user (input, unformat_line_input, line_input))
1944 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1946 if (unformat (line_input, "udp %u", &sm->udp_timeout))
1948 if (nat64_set_udp_timeout (sm->udp_timeout))
1950 error = clib_error_return (0, "Invalid UDP timeout value");
1954 else if (unformat (line_input, "tcp-established %u",
1955 &sm->tcp_established_timeout))
1957 if (nat64_set_tcp_timeouts
1958 (sm->tcp_transitory_timeout, sm->tcp_established_timeout))
1961 clib_error_return (0,
1962 "Invalid TCP established timeouts value");
1966 else if (unformat (line_input, "tcp-transitory %u",
1967 &sm->tcp_transitory_timeout))
1969 if (nat64_set_tcp_timeouts
1970 (sm->tcp_transitory_timeout, sm->tcp_established_timeout))
1973 clib_error_return (0,
1974 "Invalid TCP transitory timeouts value");
1978 else if (unformat (line_input, "icmp %u", &sm->icmp_timeout))
1980 if (nat64_set_icmp_timeout (sm->icmp_timeout))
1982 error = clib_error_return (0, "Invalid ICMP timeout value");
1986 else if (unformat (line_input, "reset"))
1988 sm->udp_timeout = SNAT_UDP_TIMEOUT;
1989 sm->tcp_established_timeout = SNAT_TCP_ESTABLISHED_TIMEOUT;
1990 sm->tcp_transitory_timeout = SNAT_TCP_TRANSITORY_TIMEOUT;
1991 sm->icmp_timeout = SNAT_ICMP_TIMEOUT;
1992 nat64_set_udp_timeout (0);
1993 nat64_set_icmp_timeout (0);
1994 nat64_set_tcp_timeouts (0, 0);
1998 error = clib_error_return (0, "unknown input '%U'",
1999 format_unformat_error, line_input);
2004 unformat_free (line_input);
2008 static clib_error_t *
2009 nat_show_timeouts_command_fn (vlib_main_t * vm,
2010 unformat_input_t * input,
2011 vlib_cli_command_t * cmd)
2013 snat_main_t *sm = &snat_main;
2015 vlib_cli_output (vm, "udp timeout: %dsec", sm->udp_timeout);
2016 vlib_cli_output (vm, "tcp-established timeout: %dsec",
2017 sm->tcp_established_timeout);
2018 vlib_cli_output (vm, "tcp-transitory timeout: %dsec",
2019 sm->tcp_transitory_timeout);
2020 vlib_cli_output (vm, "icmp timeout: %dsec", sm->icmp_timeout);
2025 static clib_error_t *
2026 nat44_det_show_sessions_command_fn (vlib_main_t * vm,
2027 unformat_input_t * input,
2028 vlib_cli_command_t * cmd)
2030 snat_main_t *sm = &snat_main;
2032 snat_det_session_t *ses;
2035 if (!sm->deterministic)
2036 return clib_error_return (0, SUPPORTED_ONLY_IN_DET_MODE_STR);
2038 vlib_cli_output (vm, "NAT44 deterministic sessions:");
2040 pool_foreach (dm, sm->det_maps,
2042 vec_foreach_index (i, dm->sessions)
2044 ses = vec_elt_at_index (dm->sessions, i);
2046 vlib_cli_output (vm, " %U", format_det_map_ses, dm, ses, &i);
2053 static clib_error_t *
2054 snat_det_close_session_out_fn (vlib_main_t * vm,
2055 unformat_input_t * input,
2056 vlib_cli_command_t * cmd)
2058 snat_main_t *sm = &snat_main;
2059 unformat_input_t _line_input, *line_input = &_line_input;
2060 ip4_address_t out_addr, ext_addr, in_addr;
2061 u32 out_port, ext_port;
2063 snat_det_session_t *ses;
2064 snat_det_out_key_t key;
2065 clib_error_t *error = 0;
2067 if (!sm->deterministic)
2068 return clib_error_return (0, SUPPORTED_ONLY_IN_DET_MODE_STR);
2070 /* Get a line of input. */
2071 if (!unformat_user (input, unformat_line_input, line_input))
2074 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
2076 if (unformat (line_input, "%U:%d %U:%d",
2077 unformat_ip4_address, &out_addr, &out_port,
2078 unformat_ip4_address, &ext_addr, &ext_port))
2082 error = clib_error_return (0, "unknown input '%U'",
2083 format_unformat_error, line_input);
2088 unformat_free (line_input);
2090 dm = snat_det_map_by_out (sm, &out_addr);
2092 vlib_cli_output (vm, "no match");
2095 snat_det_reverse (dm, &ext_addr, (u16) out_port, &in_addr);
2096 key.ext_host_addr = out_addr;
2097 key.ext_host_port = ntohs ((u16) ext_port);
2098 key.out_port = ntohs ((u16) out_port);
2099 ses = snat_det_get_ses_by_out (dm, &out_addr, key.as_u64);
2101 vlib_cli_output (vm, "no match");
2103 snat_det_ses_close (dm, ses);
2107 unformat_free (line_input);
2112 static clib_error_t *
2113 snat_det_close_session_in_fn (vlib_main_t * vm,
2114 unformat_input_t * input,
2115 vlib_cli_command_t * cmd)
2117 snat_main_t *sm = &snat_main;
2118 unformat_input_t _line_input, *line_input = &_line_input;
2119 ip4_address_t in_addr, ext_addr;
2120 u32 in_port, ext_port;
2122 snat_det_session_t *ses;
2123 snat_det_out_key_t key;
2124 clib_error_t *error = 0;
2126 if (!sm->deterministic)
2127 return clib_error_return (0, SUPPORTED_ONLY_IN_DET_MODE_STR);
2129 /* Get a line of input. */
2130 if (!unformat_user (input, unformat_line_input, line_input))
2133 while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
2135 if (unformat (line_input, "%U:%d %U:%d",
2136 unformat_ip4_address, &in_addr, &in_port,
2137 unformat_ip4_address, &ext_addr, &ext_port))
2141 error = clib_error_return (0, "unknown input '%U'",
2142 format_unformat_error, line_input);
2147 unformat_free (line_input);
2149 dm = snat_det_map_by_user (sm, &in_addr);
2151 vlib_cli_output (vm, "no match");
2154 key.ext_host_addr = ext_addr;
2155 key.ext_host_port = ntohs ((u16) ext_port);
2157 snat_det_find_ses_by_in (dm, &in_addr, ntohs ((u16) in_port), key);
2159 vlib_cli_output (vm, "no match");
2161 snat_det_ses_close (dm, ses);
2165 unformat_free (line_input);
2173 * @cliexstart{set snat workers}
2174 * Set NAT workers if 2 or more workers available, use:
2175 * vpp# set snat workers 0-2,5
2178 VLIB_CLI_COMMAND (set_workers_command, static) = {
2179 .path = "set nat workers",
2180 .function = set_workers_command_fn,
2181 .short_help = "set nat workers <workers-list>",
2186 * @cliexstart{show nat workers}
2188 * vpp# show nat workers:
2194 VLIB_CLI_COMMAND (nat_show_workers_command, static) = {
2195 .path = "show nat workers",
2196 .short_help = "show nat workers",
2197 .function = nat_show_workers_commnad_fn,
2202 * @cliexstart{set nat timeout}
2203 * Set values of timeouts for NAT sessions (in seconds), use:
2204 * vpp# set nat timeout udp 120 tcp-established 7500 tcp-transitory 250 icmp 90
2205 * To reset default values use:
2206 * vpp# set nat44 deterministic timeout reset
2209 VLIB_CLI_COMMAND (set_timeout_command, static) = {
2210 .path = "set nat timeout",
2211 .function = set_timeout_command_fn,
2213 "set nat timeout [udp <sec> | tcp-established <sec> "
2214 "tcp-transitory <sec> | icmp <sec> | reset]",
2219 * @cliexstart{show nat timeouts}
2220 * Show values of timeouts for NAT sessions.
2221 * vpp# show nat timeouts
2222 * udp timeout: 300sec
2223 * tcp-established timeout: 7440sec
2224 * tcp-transitory timeout: 240sec
2225 * icmp timeout: 60sec
2228 VLIB_CLI_COMMAND (nat_show_timeouts_command, static) = {
2229 .path = "show nat timeouts",
2230 .short_help = "show nat timeouts",
2231 .function = nat_show_timeouts_command_fn,
2236 * @cliexstart{nat set logging level}
2237 * To set NAT logging level use:
2238 * Set nat logging level
2241 VLIB_CLI_COMMAND (snat_set_log_level_command, static) = {
2242 .path = "nat set logging level",
2243 .function = snat_set_log_level_command_fn,
2244 .short_help = "nat set logging level <level>",
2249 * @cliexstart{snat ipfix logging}
2250 * To enable NAT IPFIX logging use:
2251 * vpp# nat ipfix logging
2252 * To set IPFIX exporter use:
2253 * vpp# set ipfix exporter collector 10.10.10.3 src 10.10.10.1
2256 VLIB_CLI_COMMAND (snat_ipfix_logging_enable_disable_command, static) = {
2257 .path = "nat ipfix logging",
2258 .function = snat_ipfix_logging_enable_disable_command_fn,
2259 .short_help = "nat ipfix logging [domain <domain-id>] [src-port <port>] [disable]",
2264 * @cliexstart{nat addr-port-assignment-alg}
2265 * Set address and port assignment algorithm
2266 * For the MAP-E CE limit port choice based on PSID use:
2267 * vpp# nat addr-port-assignment-alg map-e psid 10 psid-offset 6 psid-len 6
2268 * For port range use:
2269 * vpp# nat addr-port-assignment-alg port-range <start-port> - <end-port>
2270 * To set standard (default) address and port assignment algorithm use:
2271 * vpp# nat addr-port-assignment-alg default
2274 VLIB_CLI_COMMAND (nat44_set_alloc_addr_and_port_alg_command, static) = {
2275 .path = "nat addr-port-assignment-alg",
2276 .short_help = "nat addr-port-assignment-alg <alg-name> [<alg-params>]",
2277 .function = nat44_set_alloc_addr_and_port_alg_command_fn,
2282 * @cliexstart{show nat addr-port-assignment-alg}
2283 * Show address and port assignment algorithm
2286 VLIB_CLI_COMMAND (nat44_show_alloc_addr_and_port_alg_command, static) = {
2287 .path = "show nat addr-port-assignment-alg",
2288 .short_help = "show nat addr-port-assignment-alg",
2289 .function = nat44_show_alloc_addr_and_port_alg_command_fn,
2294 * @cliexstart{nat mss-clamping}
2295 * Set TCP MSS rewriting configuration
2296 * To enable TCP MSS rewriting use:
2297 * vpp# nat mss-clamping 1452
2298 * To disbale TCP MSS rewriting use:
2299 * vpp# nat mss-clamping disable
2302 VLIB_CLI_COMMAND (nat_set_mss_clamping_command, static) = {
2303 .path = "nat mss-clamping",
2304 .short_help = "nat mss-clamping <mss-value>|disable",
2305 .function = nat_set_mss_clamping_command_fn,
2310 * @cliexstart{show nat mss-clamping}
2311 * Show TCP MSS rewriting configuration
2314 VLIB_CLI_COMMAND (nat_show_mss_clamping_command, static) = {
2315 .path = "show nat mss-clamping",
2316 .short_help = "show nat mss-clamping",
2317 .function = nat_show_mss_clamping_command_fn,
2322 * @cliexstart{nat ha failover}
2323 * Set HA failover (remote settings)
2326 VLIB_CLI_COMMAND (nat_ha_failover_command, static) = {
2327 .path = "nat ha failover",
2328 .short_help = "nat ha failover <ip4-address>:<port> [refresh-interval <sec>]",
2329 .function = nat_ha_failover_command_fn,
2334 * @cliexstart{nat ha listener}
2335 * Set HA listener (local settings)
2338 VLIB_CLI_COMMAND (nat_ha_listener_command, static) = {
2339 .path = "nat ha listener",
2340 .short_help = "nat ha listener <ip4-address>:<port> [path-mtu <path-mtu>]",
2341 .function = nat_ha_listener_command_fn,
2346 * @cliexstart{show nat ha}
2347 * Show HA configuration/status
2350 VLIB_CLI_COMMAND (nat_show_ha_command, static) = {
2351 .path = "show nat ha",
2352 .short_help = "show nat ha",
2353 .function = nat_show_ha_command_fn,
2358 * @cliexstart{nat ha flush}
2359 * Flush the current HA data (for testing)
2362 VLIB_CLI_COMMAND (nat_ha_flush_command, static) = {
2363 .path = "nat ha flush",
2364 .short_help = "nat ha flush",
2365 .function = nat_ha_flush_command_fn,
2370 * @cliexstart{nat ha resync}
2371 * Resync HA (resend existing sessions to new failover)
2374 VLIB_CLI_COMMAND (nat_ha_resync_command, static) = {
2375 .path = "nat ha resync",
2376 .short_help = "nat ha resync",
2377 .function = nat_ha_resync_command_fn,
2382 * @cliexstart{show nat44 hash tables}
2383 * Show NAT44 hash tables
2386 VLIB_CLI_COMMAND (nat44_show_hash, static) = {
2387 .path = "show nat44 hash tables",
2388 .short_help = "show nat44 hash tables [detail|verbose]",
2389 .function = nat44_show_hash_commnad_fn,
2394 * @cliexstart{nat44 add address}
2395 * Add/delete NAT44 pool address.
2396 * To add NAT44 pool address use:
2397 * vpp# nat44 add address 172.16.1.3
2398 * vpp# nat44 add address 172.16.2.2 - 172.16.2.24
2399 * To add NAT44 pool address for specific tenant (identified by VRF id) use:
2400 * vpp# nat44 add address 172.16.1.3 tenant-vrf 10
2403 VLIB_CLI_COMMAND (add_address_command, static) = {
2404 .path = "nat44 add address",
2405 .short_help = "nat44 add address <ip4-range-start> [- <ip4-range-end>] "
2406 "[tenant-vrf <vrf-id>] [twice-nat] [del]",
2407 .function = add_address_command_fn,
2412 * @cliexstart{show nat44 summary}
2413 * Show NAT44 summary
2414 * vpp# show nat44 summary
2417 VLIB_CLI_COMMAND (nat44_show_summary_command, static) = {
2418 .path = "show nat44 summary",
2419 .short_help = "show nat44 summary",
2420 .function = nat44_show_summary_command_fn,
2425 * @cliexstart{show nat44 addresses}
2426 * Show NAT44 pool addresses.
2427 * vpp# show nat44 addresses
2428 * NAT44 pool addresses:
2430 * tenant VRF independent
2439 * NAT44 twice-nat pool addresses:
2441 * tenant VRF independent
2447 VLIB_CLI_COMMAND (nat44_show_addresses_command, static) = {
2448 .path = "show nat44 addresses",
2449 .short_help = "show nat44 addresses",
2450 .function = nat44_show_addresses_command_fn,
2455 * @cliexstart{set interface nat44}
2456 * Enable/disable NAT44 feature on the interface.
2457 * To enable NAT44 feature with local network interface use:
2458 * vpp# set interface nat44 in GigabitEthernet0/8/0
2459 * To enable NAT44 feature with external network interface use:
2460 * vpp# set interface nat44 out GigabitEthernet0/a/0
2463 VLIB_CLI_COMMAND (set_interface_snat_command, static) = {
2464 .path = "set interface nat44",
2465 .function = snat_feature_command_fn,
2466 .short_help = "set interface nat44 in <intfc> out <intfc> [output-feature] "
2472 * @cliexstart{show nat44 interfaces}
2473 * Show interfaces with NAT44 feature.
2474 * vpp# show nat44 interfaces
2476 * GigabitEthernet0/8/0 in
2477 * GigabitEthernet0/a/0 out
2480 VLIB_CLI_COMMAND (nat44_show_interfaces_command, static) = {
2481 .path = "show nat44 interfaces",
2482 .short_help = "show nat44 interfaces",
2483 .function = nat44_show_interfaces_command_fn,
2488 * @cliexstart{nat44 add static mapping}
2489 * Static mapping allows hosts on the external network to initiate connection
2490 * to to the local network host.
2491 * To create static mapping between local host address 10.0.0.3 port 6303 and
2492 * external address 4.4.4.4 port 3606 for TCP protocol use:
2493 * vpp# nat44 add static mapping tcp local 10.0.0.3 6303 external 4.4.4.4 3606
2494 * If not runnig "static mapping only" NAT plugin mode use before:
2495 * vpp# nat44 add address 4.4.4.4
2496 * To create static mapping between local and external address use:
2497 * vpp# nat44 add static mapping local 10.0.0.3 external 4.4.4.4
2500 VLIB_CLI_COMMAND (add_static_mapping_command, static) = {
2501 .path = "nat44 add static mapping",
2502 .function = add_static_mapping_command_fn,
2504 "nat44 add static mapping tcp|udp|icmp local <addr> [<port>] "
2505 "external <addr> [<port>] [vrf <table-id>] [twice-nat|self-twice-nat] "
2506 "[out2in-only] [del]",
2511 * @cliexstart{nat44 add identity mapping}
2512 * Identity mapping translate an IP address to itself.
2513 * To create identity mapping for address 10.0.0.3 port 6303 for TCP protocol
2515 * vpp# nat44 add identity mapping 10.0.0.3 tcp 6303
2516 * To create identity mapping for address 10.0.0.3 use:
2517 * vpp# nat44 add identity mapping 10.0.0.3
2518 * To create identity mapping for DHCP addressed interface use:
2519 * vpp# nat44 add identity mapping external GigabitEthernet0/a/0 tcp 3606
2522 VLIB_CLI_COMMAND (add_identity_mapping_command, static) = {
2523 .path = "nat44 add identity mapping",
2524 .function = add_identity_mapping_command_fn,
2525 .short_help = "nat44 add identity mapping <ip4-addr>|external <interface> "
2526 "[<protocol> <port>] [vrf <table-id>] [del]",
2531 * @cliexstart{nat44 add load-balancing static mapping}
2532 * Service load balancing using NAT44
2533 * To add static mapping with load balancing for service with external IP
2534 * address 1.2.3.4 and TCP port 80 and mapped to 2 local servers
2535 * 10.100.10.10:8080 and 10.100.10.20:8080 with probability 80% resp. 20% use:
2536 * vpp# nat44 add load-balancing static mapping protocol tcp external 1.2.3.4:80 local 10.100.10.10:8080 probability 80 local 10.100.10.20:8080 probability 20
2539 VLIB_CLI_COMMAND (add_lb_static_mapping_command, static) = {
2540 .path = "nat44 add load-balancing static mapping",
2541 .function = add_lb_static_mapping_command_fn,
2543 "nat44 add load-balancing static mapping protocol tcp|udp "
2544 "external <addr>:<port> local <addr>:<port> [vrf <table-id>] "
2545 "probability <n> [twice-nat|self-twice-nat] [out2in-only] "
2546 "[affinity <timeout-seconds>] [del]",
2551 * @cliexstart{nat44 add load-balancing static mapping}
2552 * Modify service load balancing using NAT44
2553 * To add new back-end server 10.100.10.30:8080 for service load balancing
2554 * static mapping with external IP address 1.2.3.4 and TCP port 80 use:
2555 * vpp# nat44 add load-balancing back-end protocol tcp external 1.2.3.4:80 local 10.100.10.30:8080 probability 25
2558 VLIB_CLI_COMMAND (add_lb_backend_command, static) = {
2559 .path = "nat44 add load-balancing back-end",
2560 .function = add_lb_backend_command_fn,
2562 "nat44 add load-balancing back-end protocol tcp|udp "
2563 "external <addr>:<port> local <addr>:<port> [vrf <table-id>] "
2564 "probability <n> [del]",
2569 * @cliexstart{show nat44 static mappings}
2570 * Show NAT44 static mappings.
2571 * vpp# show nat44 static mappings
2572 * NAT44 static mappings:
2573 * local 10.0.0.3 external 4.4.4.4 vrf 0
2574 * tcp local 192.168.0.4:6303 external 4.4.4.3:3606 vrf 0
2575 * tcp vrf 0 external 1.2.3.4:80 out2in-only
2576 * local 10.100.10.10:8080 probability 80
2577 * local 10.100.10.20:8080 probability 20
2578 * tcp local 10.100.3.8:8080 external 169.10.10.1:80 vrf 0 twice-nat
2579 * tcp local 10.0.0.10:3603 external GigabitEthernet0/a/0:6306 vrf 10
2582 VLIB_CLI_COMMAND (nat44_show_static_mappings_command, static) = {
2583 .path = "show nat44 static mappings",
2584 .short_help = "show nat44 static mappings",
2585 .function = nat44_show_static_mappings_command_fn,
2590 * @cliexstart{nat44 add interface address}
2591 * Use NAT44 pool address from specific interfce
2592 * To add NAT44 pool address from specific interface use:
2593 * vpp# nat44 add interface address GigabitEthernet0/8/0
2596 VLIB_CLI_COMMAND (snat_add_interface_address_command, static) = {
2597 .path = "nat44 add interface address",
2598 .short_help = "nat44 add interface address <interface> [twice-nat] [del]",
2599 .function = snat_add_interface_address_command_fn,
2604 * @cliexstart{show nat44 interface address}
2605 * Show NAT44 pool address interfaces
2606 * vpp# show nat44 interface address
2607 * NAT44 pool address interfaces:
2608 * GigabitEthernet0/a/0
2609 * NAT44 twice-nat pool address interfaces:
2610 * GigabitEthernet0/8/0
2613 VLIB_CLI_COMMAND (nat44_show_interface_address_command, static) = {
2614 .path = "show nat44 interface address",
2615 .short_help = "show nat44 interface address",
2616 .function = nat44_show_interface_address_command_fn,
2621 * @cliexstart{show nat44 sessions}
2622 * Show NAT44 sessions.
2625 VLIB_CLI_COMMAND (nat44_show_sessions_command, static) = {
2626 .path = "show nat44 sessions",
2627 .short_help = "show nat44 sessions [detail|metrics]",
2628 .function = nat44_show_sessions_command_fn,
2633 * @cliexstart{set nat44 session limit}
2634 * Set NAT44 session limit.
2637 VLIB_CLI_COMMAND (nat44_set_session_limit_command, static) = {
2638 .path = "set nat44 session limit",
2639 .short_help = "set nat44 session limit <limit> [vrf <table-id>]",
2640 .function = nat44_set_session_limit_command_fn,
2645 * @cliexstart{nat44 del user}
2646 * To delete all NAT44 user sessions:
2647 * vpp# nat44 del user 10.0.0.3
2650 VLIB_CLI_COMMAND (nat44_del_user_command, static) = {
2651 .path = "nat44 del user",
2652 .short_help = "nat44 del user <addr> [fib <index>]",
2653 .function = nat44_del_user_command_fn,
2658 * @cliexstart{nat44 del session}
2659 * To administratively delete NAT44 session by inside address and port use:
2660 * vpp# nat44 del session in 10.0.0.3:6303 tcp
2661 * To administratively delete NAT44 session by outside address and port use:
2662 * vpp# nat44 del session out 1.0.0.3:6033 udp
2665 VLIB_CLI_COMMAND (nat44_del_session_command, static) = {
2666 .path = "nat44 del session",
2667 .short_help = "nat44 del session in|out <addr>:<port> tcp|udp|icmp [vrf <id>] [external-host <addr>:<port>]",
2668 .function = nat44_del_session_command_fn,
2673 * @cliexstart{nat44 forwarding}
2674 * Enable or disable forwarding
2675 * Forward packets which don't match existing translation
2676 * or static mapping instead of dropping them.
2677 * To enable forwarding, use:
2678 * vpp# nat44 forwarding enable
2679 * To disable forwarding, use:
2680 * vpp# nat44 forwarding disable
2683 VLIB_CLI_COMMAND (snat_forwarding_set_command, static) = {
2684 .path = "nat44 forwarding",
2685 .short_help = "nat44 forwarding enable|disable",
2686 .function = snat_forwarding_set_command_fn,
2691 * @cliexstart{nat44 deterministic add}
2692 * Create bijective mapping of inside address to outside address and port range
2693 * pairs, with the purpose of enabling deterministic NAT to reduce logging in
2695 * To create deterministic mapping between inside network 10.0.0.0/18 and
2696 * outside network 1.1.1.0/30 use:
2697 * # vpp# nat44 deterministic add in 10.0.0.0/18 out 1.1.1.0/30
2700 VLIB_CLI_COMMAND (snat_det_map_command, static) = {
2701 .path = "nat44 deterministic add",
2702 .short_help = "nat44 deterministic add in <addr>/<plen> out <addr>/<plen> [del]",
2703 .function = snat_det_map_command_fn,
2708 * @cliexpstart{show nat44 deterministic mappings}
2709 * Show NAT44 deterministic mappings
2710 * vpp# show nat44 deterministic mappings
2711 * NAT44 deterministic mappings:
2712 * in 10.0.0.0/24 out 1.1.1.1/32
2713 * outside address sharing ratio: 256
2714 * number of ports per inside host: 252
2715 * sessions number: 0
2718 VLIB_CLI_COMMAND (nat44_det_show_mappings_command, static) = {
2719 .path = "show nat44 deterministic mappings",
2720 .short_help = "show nat44 deterministic mappings",
2721 .function = nat44_det_show_mappings_command_fn,
2726 * @cliexstart{nat44 deterministic forward}
2727 * Return outside address and port range from inside address for deterministic
2729 * To obtain outside address and port of inside host use:
2730 * vpp# nat44 deterministic forward 10.0.0.2
2731 * 1.1.1.0:<1054-1068>
2734 VLIB_CLI_COMMAND (snat_det_forward_command, static) = {
2735 .path = "nat44 deterministic forward",
2736 .short_help = "nat44 deterministic forward <addr>",
2737 .function = snat_det_forward_command_fn,
2742 * @cliexstart{nat44 deterministic reverse}
2743 * Return inside address from outside address and port for deterministic NAT.
2744 * To obtain inside host address from outside address and port use:
2745 * #vpp nat44 deterministic reverse 1.1.1.1:1276
2749 VLIB_CLI_COMMAND (snat_det_reverse_command, static) = {
2750 .path = "nat44 deterministic reverse",
2751 .short_help = "nat44 deterministic reverse <addr>:<port>",
2752 .function = snat_det_reverse_command_fn,
2757 * @cliexstart{show nat44 deterministic sessions}
2758 * Show NAT44 deterministic sessions.
2759 * vpp# show nat44 deterministic sessions
2760 * NAT44 deterministic sessions:
2761 * in 10.0.0.3:3005 out 1.1.1.2:1146 external host 172.16.1.2:3006 state: udp-active expire: 306
2762 * in 10.0.0.3:3000 out 1.1.1.2:1141 external host 172.16.1.2:3001 state: udp-active expire: 306
2763 * in 10.0.0.4:3005 out 1.1.1.2:1177 external host 172.16.1.2:3006 state: udp-active expire: 306
2766 VLIB_CLI_COMMAND (nat44_det_show_sessions_command, static) = {
2767 .path = "show nat44 deterministic sessions",
2768 .short_help = "show nat44 deterministic sessions",
2769 .function = nat44_det_show_sessions_command_fn,
2774 * @cliexstart{nat44 deterministic close session out}
2775 * Close session using outside ip address and port
2776 * and external ip address and port, use:
2777 * vpp# nat44 deterministic close session out 1.1.1.1:1276 2.2.2.2:2387
2780 VLIB_CLI_COMMAND (snat_det_close_sesion_out_command, static) = {
2781 .path = "nat44 deterministic close session out",
2782 .short_help = "nat44 deterministic close session out "
2783 "<out_addr>:<out_port> <ext_addr>:<ext_port>",
2784 .function = snat_det_close_session_out_fn,
2789 * @cliexstart{nat44 deterministic close session in}
2790 * Close session using inside ip address and port
2791 * and external ip address and port, use:
2792 * vpp# nat44 deterministic close session in 3.3.3.3:3487 2.2.2.2:2387
2795 VLIB_CLI_COMMAND (snat_det_close_session_in_command, static) = {
2796 .path = "nat44 deterministic close session in",
2797 .short_help = "nat44 deterministic close session in "
2798 "<in_addr>:<in_port> <ext_addr>:<ext_port>",
2799 .function = snat_det_close_session_in_fn,
2805 * fd.io coding-style-patch-verification: ON
2808 * eval: (c-set-style "gnu")
Code Review / vpp.git / blob