summaryrefslogtreecommitdiffstats
path: root/src/plugins/cnat
diff options
context:
space:
mode:
authorHediBouattour <hedibouattour2010@gmail.com>2023-08-16 13:26:22 +0200
committerDave Wallace <dwallacelf@gmail.com>2023-08-18 02:42:33 +0000
commitf6beee077ef3e79a32043dd4685e87d7a6d16a5b (patch)
tree5946ee7fe74a0b51e405e23e35ae47f87024dda2 /src/plugins/cnat
parentc5fa5391ed04ec1d18129792dc38524f81a7b6e1 (diff)
cnat: add host tag to bitmap in cnat snat
Type: feature this patch adds a new tag "host" to interfaces for cnat-snat if an interface is tagged pod and host we do not snat traffic outgoing through it Change-Id: I71f5bfcb85581bb8508ba547374f0603f1079ac6 Signed-off-by: hedi bouattour <hedibouattour2010@gmail.com>
Diffstat (limited to 'src/plugins/cnat')
-rw-r--r--src/plugins/cnat/cnat.api1
-rw-r--r--src/plugins/cnat/cnat_snat_policy.c13
-rw-r--r--src/plugins/cnat/cnat_snat_policy.h3
3 files changed, 17 insertions, 0 deletions
diff --git a/src/plugins/cnat/cnat.api b/src/plugins/cnat/cnat.api
index 846917eb2e7..6026432507f 100644
--- a/src/plugins/cnat/cnat.api
+++ b/src/plugins/cnat/cnat.api
@@ -173,6 +173,7 @@ enum cnat_snat_policy_table:u8
CNAT_POLICY_INCLUDE_V4 = 0,
CNAT_POLICY_INCLUDE_V6 = 1,
CNAT_POLICY_POD = 2,
+ CNAT_POLICY_HOST = 3,
};
autoreply define cnat_snat_policy_add_del_if
diff --git a/src/plugins/cnat/cnat_snat_policy.c b/src/plugins/cnat/cnat_snat_policy.c
index 298dc76d681..cd9bfef492a 100644
--- a/src/plugins/cnat/cnat_snat_policy.c
+++ b/src/plugins/cnat/cnat_snat_policy.c
@@ -29,6 +29,8 @@ unformat_cnat_snat_interface_map_type (unformat_input_t *input, va_list *args)
*a = CNAT_SNAT_IF_MAP_INCLUDE_V6;
else if (unformat (input, "k8s"))
*a = CNAT_SNAT_IF_MAP_INCLUDE_POD;
+ else if (unformat (input, "host"))
+ *a = CNAT_SNAT_IF_MAP_INCLUDE_HOST;
else
return 0;
return 1;
@@ -49,6 +51,9 @@ format_cnat_snat_interface_map_type (u8 *s, va_list *args)
case CNAT_SNAT_IF_MAP_INCLUDE_POD:
s = format (s, "k8s pod");
break;
+ case CNAT_SNAT_IF_MAP_INCLUDE_HOST:
+ s = format (s, "k8s host");
+ break;
default:
s = format (s, "(unknown)");
break;
@@ -296,6 +301,14 @@ cnat_snat_policy_k8s (vlib_buffer_t *b, cnat_session_t *session)
u32 in_if = vnet_buffer (b)->sw_if_index[VLIB_RX];
u32 out_if = vnet_buffer (b)->sw_if_index[VLIB_TX];
+ /* we should never snat traffic that we punt to the host, pass traffic as it
+ * is for us */
+ if (clib_bitmap_get (cpm->interface_maps[CNAT_SNAT_IF_MAP_INCLUDE_HOST],
+ out_if))
+ {
+ return 0;
+ }
+
/* source nat for outgoing connections */
if (cnat_snat_policy_interface_enabled (in_if, af))
if (cnat_search_snat_prefix (dst_addr, af))
diff --git a/src/plugins/cnat/cnat_snat_policy.h b/src/plugins/cnat/cnat_snat_policy.h
index 987ae494e16..61c2382602f 100644
--- a/src/plugins/cnat/cnat_snat_policy.h
+++ b/src/plugins/cnat/cnat_snat_policy.h
@@ -45,6 +45,9 @@ typedef enum cnat_snat_interface_map_type_t_
CNAT_SNAT_IF_MAP_INCLUDE_V4 = AF_IP4,
CNAT_SNAT_IF_MAP_INCLUDE_V6 = AF_IP6,
CNAT_SNAT_IF_MAP_INCLUDE_POD,
+ /* CNAT_SNAT_IF_MAP_INCLUDE_HOST is used for interfaces used for punt,
+ replicating uplink */
+ CNAT_SNAT_IF_MAP_INCLUDE_HOST,
CNAT_N_SNAT_IF_MAP,
} cnat_snat_interface_map_type_t;