d0/d76/cnat__snat__policy_8h_source.html

 /*
  * Copyright (c) 2020 Cisco and/or its affiliates.
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at:
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 #ifndef __CNAT_SNAT_H__
 #define __CNAT_SNAT_H__

 #include <cnat/cnat_types.h>
 #include <cnat/cnat_session.h>

 /* function to use to decide whether to snat connections in the output
  * feature. Returns 1 if we should source NAT */
 typedef int (*cnat_snat_policy_t) (vlib_buffer_t *b, cnat_session_t *session);

 typedef struct cnat_snat_pfx_table_meta_t_
 {
   u32 dst_address_length_refcounts[129];
   u16 *prefix_lengths_in_search_order;
   uword *non_empty_dst_address_length_bitmap;
 } cnat_snat_pfx_table_meta_t;

 typedef struct cnat_snat_exclude_pfx_table_t_
 {
   /* Stores (ip family, prefix & mask) */
   clib_bihash_24_8_t ip_hash;
   /* family dependant cache */
   cnat_snat_pfx_table_meta_t meta[2];
   /* Precomputed ip masks (ip4 & ip6) */
   ip6_address_t ip_masks[129];
 } cnat_snat_exclude_pfx_table_t;

 typedef enum cnat_snat_interface_map_type_t_
 {
   CNAT_SNAT_IF_MAP_INCLUDE_V4 = AF_IP4,
   CNAT_SNAT_IF_MAP_INCLUDE_V6 = AF_IP6,
   CNAT_SNAT_IF_MAP_INCLUDE_POD,
   CNAT_N_SNAT_IF_MAP,
 } cnat_snat_interface_map_type_t;

 typedef enum cnat_snat_policy_type_t_
 {
   CNAT_SNAT_POLICY_NONE = 0,
   CNAT_SNAT_POLICY_IF_PFX = 1,
   CNAT_SNAT_POLICY_K8S = 2,
 } cnat_snat_policy_type_t;

 typedef struct cnat_snat_policy_main_t_
 {
   /* Longest prefix Match table for source NATing */
   cnat_snat_exclude_pfx_table_t excluded_pfx;

   /* interface maps including or excluding sw_if_indexes  */
   clib_bitmap_t *interface_maps[CNAT_N_SNAT_IF_MAP];

   /* SNAT policy for the output feature node */
   cnat_snat_policy_t snat_policy;

   /* Ip4 Address to use for source NATing */
   cnat_endpoint_t snat_ip4;

   /* Ip6 Address to use for source NATing */
   cnat_endpoint_t snat_ip6;

 } cnat_snat_policy_main_t;

 extern cnat_snat_policy_main_t cnat_snat_policy_main;

 extern void cnat_set_snat (ip4_address_t *ip4, ip6_address_t *ip6,
                            u32 sw_if_index);
 extern int cnat_snat_policy_add_pfx (ip_prefix_t *pfx);
 extern int cnat_snat_policy_del_pfx (ip_prefix_t *pfx);
 extern int cnat_set_snat_policy (cnat_snat_policy_type_t policy);
 extern int cnat_snat_policy_add_del_if (u32 sw_if_index, u8 is_add,
                                         cnat_snat_interface_map_type_t table);

 int cnat_search_snat_prefix (ip46_address_t *addr, ip_address_family_t af);

 /*
  * fd.io coding-style-patch-verification: ON
  *
  * Local Variables:
  * eval: (c-set-style "gnu")
  * End:
  */

 #endif
CNAT_SNAT_POLICY_K8S
Definition: cnat_snat_policy.h:55

cnat_snat_policy_add_del_if
int cnat_snat_policy_add_del_if(u32 sw_if_index, u8 is_add, cnat_snat_interface_map_type_t table)
Definition: cnat_snat_policy.c:89

CNAT_SNAT_POLICY_IF_PFX
Definition: cnat_snat_policy.h:54

cnat_session.h

cnat_snat_policy_add_pfx
int cnat_snat_policy_add_pfx(ip_prefix_t *pfx)
Definition: cnat_snat_policy.c:148

cnat_snat_policy_type_t_
cnat_snat_policy_type_t_
Definition: cnat_snat_policy.h:51

AF_IP6
Definition: ip_types.h:24

cnat_snat_policy_main_t_
Definition: cnat_snat_policy.h:58

cnat_snat_exclude_pfx_table_t_::ip_hash
clib_bihash_24_8_t ip_hash
Definition: cnat_snat_policy.h:36

policy
vl_api_ipsec_spd_action_t policy
Definition: ipsec.api:99

cnat_set_snat
void cnat_set_snat(ip4_address_t *ip4, ip6_address_t *ip6, u32 sw_if_index)
Definition: cnat_snat_policy.c:331

addr
vhost_vring_addr_t addr
Definition: vhost_user.h:130

cnat_snat_exclude_pfx_table_t
struct cnat_snat_exclude_pfx_table_t_ cnat_snat_exclude_pfx_table_t

u8
unsigned char u8
Definition: types.h:56

b
vlib_buffer_t ** b
Definition: nat44_ei_out2in.c:717

cnat_snat_policy_main
cnat_snat_policy_main_t cnat_snat_policy_main
Definition: cnat_snat_policy.c:20

u32
unsigned int u32
Definition: types.h:88

cnat_session_t_
A session represents the memory of a translation.
Definition: cnat_session.h:37

cnat_types.h

cnat_snat_pfx_table_meta_t
struct cnat_snat_pfx_table_meta_t_ cnat_snat_pfx_table_meta_t

CNAT_SNAT_POLICY_NONE
Definition: cnat_snat_policy.h:53

ip6
vl_api_ip6_address_t ip6
Definition: one.api:424

AF_IP4
Definition: ip_types.h:23

CNAT_SNAT_IF_MAP_INCLUDE_POD
Definition: cnat_snat_policy.h:47

cnat_endpoint_t_
Definition: cnat_types.h:73

cnat_snat_policy_del_pfx
int cnat_snat_policy_del_pfx(ip_prefix_t *pfx)
Definition: cnat_snat_policy.c:179

cnat_snat_exclude_pfx_table_t_
Definition: cnat_snat_policy.h:33

ip4_address_t
Definition: ip4_packet.h:50

cnat_snat_policy_main_t_::snat_policy
cnat_snat_policy_t snat_policy
Definition: cnat_snat_policy.h:67

sw_if_index
vl_api_interface_index_t sw_if_index
Definition: wireguard.api:34

u16
unsigned short u16
Definition: types.h:57

ip4
vl_api_ip4_address_t ip4
Definition: one.api:376

CNAT_N_SNAT_IF_MAP
Definition: cnat_snat_policy.h:48

CNAT_SNAT_IF_MAP_INCLUDE_V4
Definition: cnat_snat_policy.h:45

cnat_snat_pfx_table_meta_t_::prefix_lengths_in_search_order
u16 * prefix_lengths_in_search_order
Definition: cnat_snat_policy.h:29

cnat_snat_pfx_table_meta_t_::dst_address_length_refcounts
u32 dst_address_length_refcounts[129]
Definition: cnat_snat_policy.h:28

cnat_snat_policy_main_t_::snat_ip4
cnat_endpoint_t snat_ip4
Definition: cnat_snat_policy.h:70

cnat_snat_interface_map_type_t_
cnat_snat_interface_map_type_t_
Definition: cnat_snat_policy.h:43

cnat_snat_pfx_table_meta_t_
Definition: cnat_snat_policy.h:26

ip_address_family_t
enum ip_address_family_t_ ip_address_family_t

cnat_snat_policy_t
int(* cnat_snat_policy_t)(vlib_buffer_t *b, cnat_session_t *session)
Definition: cnat_snat_policy.h:24

cnat_snat_pfx_table_meta_t_::non_empty_dst_address_length_bitmap
uword * non_empty_dst_address_length_bitmap
Definition: cnat_snat_policy.h:30

vlib_buffer_t
VLIB buffer representation.
Definition: buffer.h:111

uword
u64 uword
Definition: types.h:112

ip_prefix
Definition: ip_types.h:116

clib_bitmap_t
uword clib_bitmap_t
Definition: bitmap.h:50

cnat_set_snat_policy
int cnat_set_snat_policy(cnat_snat_policy_type_t policy)
Definition: cnat_snat_policy.c:473

cnat_snat_interface_map_type_t
enum cnat_snat_interface_map_type_t_ cnat_snat_interface_map_type_t

cnat_snat_policy_main_t
struct cnat_snat_policy_main_t_ cnat_snat_policy_main_t

CNAT_SNAT_IF_MAP_INCLUDE_V6
Definition: cnat_snat_policy.h:46

cnat_snat_policy_main_t_::excluded_pfx
cnat_snat_exclude_pfx_table_t excluded_pfx
Definition: cnat_snat_policy.h:61

cnat_snat_policy_type_t
enum cnat_snat_policy_type_t_ cnat_snat_policy_type_t

cnat_snat_policy_main_t_::snat_ip6
cnat_endpoint_t snat_ip6
Definition: cnat_snat_policy.h:73

cnat_search_snat_prefix
int cnat_search_snat_prefix(ip46_address_t *addr, ip_address_family_t af)
Definition: cnat_snat_policy.c:218