/*
- * Copyright (c) 2016 Cisco and/or its affiliates.
+ * Copyright (c) 2020 Cisco and/or its affiliates.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at:
#include <nat/lib/lib.h>
#include <nat/lib/inlines.h>
-/* default session timeouts */
-#define SNAT_UDP_TIMEOUT 300
-#define SNAT_TCP_TRANSITORY_TIMEOUT 240
-#define SNAT_TCP_ESTABLISHED_TIMEOUT 7440
-#define SNAT_ICMP_TIMEOUT 60
-
/* number of worker handoff frame queue elements */
#define NAT_FQ_NELTS 64
/* maximum number of users */
u32 users;
- u32 user_memory;
/* maximum number of sessions */
u32 sessions;
- u32 session_memory;
/* maximum number of ssessions per user */
u32 user_sessions;
u32 ed_hairpin_dst_node_index;
u32 ed_hairpin_src_node_index;
+ nat44_config_t rconfig;
+ //nat44_config_t cconfig;
+
/* If forwarding is enabled */
u8 forwarding_enabled;
u8 translation_memory_size_set;
u32 translation_buckets;
- uword translation_memory_size;
u32 max_translations_per_thread;
u32 *max_translations_per_fib;
u32 max_users_per_thread;
u32 user_buckets;
- uword user_memory_size;
u32 max_translations_per_user;
u32 outside_vrf_id;
u32 inside_vrf_id;
u32 inside_fib_index;
- /* values of various timeouts */
- u32 udp_timeout;
- u32 tcp_transitory_timeout;
- u32 tcp_established_timeout;
- u32 icmp_timeout;
+ nat_timeouts_t timeouts;
/* TCP MSS clamping */
u16 mss_clamping;
ip4_main_t *ip4_main;
ip_lookup_main_t *ip4_lookup_main;
+ fib_source_t fib_src_hi;
+ fib_source_t fib_src_low;
+
/* nat44 plugin enabled */
u8 enabled;
nat_protocol_t proto, u32 vrf_id,
u8 probability, u8 is_add);
-clib_error_t *snat_api_init (vlib_main_t * vm, snat_main_t * sm);
+clib_error_t *nat44_api_hookup (vlib_main_t * vm);
/**
* @brief Set NAT plugin workers
* @return 0 on success, non-zero value otherwise
*/
int nat44_update_session_limit (u32 session_limit, u32 vrf_id);
-/**
- * @brief Free NAT44 ED session data (lookup keys, external address port)
- *
- * @param s NAT session
- * @param thread_index thread index
- * @param is_ha is HA event
- */
-void
-nat44_free_session_data (snat_main_t * sm, snat_session_t * s,
- u32 thread_index, u8 is_ha);
/**
* @brief Initialize NAT44 data
*/
void nat44_db_free (snat_main_per_thread_data_t * tsm);
+/**
+ * @brief Delete specific NAT44 EI user and his sessions
+ *
+ * @param addr IPv4 address
+ * @param fib_index FIB table index
+ */
+int nat44_ei_user_del (ip4_address_t * addr, u32 fib_index);
+
+/**
+ * @brief Free all NAT44 sessions
+ */
void nat44_sessions_clear ();
/**
void snat_add_del_addr_to_fib (ip4_address_t * addr,
u8 p_len, u32 sw_if_index, int is_add);
+void
+nat_ha_sadd_cb (ip4_address_t * in_addr, u16 in_port,
+ ip4_address_t * out_addr, u16 out_port,
+ ip4_address_t * eh_addr, u16 eh_port,
+ ip4_address_t * ehn_addr, u16 ehn_port, u8 proto,
+ u32 fib_index, u16 flags, u32 thread_index);
+
+void
+nat_ha_sdel_cb (ip4_address_t * out_addr, u16 out_port,
+ ip4_address_t * eh_addr, u16 eh_port, u8 proto, u32 fib_index,
+ u32 ti);
+
+void
+nat_ha_sref_cb (ip4_address_t * out_addr, u16 out_port,
+ ip4_address_t * eh_addr, u16 eh_port, u8 proto, u32 fib_index,
+ u32 total_pkts, u64 total_bytes, u32 thread_index);
+
+void
+nat_ha_sadd_ed_cb (ip4_address_t * in_addr, u16 in_port,
+ ip4_address_t * out_addr, u16 out_port,
+ ip4_address_t * eh_addr, u16 eh_port,
+ ip4_address_t * ehn_addr, u16 ehn_port, u8 proto,
+ u32 fib_index, u16 flags, u32 thread_index);
+
+void
+nat_ha_sdel_ed_cb (ip4_address_t * out_addr, u16 out_port,
+ ip4_address_t * eh_addr, u16 eh_port, u8 proto,
+ u32 fib_index, u32 ti);
+
+void
+nat_ha_sdel_ed_cb (ip4_address_t * out_addr, u16 out_port,
+ ip4_address_t * eh_addr, u16 eh_port, u8 proto,
+ u32 fib_index, u32 ti);
+
+void
+nat_ha_sref_ed_cb (ip4_address_t * out_addr, u16 out_port,
+ ip4_address_t * eh_addr, u16 eh_port, u8 proto,
+ u32 fib_index, u32 total_pkts, u64 total_bytes,
+ u32 thread_index);
+
/*
* Why is this here? Because we don't need to touch this layer to
* simply reply to an icmp. We need to change id to a unique