diff options
author | Juraj Sloboda <jsloboda@cisco.com> | 2018-04-11 12:54:12 +0200 |
---|---|---|
committer | Ole Trøan <otroan@employees.org> | 2018-04-12 10:01:24 +0000 |
commit | 2c703c7c4637d5cc94dd480b1ce8e4f51c82d8ab (patch) | |
tree | b0716c27026e75723624432bda9343f7ccb04e2b /src/plugins/nat/nat44_cli.c | |
parent | 8eaa96d976338420e590eaa4672420b91e2161b5 (diff) |
NAT: disable CLI/API not supported in active mode (VPP-1234)
When in deterministic mode disable nondeterministic CLI/API.
When not in deterministic mode disable deterministic CLI/API.
Change-Id: Ibf485c14612297e51d3815a6fde541542c8fe7ab
Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
Diffstat (limited to 'src/plugins/nat/nat44_cli.c')
-rw-r--r-- | src/plugins/nat/nat44_cli.c | 79 |
1 files changed, 79 insertions, 0 deletions
diff --git a/src/plugins/nat/nat44_cli.c b/src/plugins/nat/nat44_cli.c index f61f59b8d6a..da97a801b7f 100644 --- a/src/plugins/nat/nat44_cli.c +++ b/src/plugins/nat/nat44_cli.c @@ -22,15 +22,24 @@ #include <nat/nat_det.h> #include <vnet/fib/fib_table.h> +#define UNSUPPORTED_IN_DET_MODE_STR \ + "This command is unsupported in deterministic mode" +#define SUPPORTED_ONLY_IN_DET_MODE_STR \ + "This command is supported only in deterministic mode" + static clib_error_t * set_workers_command_fn (vlib_main_t * vm, unformat_input_t * input, vlib_cli_command_t * cmd) { unformat_input_t _line_input, *line_input = &_line_input; + snat_main_t *sm = &snat_main; uword *bitmap = 0; int rv = 0; clib_error_t *error = 0; + if (sm->deterministic) + return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR); + /* Get a line of input. */ if (!unformat_user (input, unformat_line_input, line_input)) return 0; @@ -83,6 +92,9 @@ nat_show_workers_commnad_fn (vlib_main_t * vm, unformat_input_t * input, snat_main_t *sm = &snat_main; u32 *worker; + if (sm->deterministic) + return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR); + if (sm->num_workers > 1) { vlib_cli_output (vm, "%d workers", vec_len (sm->workers)); @@ -151,9 +163,13 @@ nat44_set_alloc_addr_and_port_alg_command_fn (vlib_main_t * vm, vlib_cli_command_t * cmd) { unformat_input_t _line_input, *line_input = &_line_input; + snat_main_t *sm = &snat_main; clib_error_t *error = 0; u32 psid, psid_offset, psid_length; + if (sm->deterministic) + return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR); + /* Get a line of input. */ if (!unformat_user (input, unformat_line_input, line_input)) return 0; @@ -197,6 +213,9 @@ add_address_command_fn (vlib_main_t * vm, clib_error_t *error = 0; u8 twice_nat = 0; + if (sm->deterministic) + return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR); + /* Get a line of input. */ if (!unformat_user (input, unformat_line_input, line_input)) return 0; @@ -286,6 +305,9 @@ nat44_show_addresses_command_fn (vlib_main_t * vm, unformat_input_t * input, snat_main_t *sm = &snat_main; snat_address_t *ap; + if (sm->deterministic) + return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR); + vlib_cli_output (vm, "NAT44 pool addresses:"); /* *INDENT-OFF* */ vec_foreach (ap, sm->addresses) @@ -468,6 +490,7 @@ add_static_mapping_command_fn (vlib_main_t * vm, vlib_cli_command_t * cmd) { unformat_input_t _line_input, *line_input = &_line_input; + snat_main_t *sm = &snat_main; clib_error_t *error = 0; ip4_address_t l_addr, e_addr; u32 l_port = 0, e_port = 0, vrf_id = ~0; @@ -481,6 +504,9 @@ add_static_mapping_command_fn (vlib_main_t * vm, u8 twice_nat = 0; u8 out2in_only = 0; + if (sm->deterministic) + return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR); + /* Get a line of input. */ if (!unformat_user (input, unformat_line_input, line_input)) return 0; @@ -574,6 +600,7 @@ add_identity_mapping_command_fn (vlib_main_t * vm, vlib_cli_command_t * cmd) { unformat_input_t _line_input, *line_input = &_line_input; + snat_main_t *sm = &snat_main; clib_error_t *error = 0; ip4_address_t addr; u32 port = 0, vrf_id = ~0; @@ -584,6 +611,9 @@ add_identity_mapping_command_fn (vlib_main_t * vm, int rv; snat_protocol_t proto; + if (sm->deterministic) + return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR); + addr.as_u32 = 0; /* Get a line of input. */ @@ -649,6 +679,7 @@ add_lb_static_mapping_command_fn (vlib_main_t * vm, vlib_cli_command_t * cmd) { unformat_input_t _line_input, *line_input = &_line_input; + snat_main_t *sm = &snat_main; clib_error_t *error = 0; ip4_address_t l_addr, e_addr; u32 l_port = 0, e_port = 0, vrf_id = 0, probability = 0; @@ -660,6 +691,9 @@ add_lb_static_mapping_command_fn (vlib_main_t * vm, u8 twice_nat = 0; u8 out2in_only = 0; + if (sm->deterministic) + return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR); + /* Get a line of input. */ if (!unformat_user (input, unformat_line_input, line_input)) return 0; @@ -747,6 +781,9 @@ nat44_show_static_mappings_command_fn (vlib_main_t * vm, snat_static_mapping_t *m; snat_static_map_resolve_t *rp; + if (sm->deterministic) + return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR); + vlib_cli_output (vm, "NAT44 static mappings:"); /* *INDENT-OFF* */ pool_foreach (m, sm->static_mappings, @@ -773,6 +810,9 @@ snat_add_interface_address_command_fn (vlib_main_t * vm, clib_error_t *error = 0; u8 twice_nat = 0; + if (sm->deterministic) + return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR); + /* Get a line of input. */ if (!unformat_user (input, unformat_line_input, line_input)) return 0; @@ -822,6 +862,9 @@ nat44_show_interface_address_command_fn (vlib_main_t * vm, vnet_main_t *vnm = vnet_get_main (); u32 *sw_if_index; + if (sm->deterministic) + return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR); + /* *INDENT-OFF* */ vlib_cli_output (vm, "NAT44 pool address interfaces:"); vec_foreach (sw_if_index, sm->auto_add_sw_if_indices) @@ -850,6 +893,9 @@ nat44_show_sessions_command_fn (vlib_main_t * vm, unformat_input_t * input, snat_user_t *u; int i = 0; + if (sm->deterministic) + return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR); + if (unformat (input, "detail")) verbose = 1; @@ -884,6 +930,9 @@ nat44_del_session_command_fn (vlib_main_t * vm, snat_protocol_t proto; int rv; + if (sm->deterministic) + return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR); + /* Get a line of input. */ if (!unformat_user (input, unformat_line_input, line_input)) return 0; @@ -938,6 +987,9 @@ snat_forwarding_set_command_fn (vlib_main_t * vm, u8 forwarding_enable_set = 0; clib_error_t *error = 0; + if (sm->deterministic) + return clib_error_return (0, UNSUPPORTED_IN_DET_MODE_STR); + /* Get a line of input. */ if (!unformat_user (input, unformat_line_input, line_input)) return clib_error_return (0, "'enable' or 'disable' expected"); @@ -987,6 +1039,9 @@ snat_det_map_command_fn (vlib_main_t * vm, int is_add = 1, rv; clib_error_t *error = 0; + if (!sm->deterministic) + return clib_error_return (0, SUPPORTED_ONLY_IN_DET_MODE_STR); + /* Get a line of input. */ if (!unformat_user (input, unformat_line_input, line_input)) return 0; @@ -1034,6 +1089,9 @@ nat44_det_show_mappings_command_fn (vlib_main_t * vm, snat_main_t *sm = &snat_main; snat_det_map_t *dm; + if (!sm->deterministic) + return clib_error_return (0, SUPPORTED_ONLY_IN_DET_MODE_STR); + vlib_cli_output (vm, "NAT44 deterministic mappings:"); /* *INDENT-OFF* */ pool_foreach (dm, sm->det_maps, @@ -1064,6 +1122,9 @@ snat_det_forward_command_fn (vlib_main_t * vm, snat_det_map_t *dm; clib_error_t *error = 0; + if (!sm->deterministic) + return clib_error_return (0, SUPPORTED_ONLY_IN_DET_MODE_STR); + /* Get a line of input. */ if (!unformat_user (input, unformat_line_input, line_input)) return 0; @@ -1108,6 +1169,9 @@ snat_det_reverse_command_fn (vlib_main_t * vm, snat_det_map_t *dm; clib_error_t *error = 0; + if (!sm->deterministic) + return clib_error_return (0, SUPPORTED_ONLY_IN_DET_MODE_STR); + /* Get a line of input. */ if (!unformat_user (input, unformat_line_input, line_input)) return 0; @@ -1154,6 +1218,9 @@ set_timeout_command_fn (vlib_main_t * vm, unformat_input_t _line_input, *line_input = &_line_input; clib_error_t *error = 0; + if (!sm->deterministic) + return clib_error_return (0, SUPPORTED_ONLY_IN_DET_MODE_STR); + /* Get a line of input. */ if (!unformat_user (input, unformat_line_input, line_input)) return 0; @@ -1198,6 +1265,9 @@ nat44_det_show_timeouts_command_fn (vlib_main_t * vm, { snat_main_t *sm = &snat_main; + if (!sm->deterministic) + return clib_error_return (0, SUPPORTED_ONLY_IN_DET_MODE_STR); + vlib_cli_output (vm, "udp timeout: %dsec", sm->udp_timeout); vlib_cli_output (vm, "tcp-established timeout: %dsec", sm->tcp_established_timeout); @@ -1218,6 +1288,9 @@ nat44_det_show_sessions_command_fn (vlib_main_t * vm, snat_det_session_t *ses; int i; + if (!sm->deterministic) + return clib_error_return (0, SUPPORTED_ONLY_IN_DET_MODE_STR); + vlib_cli_output (vm, "NAT44 deterministic sessions:"); /* *INDENT-OFF* */ pool_foreach (dm, sm->det_maps, @@ -1247,6 +1320,9 @@ snat_det_close_session_out_fn (vlib_main_t * vm, snat_det_out_key_t key; clib_error_t *error = 0; + if (!sm->deterministic) + return clib_error_return (0, SUPPORTED_ONLY_IN_DET_MODE_STR); + /* Get a line of input. */ if (!unformat_user (input, unformat_line_input, line_input)) return 0; @@ -1303,6 +1379,9 @@ snat_det_close_session_in_fn (vlib_main_t * vm, snat_det_out_key_t key; clib_error_t *error = 0; + if (!sm->deterministic) + return clib_error_return (0, SUPPORTED_ONLY_IN_DET_MODE_STR); + /* Get a line of input. */ if (!unformat_user (input, unformat_line_input, line_input)) return 0; |