summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMatus Fabian <matfabia@cisco.com>2018-04-04 03:27:43 -0700
committerDave Barach <openvpp@barachs.net>2018-04-04 13:05:05 +0000
commit36a62702c5454d0a3f7e7aafc5b95d6ca0a7d703 (patch)
tree812ee90cbf2e99d0fa86c09abfd2c4d6d137bb1c
parent4772e7ad53392e5ee78d05061ed18762bd4b8e8e (diff)
NAT44: prohibit multiple static mappings for a single local address (VPP-1224)
Change-Id: I32b30210c2f1aec10a1b614d04f427662326a3d2 Signed-off-by: Matus Fabian <matfabia@cisco.com>
-rw-r--r--src/plugins/nat/nat.c11
1 files changed, 11 insertions, 0 deletions
diff --git a/src/plugins/nat/nat.c b/src/plugins/nat/nat.c
index a2b4010df0b..9a620472b86 100644
--- a/src/plugins/nat/nat.c
+++ b/src/plugins/nat/nat.c
@@ -785,6 +785,17 @@ int snat_add_static_mapping(ip4_address_t l_addr, ip4_address_t e_addr,
vrf_id = sm->inside_vrf_id;
}
+ if (!out2in_only)
+ {
+ m_key.addr = l_addr;
+ m_key.port = addr_only ? 0 : l_port;
+ m_key.protocol = addr_only ? 0 : proto;
+ m_key.fib_index = fib_index;
+ kv.key = m_key.as_u64;
+ if (!clib_bihash_search_8_8 (&sm->static_mapping_by_local, &kv, &value))
+ return VNET_API_ERROR_VALUE_EXIST;
+ }
+
/* Find external address in allocated addresses and reserve port for
address and port pair mapping when dynamic translations enabled */
if (!(addr_only || sm->static_mapping_only || out2in_only))