diff options
author | HediBouattour <hedibouattour2010@gmail.com> | 2023-08-16 13:26:22 +0200 |
---|---|---|
committer | Dave Wallace <dwallacelf@gmail.com> | 2023-08-18 02:42:33 +0000 |
commit | f6beee077ef3e79a32043dd4685e87d7a6d16a5b (patch) | |
tree | 5946ee7fe74a0b51e405e23e35ae47f87024dda2 | |
parent | c5fa5391ed04ec1d18129792dc38524f81a7b6e1 (diff) |
cnat: add host tag to bitmap in cnat snat
Type: feature
this patch adds a new tag "host" to interfaces for cnat-snat
if an interface is tagged pod and host we do not snat traffic outgoing through it
Change-Id: I71f5bfcb85581bb8508ba547374f0603f1079ac6
Signed-off-by: hedi bouattour <hedibouattour2010@gmail.com>
-rw-r--r-- | src/plugins/cnat/cnat.api | 1 | ||||
-rw-r--r-- | src/plugins/cnat/cnat_snat_policy.c | 13 | ||||
-rw-r--r-- | src/plugins/cnat/cnat_snat_policy.h | 3 |
3 files changed, 17 insertions, 0 deletions
diff --git a/src/plugins/cnat/cnat.api b/src/plugins/cnat/cnat.api index 846917eb2e7..6026432507f 100644 --- a/src/plugins/cnat/cnat.api +++ b/src/plugins/cnat/cnat.api @@ -173,6 +173,7 @@ enum cnat_snat_policy_table:u8 CNAT_POLICY_INCLUDE_V4 = 0, CNAT_POLICY_INCLUDE_V6 = 1, CNAT_POLICY_POD = 2, + CNAT_POLICY_HOST = 3, }; autoreply define cnat_snat_policy_add_del_if diff --git a/src/plugins/cnat/cnat_snat_policy.c b/src/plugins/cnat/cnat_snat_policy.c index 298dc76d681..cd9bfef492a 100644 --- a/src/plugins/cnat/cnat_snat_policy.c +++ b/src/plugins/cnat/cnat_snat_policy.c @@ -29,6 +29,8 @@ unformat_cnat_snat_interface_map_type (unformat_input_t *input, va_list *args) *a = CNAT_SNAT_IF_MAP_INCLUDE_V6; else if (unformat (input, "k8s")) *a = CNAT_SNAT_IF_MAP_INCLUDE_POD; + else if (unformat (input, "host")) + *a = CNAT_SNAT_IF_MAP_INCLUDE_HOST; else return 0; return 1; @@ -49,6 +51,9 @@ format_cnat_snat_interface_map_type (u8 *s, va_list *args) case CNAT_SNAT_IF_MAP_INCLUDE_POD: s = format (s, "k8s pod"); break; + case CNAT_SNAT_IF_MAP_INCLUDE_HOST: + s = format (s, "k8s host"); + break; default: s = format (s, "(unknown)"); break; @@ -296,6 +301,14 @@ cnat_snat_policy_k8s (vlib_buffer_t *b, cnat_session_t *session) u32 in_if = vnet_buffer (b)->sw_if_index[VLIB_RX]; u32 out_if = vnet_buffer (b)->sw_if_index[VLIB_TX]; + /* we should never snat traffic that we punt to the host, pass traffic as it + * is for us */ + if (clib_bitmap_get (cpm->interface_maps[CNAT_SNAT_IF_MAP_INCLUDE_HOST], + out_if)) + { + return 0; + } + /* source nat for outgoing connections */ if (cnat_snat_policy_interface_enabled (in_if, af)) if (cnat_search_snat_prefix (dst_addr, af)) diff --git a/src/plugins/cnat/cnat_snat_policy.h b/src/plugins/cnat/cnat_snat_policy.h index 987ae494e16..61c2382602f 100644 --- a/src/plugins/cnat/cnat_snat_policy.h +++ b/src/plugins/cnat/cnat_snat_policy.h @@ -45,6 +45,9 @@ typedef enum cnat_snat_interface_map_type_t_ CNAT_SNAT_IF_MAP_INCLUDE_V4 = AF_IP4, CNAT_SNAT_IF_MAP_INCLUDE_V6 = AF_IP6, CNAT_SNAT_IF_MAP_INCLUDE_POD, + /* CNAT_SNAT_IF_MAP_INCLUDE_HOST is used for interfaces used for punt, + replicating uplink */ + CNAT_SNAT_IF_MAP_INCLUDE_HOST, CNAT_N_SNAT_IF_MAP, } cnat_snat_interface_map_type_t; |