FD.io VPP  v19.08.3-2-gbabecb413
Vector Packet Processing
nat44_cli.c
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2018 Cisco and/or its affiliates.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at:
6  *
7  * http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 /**
16  * @file
17  * @brief NAT44 CLI
18  */
19 
20 #include <nat/nat.h>
21 #include <nat/nat_ipfix_logging.h>
22 #include <nat/nat_det.h>
23 #include <nat/nat64.h>
24 #include <nat/nat_inlines.h>
25 #include <nat/nat_affinity.h>
26 #include <vnet/fib/fib_table.h>
27 #include <nat/nat_ha.h>
28 
29 #define UNSUPPORTED_IN_DET_MODE_STR \
30  "This command is unsupported in deterministic mode"
31 #define SUPPORTED_ONLY_IN_DET_MODE_STR \
32  "This command is supported only in deterministic mode"
33 
34 static clib_error_t *
36  unformat_input_t * input, vlib_cli_command_t * cmd)
37 {
38  unformat_input_t _line_input, *line_input = &_line_input;
39  snat_main_t *sm = &snat_main;
40  uword *bitmap = 0;
41  int rv = 0;
42  clib_error_t *error = 0;
43 
44  if (sm->deterministic)
46 
47  /* Get a line of input. */
48  if (!unformat_user (input, unformat_line_input, line_input))
49  return 0;
50 
51  while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
52  {
53  if (unformat (line_input, "%U", unformat_bitmap_list, &bitmap))
54  ;
55  else
56  {
57  error = clib_error_return (0, "unknown input '%U'",
58  format_unformat_error, line_input);
59  goto done;
60  }
61  }
62 
63  if (bitmap == 0)
64  {
65  error = clib_error_return (0, "List of workers must be specified.");
66  goto done;
67  }
68 
69  rv = snat_set_workers (bitmap);
70 
71  clib_bitmap_free (bitmap);
72 
73  switch (rv)
74  {
75  case VNET_API_ERROR_INVALID_WORKER:
76  error = clib_error_return (0, "Invalid worker(s).");
77  goto done;
78  case VNET_API_ERROR_FEATURE_DISABLED:
79  error = clib_error_return (0,
80  "Supported only if 2 or more workes available.");
81  goto done;
82  default:
83  break;
84  }
85 
86 done:
87  unformat_free (line_input);
88 
89  return error;
90 }
91 
92 static clib_error_t *
94  vlib_cli_command_t * cmd)
95 {
96  snat_main_t *sm = &snat_main;
97  u32 *worker;
98 
99  if (sm->deterministic)
101 
102  if (sm->num_workers > 1)
103  {
104  vlib_cli_output (vm, "%d workers", vec_len (sm->workers));
105  /* *INDENT-OFF* */
106  vec_foreach (worker, sm->workers)
107  {
109  vlib_worker_threads + *worker + sm->first_worker_index;
110  vlib_cli_output (vm, " %s", w->name);
111  }
112  /* *INDENT-ON* */
113  }
114 
115  return 0;
116 }
117 
118 static clib_error_t *
120  unformat_input_t * input,
121  vlib_cli_command_t * cmd)
122 {
123  unformat_input_t _line_input, *line_input = &_line_input;
124  snat_main_t *sm = &snat_main;
125  u8 log_level = SNAT_LOG_NONE;
126  clib_error_t *error = 0;
127 
128  /* Get a line of input. */
129  if (!unformat_user (input, unformat_line_input, line_input))
130  return 0;
131 
132  if (!unformat (line_input, "%d", &log_level))
133  {
134  error = clib_error_return (0, "unknown input '%U'",
135  format_unformat_error, line_input);
136  goto done;
137  }
138  if (log_level > SNAT_LOG_DEBUG)
139  {
140  error = clib_error_return (0, "unknown logging level '%d'", log_level);
141  goto done;
142  }
143  sm->log_level = log_level;
144 
145 done:
146  unformat_free (line_input);
147 
148  return error;
149 }
150 
151 static clib_error_t *
153  unformat_input_t * input,
154  vlib_cli_command_t * cmd)
155 {
156  unformat_input_t _line_input, *line_input = &_line_input;
157  u32 domain_id = 0;
158  u32 src_port = 0;
159  u8 enable = 1;
160  int rv = 0;
161  clib_error_t *error = 0;
162 
163  /* Get a line of input. */
164  if (!unformat_user (input, unformat_line_input, line_input))
165  {
166  rv = snat_ipfix_logging_enable_disable (enable, domain_id,
167  (u16) src_port);
168  if (rv)
169  return clib_error_return (0, "ipfix logging enable failed");
170  return 0;
171  }
172 
173  while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
174  {
175  if (unformat (line_input, "domain %d", &domain_id))
176  ;
177  else if (unformat (line_input, "src-port %d", &src_port))
178  ;
179  else if (unformat (line_input, "disable"))
180  enable = 0;
181  else
182  {
183  error = clib_error_return (0, "unknown input '%U'",
184  format_unformat_error, line_input);
185  goto done;
186  }
187  }
188 
189  rv = snat_ipfix_logging_enable_disable (enable, domain_id, (u16) src_port);
190 
191  if (rv)
192  {
193  error = clib_error_return (0, "ipfix logging enable failed");
194  goto done;
195  }
196 
197 done:
198  unformat_free (line_input);
199 
200  return error;
201 }
202 
203 static clib_error_t *
205  vlib_cli_command_t * cmd)
206 {
207  snat_main_t *sm = &snat_main;
210  int i;
211  int verbose = 0;
212 
213  if (unformat (input, "detail"))
214  verbose = 1;
215  else if (unformat (input, "verbose"))
216  verbose = 2;
217 
218  vlib_cli_output (vm, "%U", format_bihash_8_8, &sm->static_mapping_by_local,
219  verbose);
220  vlib_cli_output (vm, "%U",
221  format_bihash_8_8, &sm->static_mapping_by_external,
222  verbose);
224  {
225  tsm = vec_elt_at_index (sm->per_thread_data, i);
226  vlib_cli_output (vm, "-------- thread %d %s --------\n",
227  i, vlib_worker_threads[i].name);
228  if (sm->endpoint_dependent)
229  {
230  vlib_cli_output (vm, "%U", format_bihash_16_8, &tsm->in2out_ed,
231  verbose);
232  vlib_cli_output (vm, "%U", format_bihash_16_8, &tsm->out2in_ed,
233  verbose);
234  }
235  else
236  {
237  vlib_cli_output (vm, "%U", format_bihash_8_8, &tsm->in2out, verbose);
238  vlib_cli_output (vm, "%U", format_bihash_8_8, &tsm->out2in, verbose);
239  }
240  vlib_cli_output (vm, "%U", format_bihash_8_8, &tsm->user_hash, verbose);
241  }
242 
243  if (sm->endpoint_dependent)
244  vlib_cli_output (vm, "%U", format_bihash_16_8, &nam->affinity_hash,
245  verbose);
246  return 0;
247 }
248 
249 static clib_error_t *
251  unformat_input_t * input,
252  vlib_cli_command_t * cmd)
253 {
254  unformat_input_t _line_input, *line_input = &_line_input;
255  snat_main_t *sm = &snat_main;
256  clib_error_t *error = 0;
257  u32 psid, psid_offset, psid_length, port_start, port_end;
258 
259  if (sm->deterministic)
261 
262  /* Get a line of input. */
263  if (!unformat_user (input, unformat_line_input, line_input))
264  return 0;
265 
266  while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
267  {
268  if (unformat (line_input, "default"))
270  else
271  if (unformat
272  (line_input, "map-e psid %d psid-offset %d psid-len %d", &psid,
273  &psid_offset, &psid_length))
274  nat_set_alloc_addr_and_port_mape ((u16) psid, (u16) psid_offset,
275  (u16) psid_length);
276  else
277  if (unformat
278  (line_input, "port-range %d - %d", &port_start, &port_end))
279  {
280  if (port_end <= port_start)
281  {
282  error =
284  "The end-port must be greater than start-port");
285  goto done;
286  }
288  (u16) port_end);
289  }
290  else
291  {
292  error = clib_error_return (0, "unknown input '%U'",
293  format_unformat_error, line_input);
294  goto done;
295  }
296  }
297 
298 done:
299  unformat_free (line_input);
300 
301  return error;
302 };
303 
304 static clib_error_t *
306  unformat_input_t * input,
307  vlib_cli_command_t * cmd)
308 {
309  snat_main_t *sm = &snat_main;
310 
311  if (sm->deterministic)
313 
314  vlib_cli_output (vm, "NAT address and port: %U",
317  switch (sm->addr_and_port_alloc_alg)
318  {
319  case NAT_ADDR_AND_PORT_ALLOC_ALG_MAPE:
320  vlib_cli_output (vm, " psid %d psid-offset %d psid-len %d", sm->psid,
321  sm->psid_offset, sm->psid_length);
322  break;
323  case NAT_ADDR_AND_PORT_ALLOC_ALG_RANGE:
324  vlib_cli_output (vm, " start-port %d end-port %d", sm->start_port,
325  sm->end_port);
326  break;
327  default:
328  break;
329  }
330 
331  return 0;
332 }
333 
334 static clib_error_t *
336  vlib_cli_command_t * cmd)
337 {
338  unformat_input_t _line_input, *line_input = &_line_input;
339  snat_main_t *sm = &snat_main;
340  clib_error_t *error = 0;
341  u32 mss;
342 
343  /* Get a line of input. */
344  if (!unformat_user (input, unformat_line_input, line_input))
345  return 0;
346 
347  while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
348  {
349  if (unformat (line_input, "disable"))
350  sm->mss_clamping = 0;
351  else if (unformat (line_input, "%d", &mss))
352  {
353  sm->mss_clamping = (u16) mss;
354  sm->mss_value_net = clib_host_to_net_u16 (sm->mss_clamping);
355  }
356  else
357  {
358  error = clib_error_return (0, "unknown input '%U'",
359  format_unformat_error, line_input);
360  goto done;
361  }
362  }
363 
364 done:
365  unformat_free (line_input);
366 
367  return error;
368 }
369 
370 static clib_error_t *
372  vlib_cli_command_t * cmd)
373 {
374  snat_main_t *sm = &snat_main;
375 
376  if (sm->mss_clamping)
377  vlib_cli_output (vm, "mss-clamping %d", sm->mss_clamping);
378  else
379  vlib_cli_output (vm, "mss-clamping disabled");
380 
381  return 0;
382 }
383 
384 static clib_error_t *
386  vlib_cli_command_t * cmd)
387 {
388  unformat_input_t _line_input, *line_input = &_line_input;
390  u32 port, session_refresh_interval = 10;
391  int rv;
392  clib_error_t *error = 0;
393 
394  /* Get a line of input. */
395  if (!unformat_user (input, unformat_line_input, line_input))
396  return 0;
397 
398  while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
399  {
400  if (unformat (line_input, "%U:%u", unformat_ip4_address, &addr, &port))
401  ;
402  else
403  if (unformat
404  (line_input, "refresh-interval %u", &session_refresh_interval))
405  ;
406  else
407  {
408  error = clib_error_return (0, "unknown input '%U'",
409  format_unformat_error, line_input);
410  goto done;
411  }
412  }
413 
414  rv = nat_ha_set_failover (&addr, (u16) port, session_refresh_interval);
415  if (rv)
416  error = clib_error_return (0, "set HA failover failed");
417 
418 done:
419  unformat_free (line_input);
420 
421  return error;
422 }
423 
424 static clib_error_t *
426  vlib_cli_command_t * cmd)
427 {
428  unformat_input_t _line_input, *line_input = &_line_input;
430  u32 port, path_mtu = 512;
431  int rv;
432  clib_error_t *error = 0;
433 
434  /* Get a line of input. */
435  if (!unformat_user (input, unformat_line_input, line_input))
436  return 0;
437 
438  while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
439  {
440  if (unformat (line_input, "%U:%u", unformat_ip4_address, &addr, &port))
441  ;
442  else if (unformat (line_input, "path-mtu %u", &path_mtu))
443  ;
444  else
445  {
446  error = clib_error_return (0, "unknown input '%U'",
447  format_unformat_error, line_input);
448  goto done;
449  }
450  }
451 
452  rv = nat_ha_set_listener (&addr, (u16) port, path_mtu);
453  if (rv)
454  error = clib_error_return (0, "set HA listener failed");
455 
456 done:
457  unformat_free (line_input);
458 
459  return error;
460 }
461 
462 static clib_error_t *
464  vlib_cli_command_t * cmd)
465 {
467  u16 port;
468  u32 path_mtu, session_refresh_interval, resync_ack_missed;
469  u8 in_resync;
470 
471  nat_ha_get_listener (&addr, &port, &path_mtu);
472  if (!port)
473  {
474  vlib_cli_output (vm, "NAT HA disabled\n");
475  return 0;
476  }
477 
478  vlib_cli_output (vm, "LISTENER:\n");
479  vlib_cli_output (vm, " %U:%u path-mtu %u\n",
480  format_ip4_address, &addr, port, path_mtu);
481 
482  nat_ha_get_failover (&addr, &port, &session_refresh_interval);
483  vlib_cli_output (vm, "FAILOVER:\n");
484  if (port)
485  vlib_cli_output (vm, " %U:%u refresh-interval %usec\n",
486  format_ip4_address, &addr, port,
487  session_refresh_interval);
488  else
489  vlib_cli_output (vm, " NA\n");
490 
491  nat_ha_get_resync_status (&in_resync, &resync_ack_missed);
492  vlib_cli_output (vm, "RESYNC:\n");
493  if (in_resync)
494  vlib_cli_output (vm, " in progress\n");
495  else
496  vlib_cli_output (vm, " completed (%d ACK missed)\n", resync_ack_missed);
497 
498  return 0;
499 }
500 
501 static clib_error_t *
503  vlib_cli_command_t * cmd)
504 {
505  nat_ha_flush (0);
506  return 0;
507 }
508 
509 static clib_error_t *
511  vlib_cli_command_t * cmd)
512 {
513  clib_error_t *error = 0;
514 
515  if (nat_ha_resync (0, 0, 0))
516  error = clib_error_return (0, "NAT HA resync already running");
517 
518  return error;
519 }
520 
521 static clib_error_t *
523  unformat_input_t * input, vlib_cli_command_t * cmd)
524 {
525  unformat_input_t _line_input, *line_input = &_line_input;
526  snat_main_t *sm = &snat_main;
527  ip4_address_t start_addr, end_addr, this_addr;
528  u32 start_host_order, end_host_order;
529  u32 vrf_id = ~0;
530  int i, count;
531  int is_add = 1;
532  int rv = 0;
533  clib_error_t *error = 0;
534  u8 twice_nat = 0;
535 
536  if (sm->deterministic)
538 
539  /* Get a line of input. */
540  if (!unformat_user (input, unformat_line_input, line_input))
541  return 0;
542 
543  while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
544  {
545  if (unformat (line_input, "%U - %U",
546  unformat_ip4_address, &start_addr,
547  unformat_ip4_address, &end_addr))
548  ;
549  else if (unformat (line_input, "tenant-vrf %u", &vrf_id))
550  ;
551  else if (unformat (line_input, "%U", unformat_ip4_address, &start_addr))
552  end_addr = start_addr;
553  else if (unformat (line_input, "twice-nat"))
554  twice_nat = 1;
555  else if (unformat (line_input, "del"))
556  is_add = 0;
557  else
558  {
559  error = clib_error_return (0, "unknown input '%U'",
560  format_unformat_error, line_input);
561  goto done;
562  }
563  }
564 
565  if (sm->static_mapping_only)
566  {
567  error = clib_error_return (0, "static mapping only mode");
568  goto done;
569  }
570 
571  start_host_order = clib_host_to_net_u32 (start_addr.as_u32);
572  end_host_order = clib_host_to_net_u32 (end_addr.as_u32);
573 
574  if (end_host_order < start_host_order)
575  {
576  error = clib_error_return (0, "end address less than start address");
577  goto done;
578  }
579 
580  count = (end_host_order - start_host_order) + 1;
581 
582  if (count > 1024)
583  nat_log_info ("%U - %U, %d addresses...",
584  format_ip4_address, &start_addr,
585  format_ip4_address, &end_addr, count);
586 
587  this_addr = start_addr;
588 
589  for (i = 0; i < count; i++)
590  {
591  if (is_add)
592  rv = snat_add_address (sm, &this_addr, vrf_id, twice_nat);
593  else
594  rv = snat_del_address (sm, this_addr, 0, twice_nat);
595 
596  switch (rv)
597  {
598  case VNET_API_ERROR_VALUE_EXIST:
599  error = clib_error_return (0, "NAT address already in use.");
600  goto done;
601  case VNET_API_ERROR_NO_SUCH_ENTRY:
602  error = clib_error_return (0, "NAT address not exist.");
603  goto done;
604  case VNET_API_ERROR_UNSPECIFIED:
605  error =
606  clib_error_return (0, "NAT address used in static mapping.");
607  goto done;
608  case VNET_API_ERROR_FEATURE_DISABLED:
609  error =
611  "twice NAT available only for endpoint-dependent mode.");
612  goto done;
613  default:
614  break;
615  }
616 
617  if (sm->out2in_dpo)
618  nat44_add_del_address_dpo (this_addr, is_add);
619 
620  increment_v4_address (&this_addr);
621  }
622 
623 done:
624  unformat_free (line_input);
625 
626  return error;
627 }
628 
629 static clib_error_t *
631  vlib_cli_command_t * cmd)
632 {
633  snat_main_t *sm = &snat_main;
634  snat_address_t *ap;
635 
636  if (sm->deterministic)
638 
639  vlib_cli_output (vm, "NAT44 pool addresses:");
640  /* *INDENT-OFF* */
641  vec_foreach (ap, sm->addresses)
642  {
643  vlib_cli_output (vm, "%U", format_ip4_address, &ap->addr);
644  if (ap->fib_index != ~0)
645  vlib_cli_output (vm, " tenant VRF: %u",
647  else
648  vlib_cli_output (vm, " tenant VRF independent");
649  #define _(N, i, n, s) \
650  vlib_cli_output (vm, " %d busy %s ports", ap->busy_##n##_ports, s);
652  #undef _
653  }
654  vlib_cli_output (vm, "NAT44 twice-nat pool addresses:");
656  {
657  vlib_cli_output (vm, "%U", format_ip4_address, &ap->addr);
658  if (ap->fib_index != ~0)
659  vlib_cli_output (vm, " tenant VRF: %u",
661  else
662  vlib_cli_output (vm, " tenant VRF independent");
663  #define _(N, i, n, s) \
664  vlib_cli_output (vm, " %d busy %s ports", ap->busy_##n##_ports, s);
666  #undef _
667  }
668  /* *INDENT-ON* */
669  return 0;
670 }
671 
672 static clib_error_t *
674  unformat_input_t * input, vlib_cli_command_t * cmd)
675 {
676  unformat_input_t _line_input, *line_input = &_line_input;
677  vnet_main_t *vnm = vnet_get_main ();
678  clib_error_t *error = 0;
680  u32 *inside_sw_if_indices = 0;
681  u32 *outside_sw_if_indices = 0;
682  u8 is_output_feature = 0;
683  int is_del = 0;
684  int i;
685 
686  sw_if_index = ~0;
687 
688  /* Get a line of input. */
689  if (!unformat_user (input, unformat_line_input, line_input))
690  return 0;
691 
692  while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
693  {
694  if (unformat (line_input, "in %U", unformat_vnet_sw_interface,
695  vnm, &sw_if_index))
696  vec_add1 (inside_sw_if_indices, sw_if_index);
697  else if (unformat (line_input, "out %U", unformat_vnet_sw_interface,
698  vnm, &sw_if_index))
699  vec_add1 (outside_sw_if_indices, sw_if_index);
700  else if (unformat (line_input, "output-feature"))
701  is_output_feature = 1;
702  else if (unformat (line_input, "del"))
703  is_del = 1;
704  else
705  {
706  error = clib_error_return (0, "unknown input '%U'",
707  format_unformat_error, line_input);
708  goto done;
709  }
710  }
711 
712  if (vec_len (inside_sw_if_indices))
713  {
714  for (i = 0; i < vec_len (inside_sw_if_indices); i++)
715  {
716  sw_if_index = inside_sw_if_indices[i];
717  if (is_output_feature)
718  {
720  (sw_if_index, 1, is_del))
721  {
722  error = clib_error_return (0, "%s %U failed",
723  is_del ? "del" : "add",
725  vnm, sw_if_index);
726  goto done;
727  }
728  }
729  else
730  {
731  if (snat_interface_add_del (sw_if_index, 1, is_del))
732  {
733  error = clib_error_return (0, "%s %U failed",
734  is_del ? "del" : "add",
736  vnm, sw_if_index);
737  goto done;
738  }
739  }
740  }
741  }
742 
743  if (vec_len (outside_sw_if_indices))
744  {
745  for (i = 0; i < vec_len (outside_sw_if_indices); i++)
746  {
747  sw_if_index = outside_sw_if_indices[i];
748  if (is_output_feature)
749  {
751  (sw_if_index, 0, is_del))
752  {
753  error = clib_error_return (0, "%s %U failed",
754  is_del ? "del" : "add",
756  vnm, sw_if_index);
757  goto done;
758  }
759  }
760  else
761  {
762  if (snat_interface_add_del (sw_if_index, 0, is_del))
763  {
764  error = clib_error_return (0, "%s %U failed",
765  is_del ? "del" : "add",
767  vnm, sw_if_index);
768  goto done;
769  }
770  }
771  }
772  }
773 
774 done:
775  unformat_free (line_input);
776  vec_free (inside_sw_if_indices);
777  vec_free (outside_sw_if_indices);
778 
779  return error;
780 }
781 
782 static clib_error_t *
784  vlib_cli_command_t * cmd)
785 {
786  snat_main_t *sm = &snat_main;
788  vnet_main_t *vnm = vnet_get_main ();
789 
790  vlib_cli_output (vm, "NAT44 interfaces:");
791  /* *INDENT-OFF* */
792  pool_foreach (i, sm->interfaces,
793  ({
794  vlib_cli_output (vm, " %U %s", format_vnet_sw_if_index_name, vnm,
795  i->sw_if_index,
796  (nat_interface_is_inside(i) &&
797  nat_interface_is_outside(i)) ? "in out" :
798  (nat_interface_is_inside(i) ? "in" : "out"));
799  }));
800 
802  ({
803  vlib_cli_output (vm, " %U output-feature %s",
804  format_vnet_sw_if_index_name, vnm,
805  i->sw_if_index,
806  (nat_interface_is_inside(i) &&
807  nat_interface_is_outside(i)) ? "in out" :
808  (nat_interface_is_inside(i) ? "in" : "out"));
809  }));
810  /* *INDENT-ON* */
811 
812  return 0;
813 }
814 
815 static clib_error_t *
817  unformat_input_t * input,
818  vlib_cli_command_t * cmd)
819 {
820  unformat_input_t _line_input, *line_input = &_line_input;
821  snat_main_t *sm = &snat_main;
822  clib_error_t *error = 0;
823  ip4_address_t l_addr, e_addr;
824  u32 l_port = 0, e_port = 0, vrf_id = ~0;
825  int is_add = 1;
826  int addr_only = 1;
827  u32 sw_if_index = ~0;
828  vnet_main_t *vnm = vnet_get_main ();
829  int rv;
830  snat_protocol_t proto = ~0;
831  u8 proto_set = 0;
833  u8 out2in_only = 0;
834 
835  if (sm->deterministic)
837 
838  /* Get a line of input. */
839  if (!unformat_user (input, unformat_line_input, line_input))
840  return 0;
841 
842  while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
843  {
844  if (unformat (line_input, "local %U %u", unformat_ip4_address, &l_addr,
845  &l_port))
846  addr_only = 0;
847  else
848  if (unformat (line_input, "local %U", unformat_ip4_address, &l_addr))
849  ;
850  else if (unformat (line_input, "external %U %u", unformat_ip4_address,
851  &e_addr, &e_port))
852  addr_only = 0;
853  else if (unformat (line_input, "external %U", unformat_ip4_address,
854  &e_addr))
855  ;
856  else if (unformat (line_input, "external %U %u",
857  unformat_vnet_sw_interface, vnm, &sw_if_index,
858  &e_port))
859  addr_only = 0;
860 
861  else if (unformat (line_input, "external %U",
862  unformat_vnet_sw_interface, vnm, &sw_if_index))
863  ;
864  else if (unformat (line_input, "vrf %u", &vrf_id))
865  ;
866  else if (unformat (line_input, "%U", unformat_snat_protocol, &proto))
867  proto_set = 1;
868  else if (unformat (line_input, "twice-nat"))
869  twice_nat = TWICE_NAT;
870  else if (unformat (line_input, "self-twice-nat"))
871  twice_nat = TWICE_NAT_SELF;
872  else if (unformat (line_input, "out2in-only"))
873  out2in_only = 1;
874  else if (unformat (line_input, "del"))
875  is_add = 0;
876  else
877  {
878  error = clib_error_return (0, "unknown input: '%U'",
879  format_unformat_error, line_input);
880  goto done;
881  }
882  }
883 
884  if (twice_nat && addr_only)
885  {
886  error = clib_error_return (0, "twice NAT only for 1:1 NAPT");
887  goto done;
888  }
889 
890  if (!addr_only && !proto_set)
891  {
892  error = clib_error_return (0, "missing protocol");
893  goto done;
894  }
895 
896  rv = snat_add_static_mapping (l_addr, e_addr, (u16) l_port, (u16) e_port,
897  vrf_id, addr_only, sw_if_index, proto, is_add,
898  twice_nat, out2in_only, 0, 0);
899 
900  switch (rv)
901  {
902  case VNET_API_ERROR_INVALID_VALUE:
903  error = clib_error_return (0, "External port already in use.");
904  goto done;
905  case VNET_API_ERROR_NO_SUCH_ENTRY:
906  if (is_add)
907  error = clib_error_return (0, "External address must be allocated.");
908  else
909  error = clib_error_return (0, "Mapping not exist.");
910  goto done;
911  case VNET_API_ERROR_NO_SUCH_FIB:
912  error = clib_error_return (0, "No such VRF id.");
913  goto done;
914  case VNET_API_ERROR_VALUE_EXIST:
915  error = clib_error_return (0, "Mapping already exist.");
916  goto done;
917  case VNET_API_ERROR_FEATURE_DISABLED:
918  error =
920  "twice-nat/out2in-only available only for endpoint-dependent mode.");
921  goto done;
922  default:
923  break;
924  }
925 
926 done:
927  unformat_free (line_input);
928 
929  return error;
930 }
931 
932 static clib_error_t *
934  unformat_input_t * input,
935  vlib_cli_command_t * cmd)
936 {
937  unformat_input_t _line_input, *line_input = &_line_input;
938  snat_main_t *sm = &snat_main;
939  clib_error_t *error = 0;
941  u32 port = 0, vrf_id = ~0;
942  int is_add = 1;
943  int addr_only = 1;
944  u32 sw_if_index = ~0;
945  vnet_main_t *vnm = vnet_get_main ();
946  int rv;
948 
949  if (sm->deterministic)
951 
952  addr.as_u32 = 0;
953 
954  /* Get a line of input. */
955  if (!unformat_user (input, unformat_line_input, line_input))
956  return 0;
957 
958  while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
959  {
960  if (unformat (line_input, "%U", unformat_ip4_address, &addr))
961  ;
962  else if (unformat (line_input, "external %U",
963  unformat_vnet_sw_interface, vnm, &sw_if_index))
964  ;
965  else if (unformat (line_input, "vrf %u", &vrf_id))
966  ;
967  else if (unformat (line_input, "%U %u", unformat_snat_protocol, &proto,
968  &port))
969  addr_only = 0;
970  else if (unformat (line_input, "del"))
971  is_add = 0;
972  else
973  {
974  error = clib_error_return (0, "unknown input: '%U'",
975  format_unformat_error, line_input);
976  goto done;
977  }
978  }
979 
980  rv = snat_add_static_mapping (addr, addr, (u16) port, (u16) port,
981  vrf_id, addr_only, sw_if_index, proto, is_add,
982  0, 0, 0, 1);
983 
984  switch (rv)
985  {
986  case VNET_API_ERROR_INVALID_VALUE:
987  error = clib_error_return (0, "External port already in use.");
988  goto done;
989  case VNET_API_ERROR_NO_SUCH_ENTRY:
990  if (is_add)
991  error = clib_error_return (0, "External address must be allocated.");
992  else
993  error = clib_error_return (0, "Mapping not exist.");
994  goto done;
995  case VNET_API_ERROR_NO_SUCH_FIB:
996  error = clib_error_return (0, "No such VRF id.");
997  goto done;
998  case VNET_API_ERROR_VALUE_EXIST:
999  error = clib_error_return (0, "Mapping already exist.");
1000  goto done;
1001  default:
1002  break;
1003  }
1004 
1005 done:
1006  unformat_free (line_input);
1007 
1008  return error;
1009 }
1010 
1011 static clib_error_t *
1013  unformat_input_t * input,
1014  vlib_cli_command_t * cmd)
1015 {
1016  unformat_input_t _line_input, *line_input = &_line_input;
1017  snat_main_t *sm = &snat_main;
1018  clib_error_t *error = 0;
1019  ip4_address_t l_addr, e_addr;
1020  u32 l_port = 0, e_port = 0, vrf_id = 0, probability = 0, affinity = 0;
1021  int is_add = 1;
1022  int rv;
1024  u8 proto_set = 0;
1025  nat44_lb_addr_port_t *locals = 0, local;
1027  u8 out2in_only = 0;
1028 
1029  if (sm->deterministic)
1031 
1032  /* Get a line of input. */
1033  if (!unformat_user (input, unformat_line_input, line_input))
1034  return 0;
1035 
1036  while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1037  {
1038  if (unformat (line_input, "local %U:%u probability %u",
1039  unformat_ip4_address, &l_addr, &l_port, &probability))
1040  {
1041  clib_memset (&local, 0, sizeof (local));
1042  local.addr = l_addr;
1043  local.port = (u16) l_port;
1044  local.probability = (u8) probability;
1045  vec_add1 (locals, local);
1046  }
1047  else if (unformat (line_input, "local %U:%u vrf %u probability %u",
1048  unformat_ip4_address, &l_addr, &l_port, &vrf_id,
1049  &probability))
1050  {
1051  clib_memset (&local, 0, sizeof (local));
1052  local.addr = l_addr;
1053  local.port = (u16) l_port;
1054  local.probability = (u8) probability;
1055  local.vrf_id = vrf_id;
1056  vec_add1 (locals, local);
1057  }
1058  else if (unformat (line_input, "external %U:%u", unformat_ip4_address,
1059  &e_addr, &e_port))
1060  ;
1061  else if (unformat (line_input, "protocol %U", unformat_snat_protocol,
1062  &proto))
1063  proto_set = 1;
1064  else if (unformat (line_input, "twice-nat"))
1065  twice_nat = TWICE_NAT;
1066  else if (unformat (line_input, "self-twice-nat"))
1067  twice_nat = TWICE_NAT_SELF;
1068  else if (unformat (line_input, "out2in-only"))
1069  out2in_only = 1;
1070  else if (unformat (line_input, "del"))
1071  is_add = 0;
1072  else if (unformat (line_input, "affinity %u", &affinity))
1073  ;
1074  else
1075  {
1076  error = clib_error_return (0, "unknown input: '%U'",
1077  format_unformat_error, line_input);
1078  goto done;
1079  }
1080  }
1081 
1082  if (vec_len (locals) < 2)
1083  {
1084  error = clib_error_return (0, "at least two local must be set");
1085  goto done;
1086  }
1087 
1088  if (!proto_set)
1089  {
1090  error = clib_error_return (0, "missing protocol");
1091  goto done;
1092  }
1093 
1094  rv = nat44_add_del_lb_static_mapping (e_addr, (u16) e_port, proto, locals,
1095  is_add, twice_nat, out2in_only, 0,
1096  affinity);
1097 
1098  switch (rv)
1099  {
1100  case VNET_API_ERROR_INVALID_VALUE:
1101  error = clib_error_return (0, "External port already in use.");
1102  goto done;
1103  case VNET_API_ERROR_NO_SUCH_ENTRY:
1104  if (is_add)
1105  error = clib_error_return (0, "External address must be allocated.");
1106  else
1107  error = clib_error_return (0, "Mapping not exist.");
1108  goto done;
1109  case VNET_API_ERROR_VALUE_EXIST:
1110  error = clib_error_return (0, "Mapping already exist.");
1111  goto done;
1112  case VNET_API_ERROR_FEATURE_DISABLED:
1113  error =
1114  clib_error_return (0, "Available only for endpoint-dependent mode.");
1115  goto done;
1116  default:
1117  break;
1118  }
1119 
1120 done:
1121  unformat_free (line_input);
1122  vec_free (locals);
1123 
1124  return error;
1125 }
1126 
1127 static clib_error_t *
1129  unformat_input_t * input, vlib_cli_command_t * cmd)
1130 {
1131  unformat_input_t _line_input, *line_input = &_line_input;
1132  snat_main_t *sm = &snat_main;
1133  clib_error_t *error = 0;
1134  ip4_address_t l_addr, e_addr;
1135  u32 l_port = 0, e_port = 0, vrf_id = 0, probability = 0;
1136  int is_add = 1;
1137  int rv;
1139  u8 proto_set = 0;
1140 
1141  if (sm->deterministic)
1143 
1144  /* Get a line of input. */
1145  if (!unformat_user (input, unformat_line_input, line_input))
1146  return 0;
1147 
1148  while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1149  {
1150  if (unformat (line_input, "local %U:%u probability %u",
1151  unformat_ip4_address, &l_addr, &l_port, &probability))
1152  ;
1153  else if (unformat (line_input, "local %U:%u vrf %u probability %u",
1154  unformat_ip4_address, &l_addr, &l_port, &vrf_id,
1155  &probability))
1156  ;
1157  else if (unformat (line_input, "external %U:%u", unformat_ip4_address,
1158  &e_addr, &e_port))
1159  ;
1160  else if (unformat (line_input, "protocol %U", unformat_snat_protocol,
1161  &proto))
1162  proto_set = 1;
1163  else if (unformat (line_input, "del"))
1164  is_add = 0;
1165  else
1166  {
1167  error = clib_error_return (0, "unknown input: '%U'",
1168  format_unformat_error, line_input);
1169  goto done;
1170  }
1171  }
1172 
1173  if (!l_port || !e_port)
1174  {
1175  error = clib_error_return (0, "local or external must be set");
1176  goto done;
1177  }
1178 
1179  if (!proto_set)
1180  {
1181  error = clib_error_return (0, "missing protocol");
1182  goto done;
1183  }
1184 
1185  rv =
1186  nat44_lb_static_mapping_add_del_local (e_addr, (u16) e_port, l_addr,
1187  l_port, proto, vrf_id, probability,
1188  is_add);
1189 
1190  switch (rv)
1191  {
1192  case VNET_API_ERROR_INVALID_VALUE:
1193  error = clib_error_return (0, "External is not load-balancing static "
1194  "mapping.");
1195  goto done;
1196  case VNET_API_ERROR_NO_SUCH_ENTRY:
1197  error = clib_error_return (0, "Mapping or back-end not exist.");
1198  goto done;
1199  case VNET_API_ERROR_VALUE_EXIST:
1200  error = clib_error_return (0, "Back-end already exist.");
1201  goto done;
1202  case VNET_API_ERROR_FEATURE_DISABLED:
1203  error =
1204  clib_error_return (0, "Available only for endpoint-dependent mode.");
1205  goto done;
1206  case VNET_API_ERROR_UNSPECIFIED:
1207  error = clib_error_return (0, "At least two back-ends must remain");
1208  goto done;
1209  default:
1210  break;
1211  }
1212 
1213 done:
1214  unformat_free (line_input);
1215 
1216  return error;
1217 }
1218 
1219 static clib_error_t *
1221  unformat_input_t * input,
1222  vlib_cli_command_t * cmd)
1223 {
1224  snat_main_t *sm = &snat_main;
1227 
1228  if (sm->deterministic)
1230 
1231  vlib_cli_output (vm, "NAT44 static mappings:");
1232  /* *INDENT-OFF* */
1233  pool_foreach (m, sm->static_mappings,
1234  ({
1235  vlib_cli_output (vm, " %U", format_snat_static_mapping, m);
1236  }));
1237  vec_foreach (rp, sm->to_resolve)
1239  /* *INDENT-ON* */
1240 
1241  return 0;
1242 }
1243 
1244 static clib_error_t *
1246  unformat_input_t * input,
1247  vlib_cli_command_t * cmd)
1248 {
1249  snat_main_t *sm = &snat_main;
1250  unformat_input_t _line_input, *line_input = &_line_input;
1251  u32 sw_if_index;
1252  int rv;
1253  int is_del = 0;
1254  clib_error_t *error = 0;
1255  u8 twice_nat = 0;
1256 
1257  if (sm->deterministic)
1259 
1260  /* Get a line of input. */
1261  if (!unformat_user (input, unformat_line_input, line_input))
1262  return 0;
1263 
1264  while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1265  {
1266  if (unformat (line_input, "%U", unformat_vnet_sw_interface,
1267  sm->vnet_main, &sw_if_index))
1268  ;
1269  else if (unformat (line_input, "twice-nat"))
1270  twice_nat = 1;
1271  else if (unformat (line_input, "del"))
1272  is_del = 1;
1273  else
1274  {
1275  error = clib_error_return (0, "unknown input '%U'",
1276  format_unformat_error, line_input);
1277  goto done;
1278  }
1279  }
1280 
1281  rv = snat_add_interface_address (sm, sw_if_index, is_del, twice_nat);
1282 
1283  switch (rv)
1284  {
1285  case 0:
1286  break;
1287 
1288  default:
1289  error = clib_error_return (0, "snat_add_interface_address returned %d",
1290  rv);
1291  goto done;
1292  }
1293 
1294 done:
1295  unformat_free (line_input);
1296 
1297  return error;
1298 }
1299 
1300 static clib_error_t *
1302  unformat_input_t * input,
1303  vlib_cli_command_t * cmd)
1304 {
1305  snat_main_t *sm = &snat_main;
1306  vnet_main_t *vnm = vnet_get_main ();
1307  u32 *sw_if_index;
1308 
1309  if (sm->deterministic)
1311 
1312  /* *INDENT-OFF* */
1313  vlib_cli_output (vm, "NAT44 pool address interfaces:");
1314  vec_foreach (sw_if_index, sm->auto_add_sw_if_indices)
1315  {
1317  *sw_if_index);
1318  }
1319  vlib_cli_output (vm, "NAT44 twice-nat pool address interfaces:");
1321  {
1323  *sw_if_index);
1324  }
1325  /* *INDENT-ON* */
1326 
1327  return 0;
1328 }
1329 
1330 static clib_error_t *
1332  vlib_cli_command_t * cmd)
1333 {
1334  int verbose = 0;
1335  snat_main_t *sm = &snat_main;
1337  snat_user_t *u;
1338  int i = 0;
1339 
1340  if (sm->deterministic)
1342 
1343  if (unformat (input, "detail"))
1344  verbose = 1;
1345 
1346  vlib_cli_output (vm, "NAT44 sessions:");
1347 
1348  /* *INDENT-OFF* */
1350  {
1351  tsm = vec_elt_at_index (sm->per_thread_data, i);
1352 
1353  vlib_cli_output (vm, "-------- thread %d %s: %d sessions --------\n",
1354  i, vlib_worker_threads[i].name,
1355  pool_elts (tsm->sessions));
1356  pool_foreach (u, tsm->users,
1357  ({
1358  vlib_cli_output (vm, " %U", format_snat_user, tsm, u, verbose);
1359  }));
1360  }
1361  /* *INDENT-ON* */
1362 
1363  return 0;
1364 }
1365 
1366 static clib_error_t *
1368  unformat_input_t * input,
1369  vlib_cli_command_t * cmd)
1370 {
1371  snat_main_t *sm = &snat_main;
1372  unformat_input_t _line_input, *line_input = &_line_input;
1373  int is_in = 0, is_ed = 0;
1374  clib_error_t *error = 0;
1375  ip4_address_t addr, eh_addr;
1376  u32 port = 0, eh_port = 0, vrf_id = sm->outside_vrf_id;
1378  int rv;
1379 
1380  if (sm->deterministic)
1382 
1383  /* Get a line of input. */
1384  if (!unformat_user (input, unformat_line_input, line_input))
1385  return 0;
1386 
1387  while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1388  {
1389  if (unformat
1390  (line_input, "%U:%u %U", unformat_ip4_address, &addr, &port,
1391  unformat_snat_protocol, &proto))
1392  ;
1393  else if (unformat (line_input, "in"))
1394  {
1395  is_in = 1;
1396  vrf_id = sm->inside_vrf_id;
1397  }
1398  else if (unformat (line_input, "out"))
1399  {
1400  is_in = 0;
1401  vrf_id = sm->outside_vrf_id;
1402  }
1403  else if (unformat (line_input, "vrf %u", &vrf_id))
1404  ;
1405  else
1406  if (unformat
1407  (line_input, "external-host %U:%u", unformat_ip4_address,
1408  &eh_addr, &eh_port))
1409  is_ed = 1;
1410  else
1411  {
1412  error = clib_error_return (0, "unknown input '%U'",
1413  format_unformat_error, line_input);
1414  goto done;
1415  }
1416  }
1417 
1418  if (is_ed)
1419  rv =
1420  nat44_del_ed_session (sm, &addr, port, &eh_addr, eh_port,
1421  snat_proto_to_ip_proto (proto), vrf_id, is_in);
1422  else
1423  rv = nat44_del_session (sm, &addr, port, proto, vrf_id, is_in);
1424 
1425  switch (rv)
1426  {
1427  case 0:
1428  break;
1429 
1430  default:
1431  error = clib_error_return (0, "nat44_del_session returned %d", rv);
1432  goto done;
1433  }
1434 
1435 done:
1436  unformat_free (line_input);
1437 
1438  return error;
1439 }
1440 
1441 static clib_error_t *
1443  unformat_input_t * input,
1444  vlib_cli_command_t * cmd)
1445 {
1446  snat_main_t *sm = &snat_main;
1447  unformat_input_t _line_input, *line_input = &_line_input;
1448  u8 forwarding_enable;
1449  u8 forwarding_enable_set = 0;
1450  clib_error_t *error = 0;
1451 
1452  if (sm->deterministic)
1454 
1455  /* Get a line of input. */
1456  if (!unformat_user (input, unformat_line_input, line_input))
1457  return clib_error_return (0, "'enable' or 'disable' expected");
1458 
1459  while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1460  {
1461  if (!forwarding_enable_set && unformat (line_input, "enable"))
1462  {
1463  forwarding_enable = 1;
1464  forwarding_enable_set = 1;
1465  }
1466  else if (!forwarding_enable_set && unformat (line_input, "disable"))
1467  {
1468  forwarding_enable = 0;
1469  forwarding_enable_set = 1;
1470  }
1471  else
1472  {
1473  error = clib_error_return (0, "unknown input '%U'",
1474  format_unformat_error, line_input);
1475  goto done;
1476  }
1477  }
1478 
1479  if (!forwarding_enable_set)
1480  {
1481  error = clib_error_return (0, "'enable' or 'disable' expected");
1482  goto done;
1483  }
1484 
1485  sm->forwarding_enabled = forwarding_enable;
1486 
1487 done:
1488  unformat_free (line_input);
1489 
1490  return error;
1491 }
1492 
1493 static clib_error_t *
1495  unformat_input_t * input, vlib_cli_command_t * cmd)
1496 {
1497  snat_main_t *sm = &snat_main;
1498  unformat_input_t _line_input, *line_input = &_line_input;
1499  ip4_address_t in_addr, out_addr;
1500  u32 in_plen, out_plen;
1501  int is_add = 1, rv;
1502  clib_error_t *error = 0;
1503 
1504  if (!sm->deterministic)
1506 
1507  /* Get a line of input. */
1508  if (!unformat_user (input, unformat_line_input, line_input))
1509  return 0;
1510 
1511  while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1512  {
1513  if (unformat
1514  (line_input, "in %U/%u", unformat_ip4_address, &in_addr, &in_plen))
1515  ;
1516  else
1517  if (unformat
1518  (line_input, "out %U/%u", unformat_ip4_address, &out_addr,
1519  &out_plen))
1520  ;
1521  else if (unformat (line_input, "del"))
1522  is_add = 0;
1523  else
1524  {
1525  error = clib_error_return (0, "unknown input '%U'",
1526  format_unformat_error, line_input);
1527  goto done;
1528  }
1529  }
1530 
1531  if (in_plen > 32 || out_plen > 32)
1532  {
1533  error = clib_error_return (0, "network prefix length must be <= 32");
1534  goto done;
1535  }
1536 
1537  rv = snat_det_add_map (sm, &in_addr, in_plen, &out_addr, out_plen, is_add);
1538 
1539  if (rv)
1540  {
1541  error = clib_error_return (0, "snat_det_add_map return %d", rv);
1542  goto done;
1543  }
1544 
1545 done:
1546  unformat_free (line_input);
1547 
1548  return error;
1549 }
1550 
1551 static clib_error_t *
1553  unformat_input_t * input,
1554  vlib_cli_command_t * cmd)
1555 {
1556  snat_main_t *sm = &snat_main;
1557  snat_det_map_t *dm;
1558 
1559  if (!sm->deterministic)
1561 
1562  vlib_cli_output (vm, "NAT44 deterministic mappings:");
1563  /* *INDENT-OFF* */
1564  pool_foreach (dm, sm->det_maps,
1565  ({
1566  vlib_cli_output (vm, " in %U/%d out %U/%d\n",
1567  format_ip4_address, &dm->in_addr, dm->in_plen,
1568  format_ip4_address, &dm->out_addr, dm->out_plen);
1569  vlib_cli_output (vm, " outside address sharing ratio: %d\n",
1570  dm->sharing_ratio);
1571  vlib_cli_output (vm, " number of ports per inside host: %d\n",
1572  dm->ports_per_host);
1573  vlib_cli_output (vm, " sessions number: %d\n", dm->ses_num);
1574  }));
1575  /* *INDENT-ON* */
1576 
1577  return 0;
1578 }
1579 
1580 static clib_error_t *
1582  unformat_input_t * input,
1583  vlib_cli_command_t * cmd)
1584 {
1585  snat_main_t *sm = &snat_main;
1586  unformat_input_t _line_input, *line_input = &_line_input;
1587  ip4_address_t in_addr, out_addr;
1588  u16 lo_port;
1589  snat_det_map_t *dm;
1590  clib_error_t *error = 0;
1591 
1592  if (!sm->deterministic)
1594 
1595  /* Get a line of input. */
1596  if (!unformat_user (input, unformat_line_input, line_input))
1597  return 0;
1598 
1599  while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1600  {
1601  if (unformat (line_input, "%U", unformat_ip4_address, &in_addr))
1602  ;
1603  else
1604  {
1605  error = clib_error_return (0, "unknown input '%U'",
1606  format_unformat_error, line_input);
1607  goto done;
1608  }
1609  }
1610 
1611  dm = snat_det_map_by_user (sm, &in_addr);
1612  if (!dm)
1613  vlib_cli_output (vm, "no match");
1614  else
1615  {
1616  snat_det_forward (dm, &in_addr, &out_addr, &lo_port);
1617  vlib_cli_output (vm, "%U:<%d-%d>", format_ip4_address, &out_addr,
1618  lo_port, lo_port + dm->ports_per_host - 1);
1619  }
1620 
1621 done:
1622  unformat_free (line_input);
1623 
1624  return error;
1625 }
1626 
1627 static clib_error_t *
1629  unformat_input_t * input,
1630  vlib_cli_command_t * cmd)
1631 {
1632  snat_main_t *sm = &snat_main;
1633  unformat_input_t _line_input, *line_input = &_line_input;
1634  ip4_address_t in_addr, out_addr;
1635  u32 out_port;
1636  snat_det_map_t *dm;
1637  clib_error_t *error = 0;
1638 
1639  if (!sm->deterministic)
1641 
1642  /* Get a line of input. */
1643  if (!unformat_user (input, unformat_line_input, line_input))
1644  return 0;
1645 
1646  while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1647  {
1648  if (unformat
1649  (line_input, "%U:%d", unformat_ip4_address, &out_addr, &out_port))
1650  ;
1651  else
1652  {
1653  error = clib_error_return (0, "unknown input '%U'",
1654  format_unformat_error, line_input);
1655  goto done;
1656  }
1657  }
1658 
1659  if (out_port < 1024 || out_port > 65535)
1660  {
1661  error = clib_error_return (0, "wrong port, must be <1024-65535>");
1662  goto done;
1663  }
1664 
1665  dm = snat_det_map_by_out (sm, &out_addr);
1666  if (!dm)
1667  vlib_cli_output (vm, "no match");
1668  else
1669  {
1670  snat_det_reverse (dm, &out_addr, (u16) out_port, &in_addr);
1671  vlib_cli_output (vm, "%U", format_ip4_address, &in_addr);
1672  }
1673 
1674 done:
1675  unformat_free (line_input);
1676 
1677  return error;
1678 }
1679 
1680 static clib_error_t *
1682  unformat_input_t * input, vlib_cli_command_t * cmd)
1683 {
1684  snat_main_t *sm = &snat_main;
1685  unformat_input_t _line_input, *line_input = &_line_input;
1686  clib_error_t *error = 0;
1687 
1688  /* Get a line of input. */
1689  if (!unformat_user (input, unformat_line_input, line_input))
1690  return 0;
1691 
1692  while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1693  {
1694  if (unformat (line_input, "udp %u", &sm->udp_timeout))
1695  {
1697  {
1698  error = clib_error_return (0, "Invalid UDP timeout value");
1699  goto done;
1700  }
1701  }
1702  else if (unformat (line_input, "tcp-established %u",
1704  {
1707  {
1708  error =
1709  clib_error_return (0,
1710  "Invalid TCP established timeouts value");
1711  goto done;
1712  }
1713  }
1714  else if (unformat (line_input, "tcp-transitory %u",
1715  &sm->tcp_transitory_timeout))
1716  {
1719  {
1720  error =
1721  clib_error_return (0,
1722  "Invalid TCP transitory timeouts value");
1723  goto done;
1724  }
1725  }
1726  else if (unformat (line_input, "icmp %u", &sm->icmp_timeout))
1727  {
1729  {
1730  error = clib_error_return (0, "Invalid ICMP timeout value");
1731  goto done;
1732  }
1733  }
1734  else if (unformat (line_input, "reset"))
1735  {
1742  nat64_set_tcp_timeouts (0, 0);
1743  }
1744  else
1745  {
1746  error = clib_error_return (0, "unknown input '%U'",
1747  format_unformat_error, line_input);
1748  goto done;
1749  }
1750  }
1751 
1752 done:
1753  unformat_free (line_input);
1754 
1755  return error;
1756 }
1757 
1758 static clib_error_t *
1760  unformat_input_t * input,
1761  vlib_cli_command_t * cmd)
1762 {
1763  snat_main_t *sm = &snat_main;
1764 
1765  vlib_cli_output (vm, "udp timeout: %dsec", sm->udp_timeout);
1766  vlib_cli_output (vm, "tcp-established timeout: %dsec",
1768  vlib_cli_output (vm, "tcp-transitory timeout: %dsec",
1770  vlib_cli_output (vm, "icmp timeout: %dsec", sm->icmp_timeout);
1771 
1772  return 0;
1773 }
1774 
1775 static clib_error_t *
1777  unformat_input_t * input,
1778  vlib_cli_command_t * cmd)
1779 {
1780  snat_main_t *sm = &snat_main;
1781  snat_det_map_t *dm;
1782  snat_det_session_t *ses;
1783  int i;
1784 
1785  if (!sm->deterministic)
1787 
1788  vlib_cli_output (vm, "NAT44 deterministic sessions:");
1789  /* *INDENT-OFF* */
1790  pool_foreach (dm, sm->det_maps,
1791  ({
1792  vec_foreach_index (i, dm->sessions)
1793  {
1794  ses = vec_elt_at_index (dm->sessions, i);
1795  if (ses->in_port)
1796  vlib_cli_output (vm, " %U", format_det_map_ses, dm, ses, &i);
1797  }
1798  }));
1799  /* *INDENT-ON* */
1800  return 0;
1801 }
1802 
1803 static clib_error_t *
1805  unformat_input_t * input,
1806  vlib_cli_command_t * cmd)
1807 {
1808  snat_main_t *sm = &snat_main;
1809  unformat_input_t _line_input, *line_input = &_line_input;
1810  ip4_address_t out_addr, ext_addr, in_addr;
1811  u32 out_port, ext_port;
1812  snat_det_map_t *dm;
1813  snat_det_session_t *ses;
1815  clib_error_t *error = 0;
1816 
1817  if (!sm->deterministic)
1819 
1820  /* Get a line of input. */
1821  if (!unformat_user (input, unformat_line_input, line_input))
1822  return 0;
1823 
1824  while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1825  {
1826  if (unformat (line_input, "%U:%d %U:%d",
1827  unformat_ip4_address, &out_addr, &out_port,
1828  unformat_ip4_address, &ext_addr, &ext_port))
1829  ;
1830  else
1831  {
1832  error = clib_error_return (0, "unknown input '%U'",
1833  format_unformat_error, line_input);
1834  goto done;
1835  }
1836  }
1837 
1838  unformat_free (line_input);
1839 
1840  dm = snat_det_map_by_out (sm, &out_addr);
1841  if (!dm)
1842  vlib_cli_output (vm, "no match");
1843  else
1844  {
1845  snat_det_reverse (dm, &ext_addr, (u16) out_port, &in_addr);
1846  key.ext_host_addr = out_addr;
1847  key.ext_host_port = ntohs ((u16) ext_port);
1848  key.out_port = ntohs ((u16) out_port);
1849  ses = snat_det_get_ses_by_out (dm, &out_addr, key.as_u64);
1850  if (!ses)
1851  vlib_cli_output (vm, "no match");
1852  else
1853  snat_det_ses_close (dm, ses);
1854  }
1855 
1856 done:
1857  unformat_free (line_input);
1858 
1859  return error;
1860 }
1861 
1862 static clib_error_t *
1864  unformat_input_t * input,
1865  vlib_cli_command_t * cmd)
1866 {
1867  snat_main_t *sm = &snat_main;
1868  unformat_input_t _line_input, *line_input = &_line_input;
1869  ip4_address_t in_addr, ext_addr;
1870  u32 in_port, ext_port;
1871  snat_det_map_t *dm;
1872  snat_det_session_t *ses;
1874  clib_error_t *error = 0;
1875 
1876  if (!sm->deterministic)
1878 
1879  /* Get a line of input. */
1880  if (!unformat_user (input, unformat_line_input, line_input))
1881  return 0;
1882 
1883  while (unformat_check_input (line_input) != UNFORMAT_END_OF_INPUT)
1884  {
1885  if (unformat (line_input, "%U:%d %U:%d",
1886  unformat_ip4_address, &in_addr, &in_port,
1887  unformat_ip4_address, &ext_addr, &ext_port))
1888  ;
1889  else
1890  {
1891  error = clib_error_return (0, "unknown input '%U'",
1892  format_unformat_error, line_input);
1893  goto done;
1894  }
1895  }
1896 
1897  unformat_free (line_input);
1898 
1899  dm = snat_det_map_by_user (sm, &in_addr);
1900  if (!dm)
1901  vlib_cli_output (vm, "no match");
1902  else
1903  {
1904  key.ext_host_addr = ext_addr;
1905  key.ext_host_port = ntohs ((u16) ext_port);
1906  ses =
1907  snat_det_find_ses_by_in (dm, &in_addr, ntohs ((u16) in_port), key);
1908  if (!ses)
1909  vlib_cli_output (vm, "no match");
1910  else
1911  snat_det_ses_close (dm, ses);
1912  }
1913 
1914 done:
1915  unformat_free (line_input);
1916 
1917  return error;
1918 }
1919 /* *INDENT-OFF* */
1920 
1921 /*?
1922  * @cliexpar
1923  * @cliexstart{set snat workers}
1924  * Set NAT workers if 2 or more workers available, use:
1925  * vpp# set snat workers 0-2,5
1926  * @cliexend
1927 ?*/
1928 VLIB_CLI_COMMAND (set_workers_command, static) = {
1929  .path = "set nat workers",
1930  .function = set_workers_command_fn,
1931  .short_help = "set nat workers <workers-list>",
1932 };
1933 
1934 /*?
1935  * @cliexpar
1936  * @cliexstart{show nat workers}
1937  * Show NAT workers.
1938  * vpp# show nat workers:
1939  * 2 workers
1940  * vpp_wk_0
1941  * vpp_wk_1
1942  * @cliexend
1943 ?*/
1944 VLIB_CLI_COMMAND (nat_show_workers_command, static) = {
1945  .path = "show nat workers",
1946  .short_help = "show nat workers",
1947  .function = nat_show_workers_commnad_fn,
1948 };
1949 
1950 /*?
1951  * @cliexpar
1952  * @cliexstart{set nat timeout}
1953  * Set values of timeouts for NAT sessions (in seconds), use:
1954  * vpp# set nat timeout udp 120 tcp-established 7500 tcp-transitory 250 icmp 90
1955  * To reset default values use:
1956  * vpp# set nat44 deterministic timeout reset
1957  * @cliexend
1958 ?*/
1959 VLIB_CLI_COMMAND (set_timeout_command, static) = {
1960  .path = "set nat timeout",
1961  .function = set_timeout_command_fn,
1962  .short_help =
1963  "set nat timeout [udp <sec> | tcp-established <sec> "
1964  "tcp-transitory <sec> | icmp <sec> | reset]",
1965 };
1966 
1967 /*?
1968  * @cliexpar
1969  * @cliexstart{show nat timeouts}
1970  * Show values of timeouts for NAT sessions.
1971  * vpp# show nat timeouts
1972  * udp timeout: 300sec
1973  * tcp-established timeout: 7440sec
1974  * tcp-transitory timeout: 240sec
1975  * icmp timeout: 60sec
1976  * @cliexend
1977 ?*/
1978 VLIB_CLI_COMMAND (nat_show_timeouts_command, static) = {
1979  .path = "show nat timeouts",
1980  .short_help = "show nat timeouts",
1981  .function = nat_show_timeouts_command_fn,
1982 };
1983 
1984 /*?
1985  * @cliexpar
1986  * @cliexstart{nat set logging level}
1987  * To set NAT logging level use:
1988  * Set nat logging level
1989  * @cliexend
1990 ?*/
1991 VLIB_CLI_COMMAND (snat_set_log_level_command, static) = {
1992  .path = "nat set logging level",
1993  .function = snat_set_log_level_command_fn,
1994  .short_help = "nat set logging level <level>",
1995 };
1996 
1997 /*?
1998  * @cliexpar
1999  * @cliexstart{snat ipfix logging}
2000  * To enable NAT IPFIX logging use:
2001  * vpp# nat ipfix logging
2002  * To set IPFIX exporter use:
2003  * vpp# set ipfix exporter collector 10.10.10.3 src 10.10.10.1
2004  * @cliexend
2005 ?*/
2006 VLIB_CLI_COMMAND (snat_ipfix_logging_enable_disable_command, static) = {
2007  .path = "nat ipfix logging",
2009  .short_help = "nat ipfix logging [domain <domain-id>] [src-port <port>] [disable]",
2010 };
2011 
2012 /*?
2013  * @cliexpar
2014  * @cliexstart{nat addr-port-assignment-alg}
2015  * Set address and port assignment algorithm
2016  * For the MAP-E CE limit port choice based on PSID use:
2017  * vpp# nat addr-port-assignment-alg map-e psid 10 psid-offset 6 psid-len 6
2018  * For port range use:
2019  * vpp# nat addr-port-assignment-alg port-range <start-port> - <end-port>
2020  * To set standard (default) address and port assignment algorithm use:
2021  * vpp# nat addr-port-assignment-alg default
2022  * @cliexend
2023 ?*/
2024 VLIB_CLI_COMMAND (nat44_set_alloc_addr_and_port_alg_command, static) = {
2025  .path = "nat addr-port-assignment-alg",
2026  .short_help = "nat addr-port-assignment-alg <alg-name> [<alg-params>]",
2028 };
2029 
2030 /*?
2031  * @cliexpar
2032  * @cliexstart{show nat addr-port-assignment-alg}
2033  * Show address and port assignment algorithm
2034  * @cliexend
2035 ?*/
2036 VLIB_CLI_COMMAND (nat44_show_alloc_addr_and_port_alg_command, static) = {
2037  .path = "show nat addr-port-assignment-alg",
2038  .short_help = "show nat addr-port-assignment-alg",
2040 };
2041 
2042 /*?
2043  * @cliexpar
2044  * @cliexstart{nat mss-clamping}
2045  * Set TCP MSS rewriting configuration
2046  * To enable TCP MSS rewriting use:
2047  * vpp# nat mss-clamping 1452
2048  * To disbale TCP MSS rewriting use:
2049  * vpp# nat mss-clamping disable
2050  * @cliexend
2051 ?*/
2052 VLIB_CLI_COMMAND (nat_set_mss_clamping_command, static) = {
2053  .path = "nat mss-clamping",
2054  .short_help = "nat mss-clamping <mss-value>|disable",
2055  .function = nat_set_mss_clamping_command_fn,
2056 };
2057 
2058 /*?
2059  * @cliexpar
2060  * @cliexstart{show nat mss-clamping}
2061  * Show TCP MSS rewriting configuration
2062  * @cliexend
2063 ?*/
2064 VLIB_CLI_COMMAND (nat_show_mss_clamping_command, static) = {
2065  .path = "show nat mss-clamping",
2066  .short_help = "show nat mss-clamping",
2068 };
2069 
2070 /*?
2071  * @cliexpar
2072  * @cliexstart{nat ha failover}
2073  * Set HA failover (remote settings)
2074  * @cliexend
2075 ?*/
2076 VLIB_CLI_COMMAND (nat_ha_failover_command, static) = {
2077  .path = "nat ha failover",
2078  .short_help = "nat ha failover <ip4-address>:<port> [refresh-interval <sec>]",
2079  .function = nat_ha_failover_command_fn,
2080 };
2081 
2082 /*?
2083  * @cliexpar
2084  * @cliexstart{nat ha listener}
2085  * Set HA listener (local settings)
2086  * @cliexend
2087 ?*/
2088 VLIB_CLI_COMMAND (nat_ha_listener_command, static) = {
2089  .path = "nat ha listener",
2090  .short_help = "nat ha listener <ip4-address>:<port> [path-mtu <path-mtu>]",
2091  .function = nat_ha_listener_command_fn,
2092 };
2093 
2094 /*?
2095  * @cliexpar
2096  * @cliexstart{show nat ha}
2097  * Show HA configuration/status
2098  * @cliexend
2099 ?*/
2100 VLIB_CLI_COMMAND (nat_show_ha_command, static) = {
2101  .path = "show nat ha",
2102  .short_help = "show nat ha",
2103  .function = nat_show_ha_command_fn,
2104 };
2105 
2106 /*?
2107  * @cliexpar
2108  * @cliexstart{nat ha flush}
2109  * Flush the current HA data (for testing)
2110  * @cliexend
2111 ?*/
2112 VLIB_CLI_COMMAND (nat_ha_flush_command, static) = {
2113  .path = "nat ha flush",
2114  .short_help = "nat ha flush",
2115  .function = nat_ha_flush_command_fn,
2116 };
2117 
2118 /*?
2119  * @cliexpar
2120  * @cliexstart{nat ha resync}
2121  * Resync HA (resend existing sessions to new failover)
2122  * @cliexend
2123 ?*/
2124 VLIB_CLI_COMMAND (nat_ha_resync_command, static) = {
2125  .path = "nat ha resync",
2126  .short_help = "nat ha resync",
2127  .function = nat_ha_resync_command_fn,
2128 };
2129 
2130 /*?
2131  * @cliexpar
2132  * @cliexstart{show nat44 hash tables}
2133  * Show NAT44 hash tables
2134  * @cliexend
2135 ?*/
2136 VLIB_CLI_COMMAND (nat44_show_hash, static) = {
2137  .path = "show nat44 hash tables",
2138  .short_help = "show nat44 hash tables [detail|verbose]",
2139  .function = nat44_show_hash_commnad_fn,
2140 };
2141 
2142 /*?
2143  * @cliexpar
2144  * @cliexstart{nat44 add address}
2145  * Add/delete NAT44 pool address.
2146  * To add NAT44 pool address use:
2147  * vpp# nat44 add address 172.16.1.3
2148  * vpp# nat44 add address 172.16.2.2 - 172.16.2.24
2149  * To add NAT44 pool address for specific tenant (identified by VRF id) use:
2150  * vpp# nat44 add address 172.16.1.3 tenant-vrf 10
2151  * @cliexend
2152 ?*/
2153 VLIB_CLI_COMMAND (add_address_command, static) = {
2154  .path = "nat44 add address",
2155  .short_help = "nat44 add address <ip4-range-start> [- <ip4-range-end>] "
2156  "[tenant-vrf <vrf-id>] [twice-nat] [del]",
2157  .function = add_address_command_fn,
2158 };
2159 
2160 /*?
2161  * @cliexpar
2162  * @cliexstart{show nat44 addresses}
2163  * Show NAT44 pool addresses.
2164  * vpp# show nat44 addresses
2165  * NAT44 pool addresses:
2166  * 172.16.2.2
2167  * tenant VRF independent
2168  * 10 busy udp ports
2169  * 0 busy tcp ports
2170  * 0 busy icmp ports
2171  * 172.16.1.3
2172  * tenant VRF: 10
2173  * 0 busy udp ports
2174  * 2 busy tcp ports
2175  * 0 busy icmp ports
2176  * NAT44 twice-nat pool addresses:
2177  * 10.20.30.72
2178  * tenant VRF independent
2179  * 0 busy udp ports
2180  * 0 busy tcp ports
2181  * 0 busy icmp ports
2182  * @cliexend
2183 ?*/
2184 VLIB_CLI_COMMAND (nat44_show_addresses_command, static) = {
2185  .path = "show nat44 addresses",
2186  .short_help = "show nat44 addresses",
2187  .function = nat44_show_addresses_command_fn,
2188 };
2189 
2190 /*?
2191  * @cliexpar
2192  * @cliexstart{set interface nat44}
2193  * Enable/disable NAT44 feature on the interface.
2194  * To enable NAT44 feature with local network interface use:
2195  * vpp# set interface nat44 in GigabitEthernet0/8/0
2196  * To enable NAT44 feature with external network interface use:
2197  * vpp# set interface nat44 out GigabitEthernet0/a/0
2198  * @cliexend
2199 ?*/
2200 VLIB_CLI_COMMAND (set_interface_snat_command, static) = {
2201  .path = "set interface nat44",
2202  .function = snat_feature_command_fn,
2203  .short_help = "set interface nat44 in <intfc> out <intfc> [output-feature] "
2204  "[del]",
2205 };
2206 
2207 /*?
2208  * @cliexpar
2209  * @cliexstart{show nat44 interfaces}
2210  * Show interfaces with NAT44 feature.
2211  * vpp# show nat44 interfaces
2212  * NAT44 interfaces:
2213  * GigabitEthernet0/8/0 in
2214  * GigabitEthernet0/a/0 out
2215  * @cliexend
2216 ?*/
2217 VLIB_CLI_COMMAND (nat44_show_interfaces_command, static) = {
2218  .path = "show nat44 interfaces",
2219  .short_help = "show nat44 interfaces",
2221 };
2222 
2223 /*?
2224  * @cliexpar
2225  * @cliexstart{nat44 add static mapping}
2226  * Static mapping allows hosts on the external network to initiate connection
2227  * to to the local network host.
2228  * To create static mapping between local host address 10.0.0.3 port 6303 and
2229  * external address 4.4.4.4 port 3606 for TCP protocol use:
2230  * vpp# nat44 add static mapping tcp local 10.0.0.3 6303 external 4.4.4.4 3606
2231  * If not runnig "static mapping only" NAT plugin mode use before:
2232  * vpp# nat44 add address 4.4.4.4
2233  * To create static mapping between local and external address use:
2234  * vpp# nat44 add static mapping local 10.0.0.3 external 4.4.4.4
2235  * @cliexend
2236 ?*/
2237 VLIB_CLI_COMMAND (add_static_mapping_command, static) = {
2238  .path = "nat44 add static mapping",
2239  .function = add_static_mapping_command_fn,
2240  .short_help =
2241  "nat44 add static mapping tcp|udp|icmp local <addr> [<port>] "
2242  "external <addr> [<port>] [vrf <table-id>] [twice-nat|self-twice-nat] "
2243  "[out2in-only] [del]",
2244 };
2245 
2246 /*?
2247  * @cliexpar
2248  * @cliexstart{nat44 add identity mapping}
2249  * Identity mapping translate an IP address to itself.
2250  * To create identity mapping for address 10.0.0.3 port 6303 for TCP protocol
2251  * use:
2252  * vpp# nat44 add identity mapping 10.0.0.3 tcp 6303
2253  * To create identity mapping for address 10.0.0.3 use:
2254  * vpp# nat44 add identity mapping 10.0.0.3
2255  * To create identity mapping for DHCP addressed interface use:
2256  * vpp# nat44 add identity mapping external GigabitEthernet0/a/0 tcp 3606
2257  * @cliexend
2258 ?*/
2259 VLIB_CLI_COMMAND (add_identity_mapping_command, static) = {
2260  .path = "nat44 add identity mapping",
2261  .function = add_identity_mapping_command_fn,
2262  .short_help = "nat44 add identity mapping <ip4-addr>|external <interface> "
2263  "[<protocol> <port>] [vrf <table-id>] [del]",
2264 };
2265 
2266 /*?
2267  * @cliexpar
2268  * @cliexstart{nat44 add load-balancing static mapping}
2269  * Service load balancing using NAT44
2270  * To add static mapping with load balancing for service with external IP
2271  * address 1.2.3.4 and TCP port 80 and mapped to 2 local servers
2272  * 10.100.10.10:8080 and 10.100.10.20:8080 with probability 80% resp. 20% use:
2273  * vpp# nat44 add load-balancing static mapping protocol tcp external 1.2.3.4:80 local 10.100.10.10:8080 probability 80 local 10.100.10.20:8080 probability 20
2274  * @cliexend
2275 ?*/
2276 VLIB_CLI_COMMAND (add_lb_static_mapping_command, static) = {
2277  .path = "nat44 add load-balancing static mapping",
2279  .short_help =
2280  "nat44 add load-balancing static mapping protocol tcp|udp "
2281  "external <addr>:<port> local <addr>:<port> [vrf <table-id>] "
2282  "probability <n> [twice-nat|self-twice-nat] [out2in-only] "
2283  "[affinity <timeout-seconds>] [del]",
2284 };
2285 
2286 /*?
2287  * @cliexpar
2288  * @cliexstart{nat44 add load-balancing static mapping}
2289  * Modify service load balancing using NAT44
2290  * To add new back-end server 10.100.10.30:8080 for service load balancing
2291  * static mapping with external IP address 1.2.3.4 and TCP port 80 use:
2292  * vpp# nat44 add load-balancing back-end protocol tcp external 1.2.3.4:80 local 10.100.10.30:8080 probability 25
2293  * @cliexend
2294 ?*/
2295 VLIB_CLI_COMMAND (add_lb_backend_command, static) = {
2296  .path = "nat44 add load-balancing back-end",
2297  .function = add_lb_backend_command_fn,
2298  .short_help =
2299  "nat44 add load-balancing back-end protocol tcp|udp "
2300  "external <addr>:<port> local <addr>:<port> [vrf <table-id>] "
2301  "probability <n> [del]",
2302 };
2303 
2304 /*?
2305  * @cliexpar
2306  * @cliexstart{show nat44 static mappings}
2307  * Show NAT44 static mappings.
2308  * vpp# show nat44 static mappings
2309  * NAT44 static mappings:
2310  * local 10.0.0.3 external 4.4.4.4 vrf 0
2311  * tcp local 192.168.0.4:6303 external 4.4.4.3:3606 vrf 0
2312  * tcp vrf 0 external 1.2.3.4:80 out2in-only
2313  * local 10.100.10.10:8080 probability 80
2314  * local 10.100.10.20:8080 probability 20
2315  * tcp local 10.100.3.8:8080 external 169.10.10.1:80 vrf 0 twice-nat
2316  * tcp local 10.0.0.10:3603 external GigabitEthernet0/a/0:6306 vrf 10
2317  * @cliexend
2318 ?*/
2319 VLIB_CLI_COMMAND (nat44_show_static_mappings_command, static) = {
2320  .path = "show nat44 static mappings",
2321  .short_help = "show nat44 static mappings",
2323 };
2324 
2325 /*?
2326  * @cliexpar
2327  * @cliexstart{nat44 add interface address}
2328  * Use NAT44 pool address from specific interfce
2329  * To add NAT44 pool address from specific interface use:
2330  * vpp# nat44 add interface address GigabitEthernet0/8/0
2331  * @cliexend
2332 ?*/
2333 VLIB_CLI_COMMAND (snat_add_interface_address_command, static) = {
2334  .path = "nat44 add interface address",
2335  .short_help = "nat44 add interface address <interface> [twice-nat] [del]",
2337 };
2338 
2339 /*?
2340  * @cliexpar
2341  * @cliexstart{show nat44 interface address}
2342  * Show NAT44 pool address interfaces
2343  * vpp# show nat44 interface address
2344  * NAT44 pool address interfaces:
2345  * GigabitEthernet0/a/0
2346  * NAT44 twice-nat pool address interfaces:
2347  * GigabitEthernet0/8/0
2348  * @cliexend
2349 ?*/
2350 VLIB_CLI_COMMAND (nat44_show_interface_address_command, static) = {
2351  .path = "show nat44 interface address",
2352  .short_help = "show nat44 interface address",
2354 };
2355 
2356 /*?
2357  * @cliexpar
2358  * @cliexstart{show nat44 sessions}
2359  * Show NAT44 sessions.
2360  * @cliexend
2361 ?*/
2362 VLIB_CLI_COMMAND (nat44_show_sessions_command, static) = {
2363  .path = "show nat44 sessions",
2364  .short_help = "show nat44 sessions [detail]",
2365  .function = nat44_show_sessions_command_fn,
2366 };
2367 
2368 /*?
2369  * @cliexpar
2370  * @cliexstart{nat44 del session}
2371  * To administratively delete NAT44 session by inside address and port use:
2372  * vpp# nat44 del session in 10.0.0.3:6303 tcp
2373  * To administratively delete NAT44 session by outside address and port use:
2374  * vpp# nat44 del session out 1.0.0.3:6033 udp
2375  * @cliexend
2376 ?*/
2377 VLIB_CLI_COMMAND (nat44_del_session_command, static) = {
2378  .path = "nat44 del session",
2379  .short_help = "nat44 del session in|out <addr>:<port> tcp|udp|icmp [vrf <id>] [external-host <addr>:<port>]",
2380  .function = nat44_del_session_command_fn,
2381 };
2382 
2383 /*?
2384  * @cliexpar
2385  * @cliexstart{nat44 forwarding}
2386  * Enable or disable forwarding
2387  * Forward packets which don't match existing translation
2388  * or static mapping instead of dropping them.
2389  * To enable forwarding, use:
2390  * vpp# nat44 forwarding enable
2391  * To disable forwarding, use:
2392  * vpp# nat44 forwarding disable
2393  * @cliexend
2394 ?*/
2395 VLIB_CLI_COMMAND (snat_forwarding_set_command, static) = {
2396  .path = "nat44 forwarding",
2397  .short_help = "nat44 forwarding enable|disable",
2398  .function = snat_forwarding_set_command_fn,
2399 };
2400 
2401 /*?
2402  * @cliexpar
2403  * @cliexstart{nat44 deterministic add}
2404  * Create bijective mapping of inside address to outside address and port range
2405  * pairs, with the purpose of enabling deterministic NAT to reduce logging in
2406  * CGN deployments.
2407  * To create deterministic mapping between inside network 10.0.0.0/18 and
2408  * outside network 1.1.1.0/30 use:
2409  * # vpp# nat44 deterministic add in 10.0.0.0/18 out 1.1.1.0/30
2410  * @cliexend
2411 ?*/
2412 VLIB_CLI_COMMAND (snat_det_map_command, static) = {
2413  .path = "nat44 deterministic add",
2414  .short_help = "nat44 deterministic add in <addr>/<plen> out <addr>/<plen> [del]",
2415  .function = snat_det_map_command_fn,
2416 };
2417 
2418 /*?
2419  * @cliexpar
2420  * @cliexpstart{show nat44 deterministic mappings}
2421  * Show NAT44 deterministic mappings
2422  * vpp# show nat44 deterministic mappings
2423  * NAT44 deterministic mappings:
2424  * in 10.0.0.0/24 out 1.1.1.1/32
2425  * outside address sharing ratio: 256
2426  * number of ports per inside host: 252
2427  * sessions number: 0
2428  * @cliexend
2429 ?*/
2430 VLIB_CLI_COMMAND (nat44_det_show_mappings_command, static) = {
2431  .path = "show nat44 deterministic mappings",
2432  .short_help = "show nat44 deterministic mappings",
2434 };
2435 
2436 /*?
2437  * @cliexpar
2438  * @cliexstart{nat44 deterministic forward}
2439  * Return outside address and port range from inside address for deterministic
2440  * NAT.
2441  * To obtain outside address and port of inside host use:
2442  * vpp# nat44 deterministic forward 10.0.0.2
2443  * 1.1.1.0:<1054-1068>
2444  * @cliexend
2445 ?*/
2446 VLIB_CLI_COMMAND (snat_det_forward_command, static) = {
2447  .path = "nat44 deterministic forward",
2448  .short_help = "nat44 deterministic forward <addr>",
2449  .function = snat_det_forward_command_fn,
2450 };
2451 
2452 /*?
2453  * @cliexpar
2454  * @cliexstart{nat44 deterministic reverse}
2455  * Return inside address from outside address and port for deterministic NAT.
2456  * To obtain inside host address from outside address and port use:
2457  * #vpp nat44 deterministic reverse 1.1.1.1:1276
2458  * 10.0.16.16
2459  * @cliexend
2460 ?*/
2461 VLIB_CLI_COMMAND (snat_det_reverse_command, static) = {
2462  .path = "nat44 deterministic reverse",
2463  .short_help = "nat44 deterministic reverse <addr>:<port>",
2464  .function = snat_det_reverse_command_fn,
2465 };
2466 
2467 /*?
2468  * @cliexpar
2469  * @cliexstart{show nat44 deterministic sessions}
2470  * Show NAT44 deterministic sessions.
2471  * vpp# show nat44 deterministic sessions
2472  * NAT44 deterministic sessions:
2473  * in 10.0.0.3:3005 out 1.1.1.2:1146 external host 172.16.1.2:3006 state: udp-active expire: 306
2474  * in 10.0.0.3:3000 out 1.1.1.2:1141 external host 172.16.1.2:3001 state: udp-active expire: 306
2475  * in 10.0.0.4:3005 out 1.1.1.2:1177 external host 172.16.1.2:3006 state: udp-active expire: 306
2476  * @cliexend
2477 ?*/
2478 VLIB_CLI_COMMAND (nat44_det_show_sessions_command, static) = {
2479  .path = "show nat44 deterministic sessions",
2480  .short_help = "show nat44 deterministic sessions",
2482 };
2483 
2484 /*?
2485  * @cliexpar
2486  * @cliexstart{nat44 deterministic close session out}
2487  * Close session using outside ip address and port
2488  * and external ip address and port, use:
2489  * vpp# nat44 deterministic close session out 1.1.1.1:1276 2.2.2.2:2387
2490  * @cliexend
2491 ?*/
2492 VLIB_CLI_COMMAND (snat_det_close_sesion_out_command, static) = {
2493  .path = "nat44 deterministic close session out",
2494  .short_help = "nat44 deterministic close session out "
2495  "<out_addr>:<out_port> <ext_addr>:<ext_port>",
2496  .function = snat_det_close_session_out_fn,
2497 };
2498 
2499 /*?
2500  * @cliexpar
2501  * @cliexstart{nat44 deterministic close session in}
2502  * Close session using inside ip address and port
2503  * and external ip address and port, use:
2504  * vpp# nat44 deterministic close session in 3.3.3.3:3487 2.2.2.2:2387
2505  * @cliexend
2506 ?*/
2507 VLIB_CLI_COMMAND (snat_det_close_session_in_command, static) = {
2508  .path = "nat44 deterministic close session in",
2509  .short_help = "nat44 deterministic close session in "
2510  "<in_addr>:<in_port> <ext_addr>:<ext_port>",
2511  .function = snat_det_close_session_in_fn,
2512 };
2513 
2514 /* *INDENT-ON* */
2515 
2516 /*
2517  * fd.io coding-style-patch-verification: ON
2518  *
2519  * Local Variables:
2520  * eval: (c-set-style "gnu")
2521  * End:
2522  */
static clib_error_t * add_address_command_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
Definition: nat44_cli.c:522
static clib_error_t * snat_det_reverse_command_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
Definition: nat44_cli.c:1628
#define nat_log_info(...)
Definition: nat.h:856
#define vec_foreach_index(var, v)
Iterate over vector indices.
static clib_error_t * nat44_show_sessions_command_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
Definition: nat44_cli.c:1331
int snat_del_address(snat_main_t *sm, ip4_address_t addr, u8 delete_sm, u8 twice_nat)
Delete external address from NAT44 pool.
Definition: nat.c:1640
int nat64_set_udp_timeout(u32 timeout)
Set UDP session timeout.
Definition: nat64.c:820
u16 ext_host_port
Definition: nat.h:125
nat_affinity_main_t nat_affinity_main
Definition: nat_affinity.c:23
u32 icmp_timeout
Definition: nat.h:679
vnet_main_t * vnet_get_main(void)
Definition: misc.c:46
u16 start_port
Definition: nat.h:590
#define SNAT_TCP_ESTABLISHED_TIMEOUT
Definition: nat.h:37
clib_memset(h->entries, 0, sizeof(h->entries[0]) *entries)
static clib_error_t * nat_ha_resync_command_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
Definition: nat44_cli.c:510
#define vec_add1(V, E)
Add 1 element to end of vector (unspecified alignment).
Definition: vec.h:522
static void snat_det_ses_close(snat_det_map_t *dm, snat_det_session_t *ses)
Definition: nat_det.h:182
int i
static snat_det_session_t * snat_det_find_ses_by_in(snat_det_map_t *dm, ip4_address_t *in_addr, u16 in_port, snat_det_out_key_t out_key)
Definition: nat_det.h:129
uword unformat_user(unformat_input_t *input, unformat_function_t *func,...)
Definition: unformat.c:989
static void snat_det_forward(snat_det_map_t *dm, ip4_address_t *in_addr, ip4_address_t *out_addr, u16 *lo_port)
Definition: nat_det.h:75
int nat44_del_ed_session(snat_main_t *sm, ip4_address_t *addr, u16 port, ip4_address_t *eh_addr, u16 eh_port, u8 proto, u32 vrf_id, int is_in)
Delete NAT44 endpoint-dependent session.
Definition: nat.c:4230
unformat_function_t unformat_vnet_sw_interface
snat_det_map_t * det_maps
Definition: nat.h:653
static clib_error_t * add_identity_mapping_command_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
Definition: nat44_cli.c:933
void nat_ha_get_resync_status(u8 *in_resync, u32 *resync_ack_missed)
Get resync status.
Definition: nat_ha.c:824
static void snat_det_reverse(snat_det_map_t *dm, ip4_address_t *out_addr, u16 out_port, ip4_address_t *in_addr)
Definition: nat_det.h:90
vhost_vring_addr_t addr
Definition: vhost_user.h:147
static clib_error_t * snat_det_close_session_out_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
Definition: nat44_cli.c:1804
format_function_t format_vnet_sw_if_index_name
unsigned char u8
Definition: types.h:56
u8 deterministic
Definition: nat.h:661
int snat_interface_add_del(u32 sw_if_index, u8 is_inside, int is_del)
Enable/disable NAT44 feature on the interface.
Definition: nat.c:1754
static clib_error_t * nat_show_ha_command_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
Definition: nat44_cli.c:463
clib_bihash_8_8_t user_hash
Definition: nat.h:505
int nat44_add_del_lb_static_mapping(ip4_address_t e_addr, u16 e_port, snat_protocol_t proto, nat44_lb_addr_port_t *locals, u8 is_add, twice_nat_type_t twice_nat, u8 out2in_only, u8 *tag, u32 affinity)
Add/delete static mapping with load-balancing (multiple backends)
Definition: nat.c:1179
static clib_error_t * nat44_show_hash_commnad_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
Definition: nat44_cli.c:204
u16 src_port
Definition: udp.api:41
clib_bihash_8_8_t in2out
Definition: nat.h:498
log_level
Definition: vpe_types.api:32
format_function_t format_ip4_address
Definition: format.h:75
int nat_ha_resync(u32 client_index, u32 pid, nat_ha_resync_event_cb_t event_callback)
Resync HA (resend existing sessions to new failover)
#define pool_foreach(VAR, POOL, BODY)
Iterate through pool.
Definition: pool.h:493
unformat_function_t unformat_ip4_address
Definition: format.h:70
static clib_error_t * snat_det_map_command_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
Definition: nat44_cli.c:1494
vl_api_interface_index_t sw_if_index
Definition: gre.api:50
ip4_address_t ext_host_addr
Definition: nat.h:124
clib_bihash_16_8_t affinity_hash
Definition: nat_affinity.h:59
int snat_add_address(snat_main_t *sm, ip4_address_t *addr, u32 vrf_id, u8 twice_nat)
Add external address to NAT44 pool.
Definition: nat.c:552
int nat64_set_icmp_timeout(u32 timeout)
Set ICMP session timeout.
Definition: nat64.c:841
static clib_error_t * snat_det_close_session_in_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
Definition: nat44_cli.c:1863
static clib_error_t * snat_det_forward_command_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
Definition: nat44_cli.c:1581
#define vec_elt_at_index(v, i)
Get vector value at index i checking that i is in bounds.
#define clib_error_return(e, args...)
Definition: error.h:99
int snat_ipfix_logging_enable_disable(int enable, u32 domain_id, u16 src_port)
Enable/disable NAT plugin IPFIX logging.
unsigned int u32
Definition: types.h:88
static clib_error_t * nat44_set_alloc_addr_and_port_alg_command_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
Definition: nat44_cli.c:250
static clib_error_t * nat_set_mss_clamping_command_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
Definition: nat44_cli.c:335
unformat_function_t unformat_line_input
Definition: format.h:283
u32 * auto_add_sw_if_indices_twice_nat
Definition: nat.h:601
vlib_worker_thread_t * vlib_worker_threads
Definition: threads.c:37
u16 mss_value_net
Definition: nat.h:683
nat_addr_and_port_alloc_alg_t addr_and_port_alloc_alg
Definition: nat.h:584
static clib_error_t * nat44_show_addresses_command_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
Definition: nat44_cli.c:630
clib_bihash_16_8_t out2in_ed
Definition: nat.h:501
static snat_det_map_t * snat_det_map_by_out(snat_main_t *sm, ip4_address_t *out_addr)
Definition: nat_det.h:60
u16 mss_clamping
Definition: nat.h:682
static clib_error_t * snat_forwarding_set_command_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
Definition: nat44_cli.c:1442
struct _unformat_input_t unformat_input_t
unsigned short u16
Definition: types.h:57
static clib_error_t * nat44_det_show_sessions_command_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
Definition: nat44_cli.c:1776
u8 out2in_dpo
Definition: nat.h:662
#define SNAT_UDP_TIMEOUT
Definition: nat.h:35
snat_static_mapping_t * static_mappings
Definition: nat.h:573
u32 udp_timeout
Definition: nat.h:676
u8 static_mapping_only
Definition: nat.h:659
void nat_ha_get_listener(ip4_address_t *addr, u16 *port, u32 *path_mtu)
Get HA listener/local configuration.
Definition: nat_ha.c:385
void nat_ha_flush(u8 is_resync)
Flush the current HA data (for testing)
Definition: nat_ha.c:682
clib_bihash_8_8_t static_mapping_by_external
Definition: nat.h:570
u16 port
Definition: punt.api:40
u8 psid_offset
Definition: nat.h:586
static clib_error_t * snat_feature_command_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
Definition: nat44_cli.c:673
void nat_set_alloc_addr_and_port_default(void)
Set address and port assignment algorithm to default/standard.
Definition: nat.c:4297
u8 name[64]
Definition: memclnt.api:152
u8 psid_length
Definition: nat.h:587
vnet_main_t * vnet_main
Definition: nat.h:699
u32 inside_vrf_id
Definition: nat.h:672
u8 log_level
Definition: nat.h:695
snat_interface_t * output_feature_interfaces
Definition: nat.h:577
static clib_error_t * snat_set_log_level_command_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
Definition: nat44_cli.c:119
snat_main_t snat_main
Definition: nat.c:39
snat_user_t * users
Definition: nat.h:508
static clib_error_t * add_lb_static_mapping_command_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
Definition: nat44_cli.c:1012
#define UNFORMAT_END_OF_INPUT
Definition: format.h:145
static u8 snat_proto_to_ip_proto(snat_protocol_t snat_proto)
Definition: nat_inlines.h:162
static clib_error_t * snat_ipfix_logging_enable_disable_command_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
Definition: nat44_cli.c:152
clib_bihash_8_8_t out2in
Definition: nat.h:497
u32 ft_table_id
Table ID (hash key) for this FIB.
Definition: fib_table.h:89
vlib_main_t * vm
Definition: buffer.c:323
static clib_error_t * nat_show_workers_commnad_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
Definition: nat44_cli.c:93
static clib_error_t * nat44_show_interfaces_command_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
Definition: nat44_cli.c:783
u32 outside_vrf_id
Definition: nat.h:670
void nat44_add_del_address_dpo(ip4_address_t addr, u8 is_add)
Add/delete external address to FIB DPO (out2in DPO mode)
Definition: nat.c:2906
u16 end_port
Definition: nat.h:591
#define vec_free(V)
Free vector&#39;s memory (no header).
Definition: vec.h:341
deterministic NAT definitions
format_function_t format_snat_static_map_to_resolve
Definition: nat.h:748
int snat_interface_add_del_output_feature(u32 sw_if_index, u8 is_inside, int is_del)
Enable/disable NAT44 output feature on the interface (postrouting NAT)
Definition: nat.c:2006
u16 psid
Definition: nat.h:588
format_function_t format_nat_addr_and_port_alloc_alg
Definition: nat.h:754
static clib_error_t * set_timeout_command_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
Definition: nat44_cli.c:1681
u32 tcp_transitory_timeout
Definition: nat.h:678
int nat_ha_set_listener(ip4_address_t *addr, u16 port, u32 path_mtu)
Set HA listener (local settings)
Definition: nat_ha.c:352
int snat_add_static_mapping(ip4_address_t l_addr, ip4_address_t e_addr, u16 l_port, u16 e_port, u32 vrf_id, int addr_only, u32 sw_if_index, snat_protocol_t proto, int is_add, twice_nat_type_t twice_nat, u8 out2in_only, u8 *tag, u8 identity_nat)
Add/delete NAT44 static mapping.
Definition: nat.c:688
int snat_det_add_map(snat_main_t *sm, ip4_address_t *in_addr, u8 in_plen, ip4_address_t *out_addr, u8 out_plen, int is_add)
Add/delete deterministic NAT mapping.
Definition: nat_det.c:40
static clib_error_t * nat_ha_failover_command_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
Definition: nat44_cli.c:385
#define VLIB_CLI_COMMAND(x,...)
Definition: cli.h:161
u32 * auto_add_sw_if_indices
Definition: nat.h:600
static clib_error_t * nat_show_mss_clamping_command_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
Definition: nat44_cli.c:371
static snat_det_map_t * snat_det_map_by_user(snat_main_t *sm, ip4_address_t *user_addr)
Definition: nat_det.h:45
static clib_error_t * nat_ha_flush_command_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
Definition: nat44_cli.c:502
u32 num_workers
Definition: nat.h:555
static clib_error_t * nat_ha_listener_command_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
Definition: nat44_cli.c:425
Definition: nat.h:425
unformat_function_t unformat_snat_protocol
Definition: nat.h:757
int nat_ha_set_failover(ip4_address_t *addr, u16 port, u32 session_refresh_interval)
Set HA failover (remote settings)
Definition: nat_ha.c:395
u32 first_worker_index
Definition: nat.h:556
void nat_set_alloc_addr_and_port_range(u16 start_port, u16 end_port)
Set address and port assignment algorithm for port range.
Definition: nat.c:4286
static clib_error_t * add_static_mapping_command_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
Definition: nat44_cli.c:816
#define clib_bitmap_free(v)
Free a bitmap.
Definition: bitmap.h:92
size_t count
Definition: vapi.c:47
ip4_address_t addr
Definition: nat.h:358
int nat44_del_session(snat_main_t *sm, ip4_address_t *addr, u16 port, snat_protocol_t proto, u32 vrf_id, int is_in)
Delete NAT44 session.
Definition: nat.c:4187
snat_address_t * twice_nat_addresses
Definition: nat.h:597
static clib_error_t * nat44_del_session_command_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
Definition: nat44_cli.c:1367
NAT64 global declarations.
int nat64_set_tcp_timeouts(u32 trans, u32 est)
Set TCP session timeouts.
Definition: nat64.c:862
void increment_v4_address(ip4_address_t *a)
Increment IPv4 address.
Definition: nat.c:636
static clib_error_t * nat_show_timeouts_command_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
Definition: nat44_cli.c:1759
twice_nat_type_t
Definition: nat.h:420
#define vec_len(v)
Number of elements in vector (rvalue-only, NULL tolerant)
#define UNSUPPORTED_IN_DET_MODE_STR
Definition: nat44_cli.c:29
u16 ports_per_host
Definition: nat.h:399
static clib_error_t * snat_add_interface_address_command_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
Definition: nat44_cli.c:1245
u32 * workers
Definition: nat.h:557
u64 uword
Definition: types.h:112
snat_main_per_thread_data_t * per_thread_data
Definition: nat.h:564
static void unformat_free(unformat_input_t *i)
Definition: format.h:163
snat_protocol_t
Definition: nat.h:191
typedef key
Definition: ipsec.api:247
fib_table_t * fib_table_get(fib_node_index_t index, fib_protocol_t proto)
Get a pointer to a FIB table.
Definition: fib_table.c:27
snat_address_t * addresses
Definition: nat.h:580
static clib_error_t * nat44_show_alloc_addr_and_port_alg_command_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
Definition: nat44_cli.c:305
int snat_add_interface_address(snat_main_t *sm, u32 sw_if_index, int is_del, u8 twice_nat)
Add/delete NAT44 pool address from specific interfce.
Definition: nat.c:4119
static clib_error_t * nat44_show_interface_address_command_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
Definition: nat44_cli.c:1301
void nat_ha_get_failover(ip4_address_t *addr, u16 *port, u32 *session_refresh_interval)
Get HA failover/remote settings.
Definition: nat_ha.c:410
static clib_error_t * nat44_show_static_mappings_command_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
Definition: nat44_cli.c:1220
static clib_error_t * add_lb_backend_command_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
Definition: nat44_cli.c:1128
#define SNAT_ICMP_TIMEOUT
Definition: nat.h:38
static snat_det_session_t * snat_det_get_ses_by_out(snat_det_map_t *dm, ip4_address_t *in_addr, u64 out_key)
Definition: nat_det.h:112
snat_static_map_resolve_t * to_resolve
Definition: nat.h:604
u8 * format_unformat_error(u8 *s, va_list *va)
Definition: unformat.c:91
#define SUPPORTED_ONLY_IN_DET_MODE_STR
Definition: nat44_cli.c:31
u8 forwarding_enabled
Definition: nat.h:656
#define vec_foreach(var, vec)
Vector iterator.
int snat_set_workers(uword *bitmap)
Set NAT plugin workers.
Definition: nat.c:2161
clib_bihash_16_8_t in2out_ed
Definition: nat.h:502
u8 endpoint_dependent
Definition: nat.h:663
void nat_set_alloc_addr_and_port_mape(u16 psid, u16 psid_offset, u16 psid_length)
Set address and port assignment algorithm for MAP-E CE.
Definition: nat.c:4274
NAT plugin client-IP based session affinity for load-balancing.
#define SNAT_TCP_TRANSITORY_TIMEOUT
Definition: nat.h:36
void vlib_cli_output(vlib_main_t *vm, char *fmt,...)
Definition: cli.c:772
snat_session_t * sessions
Definition: nat.h:511
clib_bihash_8_8_t static_mapping_by_local
Definition: nat.h:567
static clib_error_t * nat44_det_show_mappings_command_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
Definition: nat44_cli.c:1552
int nat44_lb_static_mapping_add_del_local(ip4_address_t e_addr, u16 e_port, ip4_address_t l_addr, u16 l_port, snat_protocol_t proto, u32 vrf_id, u8 probability, u8 is_add)
Definition: nat.c:1456
u32 fib_index
Definition: nat.h:359
static clib_error_t * set_workers_command_fn(vlib_main_t *vm, unformat_input_t *input, vlib_cli_command_t *cmd)
Definition: nat44_cli.c:35
snat_interface_t * interfaces
Definition: nat.h:576
uword unformat(unformat_input_t *i, const char *fmt,...)
Definition: unformat.c:978
NAT active-passive HA.
vl_api_fib_path_nh_proto_t proto
Definition: fib_types.api:125
static uword unformat_check_input(unformat_input_t *i)
Definition: format.h:171
u32 tcp_established_timeout
Definition: nat.h:677
static uword pool_elts(void *v)
Number of active elements in a pool.
Definition: pool.h:128