aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMatthew Smith <mgsmith@netgate.com>2020-11-04 11:18:10 -0600
committerOle Tr�an <otroan@employees.org>2021-04-28 06:30:36 +0000
commite3f078fcfc76d465552f0a0343a1886f4d177dd0 (patch)
tree5f0873ee8338bc11f1bccd11c89cbc68feefd533
parentf2b6b9e29b55075d09cfc3c25852a87c2eade596 (diff)
nat: fix byte order on ipfix message fields
Type: fix The code for quota exceeded events is a u32 and was being copied into ipfix packets in host byte order. Same for the limit field. Swap the order before copying into packet buffer. This change was applied once before but had to be reverted. This was because between the time the change was uploaded/reviewed and the time it was merged, a different patch was merged which activated a NAT ipfix unit test that had formerly only been run as part of the extended tests. The test was expecting the values to be in host byte order so it failed with this patch applied. This time around, that test has also been updated to expect network byte order. Change-Id: If5413b1f806d664f6786e56ba13c3eee573c26d2 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
-rw-r--r--src/plugins/nat/lib/ipfix_logging.c9
-rw-r--r--src/plugins/nat/nat44-ed/nat44_ed.api2
-rw-r--r--src/plugins/nat/nat44-ei/nat44_ei.api2
-rw-r--r--src/plugins/nat/test/test_nat44_ei.py4
4 files changed, 10 insertions, 7 deletions
diff --git a/src/plugins/nat/lib/ipfix_logging.c b/src/plugins/nat/lib/ipfix_logging.c
index 38a2cc9931b..2a5130e09d0 100644
--- a/src/plugins/nat/lib/ipfix_logging.c
+++ b/src/plugins/nat/lib/ipfix_logging.c
@@ -780,7 +780,7 @@ nat_ipfix_logging_max_entries_per_usr (u32 thread_index,
vlib_main_t *vm = vlib_get_main ();
u64 now;
u8 nat_event = QUOTA_EXCEEDED;
- u32 quota_event = MAX_ENTRIES_PER_USER;
+ u32 quota_event = clib_host_to_net_u32 (MAX_ENTRIES_PER_USER);
u16 template_id;
now = (u64) ((vlib_time_now (vm) - silm->vlib_time_0) * 1e3);
@@ -835,6 +835,7 @@ nat_ipfix_logging_max_entries_per_usr (u32 thread_index,
clib_memcpy_fast (b0->data + offset, &quota_event, sizeof (quota_event));
offset += sizeof (quota_event);
+ limit = clib_host_to_net_u32 (limit);
clib_memcpy_fast (b0->data + offset, &limit, sizeof (limit));
offset += sizeof (limit);
@@ -871,7 +872,7 @@ nat_ipfix_logging_max_ses (u32 thread_index, u32 limit, int do_flush)
vlib_main_t *vm = vlib_get_main ();
u64 now;
u8 nat_event = QUOTA_EXCEEDED;
- u32 quota_event = MAX_SESSION_ENTRIES;
+ u32 quota_event = clib_host_to_net_u32 (MAX_SESSION_ENTRIES);
u16 template_id;
now = (u64) ((vlib_time_now (vm) - silm->vlib_time_0) * 1e3);
@@ -926,6 +927,7 @@ nat_ipfix_logging_max_ses (u32 thread_index, u32 limit, int do_flush)
clib_memcpy_fast (b0->data + offset, &quota_event, sizeof (quota_event));
offset += sizeof (quota_event);
+ limit = clib_host_to_net_u32 (limit);
clib_memcpy_fast (b0->data + offset, &limit, sizeof (limit));
offset += sizeof (limit);
@@ -959,7 +961,7 @@ nat_ipfix_logging_max_bib (u32 thread_index, u32 limit, int do_flush)
vlib_main_t *vm = vlib_get_main ();
u64 now;
u8 nat_event = QUOTA_EXCEEDED;
- u32 quota_event = MAX_BIB_ENTRIES;
+ u32 quota_event = clib_host_to_net_u32 (MAX_BIB_ENTRIES);
u16 template_id;
now = (u64) ((vlib_time_now (vm) - silm->vlib_time_0) * 1e3);
@@ -1014,6 +1016,7 @@ nat_ipfix_logging_max_bib (u32 thread_index, u32 limit, int do_flush)
clib_memcpy_fast (b0->data + offset, &quota_event, sizeof (quota_event));
offset += sizeof (quota_event);
+ limit = clib_host_to_net_u32 (limit);
clib_memcpy_fast (b0->data + offset, &limit, sizeof (limit));
offset += sizeof (limit);
diff --git a/src/plugins/nat/nat44-ed/nat44_ed.api b/src/plugins/nat/nat44-ed/nat44_ed.api
index 4028aa71d7b..c65b7a81166 100644
--- a/src/plugins/nat/nat44-ed/nat44_ed.api
+++ b/src/plugins/nat/nat44-ed/nat44_ed.api
@@ -13,7 +13,7 @@
* limitations under the License.
*/
-option version = "5.2.0";
+option version = "5.3.0";
import "vnet/ip/ip_types.api";
import "vnet/interface_types.api";
import "plugins/nat/lib/nat_types.api";
diff --git a/src/plugins/nat/nat44-ei/nat44_ei.api b/src/plugins/nat/nat44-ei/nat44_ei.api
index 708c20aaadd..38251b072dd 100644
--- a/src/plugins/nat/nat44-ei/nat44_ei.api
+++ b/src/plugins/nat/nat44-ei/nat44_ei.api
@@ -13,7 +13,7 @@
* limitations under the License.
*/
-option version = "1.0.0";
+option version = "1.1.0";
import "vnet/ip/ip_types.api";
import "vnet/interface_types.api";
import "plugins/nat/lib/nat_types.api";
diff --git a/src/plugins/nat/test/test_nat44_ei.py b/src/plugins/nat/test/test_nat44_ei.py
index 4b0bf030963..4160ea2c344 100644
--- a/src/plugins/nat/test/test_nat44_ei.py
+++ b/src/plugins/nat/test/test_nat44_ei.py
@@ -623,9 +623,9 @@ class MethodHolder(VppTestCase):
# natEvent
self.assertEqual(scapy.compat.orb(record[230]), 13)
# natQuotaExceededEvent
- self.assertEqual(struct.pack("I", 1), record[466])
+ self.assertEqual(struct.pack("!I", 1), record[466])
# maxSessionEntries
- self.assertEqual(struct.pack("I", limit), record[471])
+ self.assertEqual(struct.pack("!I", limit), record[471])
def verify_no_nat44_user(self):
""" Verify that there is no NAT44EI user """