summaryrefslogtreecommitdiffstats
path: root/src/plugins/nat/nat44_cli.c
diff options
context:
space:
mode:
authorJuraj Sloboda <jsloboda@cisco.com>2018-04-11 12:54:12 +0200
committerOle Trøan <otroan@employees.org>2018-04-12 10:01:24 +0000
commit2c703c7c4637d5cc94dd480b1ce8e4f51c82d8ab (patch)
treeb0716c27026e75723624432bda9343f7ccb04e2b /src/plugins/nat/nat44_cli.c
parent8eaa96d976338420e590eaa4672420b91e2161b5 (diff)
NAT: disable CLI/API not supported in active mode (VPP-1234)
When in deterministic mode disable nondeterministic CLI/API. When not in deterministic mode disable deterministic CLI/API. Change-Id: Ibf485c14612297e51d3815a6fde541542c8fe7ab Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
Diffstat (limited to 'src/plugins/nat/nat44_cli.c')
-rw-r--r--src/plugins/nat/nat44_cli.c79
1 files changed, 79 insertions, 0 deletions
diff --git a/src/plugins/nat/nat44_cli.c b/src/plugins/nat/nat44_cli.c
index f61f59b8d6a..da97a801b7f 100644
--- a/src/plugins/nat/nat44_cli.c
+++ b/src/plugins/nat/nat44_cli.c
@@ -22,15 +22,24 @@
#include <nat/nat_det.h>
#include <vnet/fib/fib_table.h>
+#define UNSUPPORTED_IN_DET_MODE_STR \
+ "This command is unsupported in deterministic mode"
+#define SUPPORTED_ONLY_IN_DET_MODE_STR \
+ "This command is supported only in deterministic mode"
+
static clib_error_t *
set_workers_command_fn (vlib_main_t * vm,
unformat_input_t * input, vlib_cli_command_t * cmd)
{
unformat_input_t _line_input, *line_input = &_line_input;
+ snat_main_t *sm = &snat_main;
uword *bitmap = 0;
int rv = 0;
clib_error_t *error = 0;
+ if (sm->deterministic)
+ return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
+
/* Get a line of input. */
if (!unformat_user (input, unformat_line_input, line_input))
return 0;
@@ -83,6 +92,9 @@ nat_show_workers_commnad_fn (vlib_main_t * vm, unformat_input_t * input,
snat_main_t *sm = &snat_main;
u32 *worker;
+ if (sm->deterministic)
+ return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
+
if (sm->num_workers > 1)
{
vlib_cli_output (vm, "%d workers", vec_len (sm->workers));
@@ -151,9 +163,13 @@ nat44_set_alloc_addr_and_port_alg_command_fn (vlib_main_t * vm,
vlib_cli_command_t * cmd)
{
unformat_input_t _line_input, *line_input = &_line_input;
+ snat_main_t *sm = &snat_main;
clib_error_t *error = 0;
u32 psid, psid_offset, psid_length;
+ if (sm->deterministic)
+ return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
+
/* Get a line of input. */
if (!unformat_user (input, unformat_line_input, line_input))
return 0;
@@ -197,6 +213,9 @@ add_address_command_fn (vlib_main_t * vm,
clib_error_t *error = 0;
u8 twice_nat = 0;
+ if (sm->deterministic)
+ return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
+
/* Get a line of input. */
if (!unformat_user (input, unformat_line_input, line_input))
return 0;
@@ -286,6 +305,9 @@ nat44_show_addresses_command_fn (vlib_main_t * vm, unformat_input_t * input,
snat_main_t *sm = &snat_main;
snat_address_t *ap;
+ if (sm->deterministic)
+ return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
+
vlib_cli_output (vm, "NAT44 pool addresses:");
/* *INDENT-OFF* */
vec_foreach (ap, sm->addresses)
@@ -468,6 +490,7 @@ add_static_mapping_command_fn (vlib_main_t * vm,
vlib_cli_command_t * cmd)
{
unformat_input_t _line_input, *line_input = &_line_input;
+ snat_main_t *sm = &snat_main;
clib_error_t *error = 0;
ip4_address_t l_addr, e_addr;
u32 l_port = 0, e_port = 0, vrf_id = ~0;
@@ -481,6 +504,9 @@ add_static_mapping_command_fn (vlib_main_t * vm,
u8 twice_nat = 0;
u8 out2in_only = 0;
+ if (sm->deterministic)
+ return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
+
/* Get a line of input. */
if (!unformat_user (input, unformat_line_input, line_input))
return 0;
@@ -574,6 +600,7 @@ add_identity_mapping_command_fn (vlib_main_t * vm,
vlib_cli_command_t * cmd)
{
unformat_input_t _line_input, *line_input = &_line_input;
+ snat_main_t *sm = &snat_main;
clib_error_t *error = 0;
ip4_address_t addr;
u32 port = 0, vrf_id = ~0;
@@ -584,6 +611,9 @@ add_identity_mapping_command_fn (vlib_main_t * vm,
int rv;
snat_protocol_t proto;
+ if (sm->deterministic)
+ return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
+
addr.as_u32 = 0;
/* Get a line of input. */
@@ -649,6 +679,7 @@ add_lb_static_mapping_command_fn (vlib_main_t * vm,
vlib_cli_command_t * cmd)
{
unformat_input_t _line_input, *line_input = &_line_input;
+ snat_main_t *sm = &snat_main;
clib_error_t *error = 0;
ip4_address_t l_addr, e_addr;
u32 l_port = 0, e_port = 0, vrf_id = 0, probability = 0;
@@ -660,6 +691,9 @@ add_lb_static_mapping_command_fn (vlib_main_t * vm,
u8 twice_nat = 0;
u8 out2in_only = 0;
+ if (sm->deterministic)
+ return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
+
/* Get a line of input. */
if (!unformat_user (input, unformat_line_input, line_input))
return 0;
@@ -747,6 +781,9 @@ nat44_show_static_mappings_command_fn (vlib_main_t * vm,
snat_static_mapping_t *m;
snat_static_map_resolve_t *rp;
+ if (sm->deterministic)
+ return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
+
vlib_cli_output (vm, "NAT44 static mappings:");
/* *INDENT-OFF* */
pool_foreach (m, sm->static_mappings,
@@ -773,6 +810,9 @@ snat_add_interface_address_command_fn (vlib_main_t * vm,
clib_error_t *error = 0;
u8 twice_nat = 0;
+ if (sm->deterministic)
+ return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
+
/* Get a line of input. */
if (!unformat_user (input, unformat_line_input, line_input))
return 0;
@@ -822,6 +862,9 @@ nat44_show_interface_address_command_fn (vlib_main_t * vm,
vnet_main_t *vnm = vnet_get_main ();
u32 *sw_if_index;
+ if (sm->deterministic)
+ return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
+
/* *INDENT-OFF* */
vlib_cli_output (vm, "NAT44 pool address interfaces:");
vec_foreach (sw_if_index, sm->auto_add_sw_if_indices)
@@ -850,6 +893,9 @@ nat44_show_sessions_command_fn (vlib_main_t * vm, unformat_input_t * input,
snat_user_t *u;
int i = 0;
+ if (sm->deterministic)
+ return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
+
if (unformat (input, "detail"))
verbose = 1;
@@ -884,6 +930,9 @@ nat44_del_session_command_fn (vlib_main_t * vm,
snat_protocol_t proto;
int rv;
+ if (sm->deterministic)
+ return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
+
/* Get a line of input. */
if (!unformat_user (input, unformat_line_input, line_input))
return 0;
@@ -938,6 +987,9 @@ snat_forwarding_set_command_fn (vlib_main_t * vm,
u8 forwarding_enable_set = 0;
clib_error_t *error = 0;
+ if (sm->deterministic)
+ return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR);
+
/* Get a line of input. */
if (!unformat_user (input, unformat_line_input, line_input))
return clib_error_return (0, "'enable' or 'disable' expected");
@@ -987,6 +1039,9 @@ snat_det_map_command_fn (vlib_main_t * vm,
int is_add = 1, rv;
clib_error_t *error = 0;
+ if (!sm->deterministic)
+ return clib_error_return (0, SUPPORTED_ONLY_IN_DET_MODE_STR);
+
/* Get a line of input. */
if (!unformat_user (input, unformat_line_input, line_input))
return 0;
@@ -1034,6 +1089,9 @@ nat44_det_show_mappings_command_fn (vlib_main_t * vm,
snat_main_t *sm = &snat_main;
snat_det_map_t *dm;
+ if (!sm->deterministic)
+ return clib_error_return (0, SUPPORTED_ONLY_IN_DET_MODE_STR);
+
vlib_cli_output (vm, "NAT44 deterministic mappings:");
/* *INDENT-OFF* */
pool_foreach (dm, sm->det_maps,
@@ -1064,6 +1122,9 @@ snat_det_forward_command_fn (vlib_main_t * vm,
snat_det_map_t *dm;
clib_error_t *error = 0;
+ if (!sm->deterministic)
+ return clib_error_return (0, SUPPORTED_ONLY_IN_DET_MODE_STR);
+
/* Get a line of input. */
if (!unformat_user (input, unformat_line_input, line_input))
return 0;
@@ -1108,6 +1169,9 @@ snat_det_reverse_command_fn (vlib_main_t * vm,
snat_det_map_t *dm;
clib_error_t *error = 0;
+ if (!sm->deterministic)
+ return clib_error_return (0, SUPPORTED_ONLY_IN_DET_MODE_STR);
+
/* Get a line of input. */
if (!unformat_user (input, unformat_line_input, line_input))
return 0;
@@ -1154,6 +1218,9 @@ set_timeout_command_fn (vlib_main_t * vm,
unformat_input_t _line_input, *line_input = &_line_input;
clib_error_t *error = 0;
+ if (!sm->deterministic)
+ return clib_error_return (0, SUPPORTED_ONLY_IN_DET_MODE_STR);
+
/* Get a line of input. */
if (!unformat_user (input, unformat_line_input, line_input))
return 0;
@@ -1198,6 +1265,9 @@ nat44_det_show_timeouts_command_fn (vlib_main_t * vm,
{
snat_main_t *sm = &snat_main;
+ if (!sm->deterministic)
+ return clib_error_return (0, SUPPORTED_ONLY_IN_DET_MODE_STR);
+
vlib_cli_output (vm, "udp timeout: %dsec", sm->udp_timeout);
vlib_cli_output (vm, "tcp-established timeout: %dsec",
sm->tcp_established_timeout);
@@ -1218,6 +1288,9 @@ nat44_det_show_sessions_command_fn (vlib_main_t * vm,
snat_det_session_t *ses;
int i;
+ if (!sm->deterministic)
+ return clib_error_return (0, SUPPORTED_ONLY_IN_DET_MODE_STR);
+
vlib_cli_output (vm, "NAT44 deterministic sessions:");
/* *INDENT-OFF* */
pool_foreach (dm, sm->det_maps,
@@ -1247,6 +1320,9 @@ snat_det_close_session_out_fn (vlib_main_t * vm,
snat_det_out_key_t key;
clib_error_t *error = 0;
+ if (!sm->deterministic)
+ return clib_error_return (0, SUPPORTED_ONLY_IN_DET_MODE_STR);
+
/* Get a line of input. */
if (!unformat_user (input, unformat_line_input, line_input))
return 0;
@@ -1303,6 +1379,9 @@ snat_det_close_session_in_fn (vlib_main_t * vm,
snat_det_out_key_t key;
clib_error_t *error = 0;
+ if (!sm->deterministic)
+ return clib_error_return (0, SUPPORTED_ONLY_IN_DET_MODE_STR);
+
/* Get a line of input. */
if (!unformat_user (input, unformat_line_input, line_input))
return 0;