d9/d2c/nat__det_8h_source.html

 /*
  * snat_det.h - deterministic NAT definitions
  *
  * Copyright (c) 2017 Cisco and/or its affiliates.
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at:
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 /**
  * @file
  * @brief deterministic NAT definitions
  */

 #ifndef __included_nat_det_h__
 #define __included_nat_det_h__

 #include <vnet/ip/ip.h>
 #include <nat/nat.h>
 #include <nat/nat_ipfix_logging.h>


 #define SNAT_DET_SES_PER_USER 1000


 int snat_det_add_map (snat_main_t * sm, ip4_address_t * in_addr, u8 in_plen,
                       ip4_address_t * out_addr, u8 out_plen, int is_add);

 always_inline int
 is_addr_in_net (ip4_address_t * addr, ip4_address_t * net, u8 plen)
 {
   if (net->as_u32 == (addr->as_u32 & ip4_main.fib_masks[plen]))
     return 1;
   return 0;
 }

 always_inline snat_det_map_t *
 snat_det_map_by_user (snat_main_t * sm, ip4_address_t * user_addr)
 {
   snat_det_map_t *dm;

   /* *INDENT-OFF* */
   pool_foreach (dm, sm->det_maps,
   ({
     if (is_addr_in_net(user_addr, &dm->in_addr, dm->in_plen))
       return dm;
   }));
   /* *INDENT-ON* */
   return 0;
 }

 always_inline snat_det_map_t *
 snat_det_map_by_out (snat_main_t * sm, ip4_address_t * out_addr)
 {
   snat_det_map_t *dm;

   /* *INDENT-OFF* */
   pool_foreach (dm, sm->det_maps,
   ({
     if (is_addr_in_net(out_addr, &dm->out_addr, dm->out_plen))
       return dm;
   }));
   /* *INDENT-ON* */
   return 0;
 }

 always_inline void
 snat_det_forward (snat_det_map_t * dm, ip4_address_t * in_addr,
                   ip4_address_t * out_addr, u16 * lo_port)
 {
   u32 in_offset, out_offset;

   in_offset = clib_net_to_host_u32 (in_addr->as_u32) -
     clib_net_to_host_u32 (dm->in_addr.as_u32);
   out_offset = in_offset / dm->sharing_ratio;
   out_addr->as_u32 =
     clib_host_to_net_u32 (clib_net_to_host_u32 (dm->out_addr.as_u32) +
                           out_offset);
   *lo_port = 1024 + dm->ports_per_host * (in_offset % dm->sharing_ratio);
 }

 always_inline void
 snat_det_reverse (snat_det_map_t * dm, ip4_address_t * out_addr, u16 out_port,
                   ip4_address_t * in_addr)
 {
   u32 in_offset1, in_offset2, out_offset;

   out_offset = clib_net_to_host_u32 (out_addr->as_u32) -
     clib_net_to_host_u32 (dm->out_addr.as_u32);
   in_offset1 = out_offset * dm->sharing_ratio;
   in_offset2 = (out_port - 1024) / dm->ports_per_host;
   in_addr->as_u32 =
     clib_host_to_net_u32 (clib_net_to_host_u32 (dm->in_addr.as_u32) +
                           in_offset1 + in_offset2);
 }

 always_inline u32
 snat_det_user_ses_offset (ip4_address_t * addr, u8 plen)
 {
   return (clib_net_to_host_u32 (addr->as_u32) & pow2_mask (32 - plen)) *
     SNAT_DET_SES_PER_USER;
 }

 always_inline snat_det_session_t *
 snat_det_get_ses_by_out (snat_det_map_t * dm, ip4_address_t * in_addr,
                          u64 out_key)
 {
   u32 user_offset;
   u16 i;

   user_offset = snat_det_user_ses_offset (in_addr, dm->in_plen);
   for (i = 0; i < SNAT_DET_SES_PER_USER; i++)
     {
       if (dm->sessions[i + user_offset].out.as_u64 == out_key)
         return &dm->sessions[i + user_offset];
     }

   return 0;
 }

 always_inline snat_det_session_t *
 snat_det_find_ses_by_in (snat_det_map_t * dm, ip4_address_t * in_addr,
                          u16 in_port, snat_det_out_key_t out_key)
 {
   snat_det_session_t *ses;
   u32 user_offset;
   u16 i;

   user_offset = snat_det_user_ses_offset (in_addr, dm->in_plen);
   for (i = 0; i < SNAT_DET_SES_PER_USER; i++)
     {
       ses = &dm->sessions[i + user_offset];
       if (ses->in_port == in_port &&
           ses->out.ext_host_addr.as_u32 == out_key.ext_host_addr.as_u32 &&
           ses->out.ext_host_port == out_key.ext_host_port)
         return &dm->sessions[i + user_offset];
     }

   return 0;
 }

 always_inline snat_det_session_t *
 snat_det_ses_create (u32 thread_index, snat_det_map_t * dm,
                      ip4_address_t * in_addr, u16 in_port,
                      snat_det_out_key_t * out)
 {
   u32 user_offset;
   u16 i;

   user_offset = snat_det_user_ses_offset (in_addr, dm->in_plen);

   for (i = 0; i < SNAT_DET_SES_PER_USER; i++)
     {
       if (!dm->sessions[i + user_offset].in_port)
         {
           if (clib_atomic_bool_cmp_and_swap
               (&dm->sessions[i + user_offset].in_port, 0, in_port))
             {
               dm->sessions[i + user_offset].out.as_u64 = out->as_u64;
               dm->sessions[i + user_offset].state = SNAT_SESSION_UNKNOWN;
               dm->sessions[i + user_offset].expire = 0;
               clib_atomic_add_fetch (&dm->ses_num, 1);
               return &dm->sessions[i + user_offset];
             }
         }
     }

   snat_ipfix_logging_max_entries_per_user (thread_index,
                                            SNAT_DET_SES_PER_USER,
                                            in_addr->as_u32);
   return 0;
 }

 always_inline void
 snat_det_ses_close (snat_det_map_t * dm, snat_det_session_t * ses)
 {
   if (clib_atomic_bool_cmp_and_swap (&ses->in_port, ses->in_port, 0))
     {
       ses->out.as_u64 = 0;
       clib_atomic_add_fetch (&dm->ses_num, -1);
     }
 }

 #endif /* __included_nat_det_h__ */

 /*
  * fd.io coding-style-patch-verification: ON
  *
  * Local Variables:
  * eval: (c-set-style "gnu")
  * End:
  */
snat_ipfix_logging_max_entries_per_user
void snat_ipfix_logging_max_entries_per_user(u32 thread_index, u32 limit, u32 src_ip)
Generate maximum entries per user exceeded event.
Definition: nat_ipfix_logging.c:1629

snat_det_session_t::in_port
u16 in_port
Definition: nat.h:377

snat_det_out_key_t::ext_host_port
u16 ext_host_port
Definition: nat.h:123

snat_det_add_map
int snat_det_add_map(snat_main_t *sm, ip4_address_t *in_addr, u8 in_plen, ip4_address_t *out_addr, u8 out_plen, int is_add)
Add/delete deterministic NAT mapping.
Definition: nat_det.c:40

clib_atomic_add_fetch
#define clib_atomic_add_fetch(a, b)
Definition: atomics.h:30

u64
unsigned long u64
Definition: types.h:89

snat_det_ses_close
static void snat_det_ses_close(snat_det_map_t *dm, snat_det_session_t *ses)
Definition: nat_det.h:182

i
int i
Definition: flowhash_template.h:376

snat_det_find_ses_by_in
static snat_det_session_t * snat_det_find_ses_by_in(snat_det_map_t *dm, ip4_address_t *in_addr, u16 in_port, snat_det_out_key_t out_key)
Definition: nat_det.h:129

snat_det_forward
static void snat_det_forward(snat_det_map_t *dm, ip4_address_t *in_addr, ip4_address_t *out_addr, u16 *lo_port)
Definition: nat_det.h:75

snat_main_s::det_maps
snat_det_map_t * det_maps
Definition: nat.h:653

ip.h

snat_det_map_t::in_plen
u8 in_plen
Definition: nat.h:390

snat_det_reverse
static void snat_det_reverse(snat_det_map_t *dm, ip4_address_t *out_addr, u16 out_port, ip4_address_t *in_addr)
Definition: nat_det.h:90

addr
vhost_vring_addr_t addr
Definition: vhost_user.h:147

u8
unsigned char u8
Definition: types.h:56

pool_foreach
#define pool_foreach(VAR, POOL, BODY)
Iterate through pool.
Definition: pool.h:498

snat_det_out_key_t::ext_host_addr
ip4_address_t ext_host_addr
Definition: nat.h:122

pow2_mask
static uword pow2_mask(uword x)
Definition: clib.h:220

snat_det_map_t
Definition: nat.h:386

SNAT_DET_SES_PER_USER
#define SNAT_DET_SES_PER_USER
Definition: nat_det.h:30

u32
unsigned int u32
Definition: types.h:88

ip4_address_t
Definition: ip4_packet.h:49

snat_det_session_t
Definition: nat.h:374

snat_det_user_ses_offset
static u32 snat_det_user_ses_offset(ip4_address_t *addr, u8 plen)
Definition: nat_det.h:105

snat_det_map_t::sessions
snat_det_session_t * sessions
Definition: nat.h:401

snat_det_map_by_out
static snat_det_map_t * snat_det_map_by_out(snat_main_t *sm, ip4_address_t *out_addr)
Definition: nat_det.h:60

u16
unsigned short u16
Definition: types.h:57

always_inline
#define always_inline
Definition: ipsec.h:28

snat_det_ses_create
static snat_det_session_t * snat_det_ses_create(u32 thread_index, snat_det_map_t *dm, ip4_address_t *in_addr, u16 in_port, snat_det_out_key_t *out)
Definition: nat_det.h:150

nat_ipfix_logging.h

snat_main_s
Definition: nat.h:552

snat_det_out_key_t::as_u64
u64 as_u64
Definition: nat.h:126

snat_det_map_t::sharing_ratio
u32 sharing_ratio
Definition: nat.h:395

snat_det_map_t::out_addr
ip4_address_t out_addr
Definition: nat.h:392

is_addr_in_net
static int is_addr_in_net(ip4_address_t *addr, ip4_address_t *net, u8 plen)
Definition: nat_det.h:37

snat_det_map_by_user
static snat_det_map_t * snat_det_map_by_user(snat_main_t *sm, ip4_address_t *user_addr)
Definition: nat_det.h:45

snat_det_session_t::state
u8 state
Definition: nat.h:381

snat_det_map_t::in_addr
ip4_address_t in_addr
Definition: nat.h:389

nat.h

clib_atomic_bool_cmp_and_swap
#define clib_atomic_bool_cmp_and_swap(addr, old, new)
Definition: atomics.h:38

snat_det_map_t::ports_per_host
u16 ports_per_host
Definition: nat.h:397

snat_det_session_t::out
snat_det_out_key_t out
Definition: nat.h:379

snat_det_get_ses_by_out
static snat_det_session_t * snat_det_get_ses_by_out(snat_det_map_t *dm, ip4_address_t *in_addr, u64 out_key)
Definition: nat_det.h:112

ip4_main
ip4_main_t ip4_main
Global ip4 main structure.
Definition: ip4_forward.c:1079

snat_det_map_t::ses_num
u32 ses_num
Definition: nat.h:399

ip4_address_t::as_u32
u32 as_u32
Definition: ip4_packet.h:56

snat_det_out_key_t
Definition: nat.h:116

snat_det_session_t::expire
u32 expire
Definition: nat.h:383

ip4_main_t::fib_masks
u32 fib_masks[33]
Definition: ip4.h:118