nat: deny adding intf addr if static-mapping-only

If static-mapping-only is enabled, NAT pool cannot be configured, only static mappings. There're two ways to add addresses to the NAT pool: by address range, or by first found address from an interface. NAT44_ADD_DEL_ADDRESS_RANGE already tests if dynamic mappings are available but NAT44_ADD_DEL_INTERFACE_ADDR doesn't. If static-mapping-only is enabled, adding addresses by range is rejected but by interface not. With this change, if static-mapping-only is enabled, do not allow to add addresses to the NAT pool both ways. Type: fix Signed-off-by: Alexander Chernavin <achernavin@netgate.com> Change-Id: Ifc055ea9a71a5e579388833a2990aef21bf7ed29
author: Alexander Chernavin <achernavin@netgate.com> 2020-12-11 03:36:45 -0500
committer: Ole Tr�an <otroan@employees.org> 2021-02-09 15:58:29 +0000
commit: f039587701b47b3b27e281858eef56b29ff91864 (patch)
tree: cafb74baea20b6e45c5be2c9e34a3d86e7020f3c
parent: c9c9143898aa1f5b5aa90ab03a4c94181dcf7ed6 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/src/plugins/nat/nat44_api.c b/src/plugins/nat/nat44_api.c
index 05a79719261..a5e29198c64 100644
--- a/src/plugins/nat/nat44_api.c
+++ b/src/plugins/nat/nat44_api.c
@@ -1157,6 +1157,12 @@ static void
   int rv = 0;
   u8 is_del;
 
+  if (sm->static_mapping_only)
+    {
+      rv = VNET_API_ERROR_FEATURE_DISABLED;
+      goto send_reply;
+    }
+
   is_del = !mp->is_add;
 
   VALIDATE_SW_IF_INDEX (mp);
@@ -1165,6 +1171,8 @@ static void
 				   mp->flags & NAT_API_IS_TWICE_NAT);
 
   BAD_SW_IF_INDEX_LABEL;
+
+send_reply:
   REPLY_MACRO (VL_API_NAT44_ADD_DEL_INTERFACE_ADDR_REPLY);
 }
author	Alexander Chernavin <achernavin@netgate.com>	2020-12-11 03:36:45 -0500
committer	Ole Tr�an <otroan@employees.org>	2021-02-09 15:58:29 +0000
commit	f039587701b47b3b27e281858eef56b29ff91864 (patch)
tree	cafb74baea20b6e45c5be2c9e34a3d86e7020f3c
parent	c9c9143898aa1f5b5aa90ab03a4c94181dcf7ed6 (diff)