diff options
| author |   Juraj Sloboda <jsloboda@cisco.com> | 2018-04-10 13:51:54 +0200 |
|---|---|---|
| committer |   Damjan Marion <dmarion.lists@gmail.com> | 2018-04-19 10:35:13 +0000 |
| commit | 1e5c07d379a092f4829e7081aa962d013b31fdfc (patch) | |
| tree | 1b1a3c386663b3356773cf374b55a64f14d43709 /src/plugins/nat/nat_api.c | |
| parent | b14826e459302556febb391456ea90644278645a (diff) | |
Add special Twice-NAT feature (VPP-1221)
When enabled then Twice-NAT is applied only when
source IP equals destination IP after DNAT
Change-Id: I58a9d1d222b2a10c83eafffb2107f32c1b4aa3a8
Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
Diffstat (limited to 'src/plugins/nat/nat_api.c')
| -rw-r--r-- | src/plugins/nat/nat_api.c | 24 |
1 files changed, 20 insertions, 4 deletions
diff --git a/src/plugins/nat/nat_api.c b/src/plugins/nat/nat_api.c index 56b261d1bb9..417d2984011 100644 --- a/src/plugins/nat/nat_api.c +++ b/src/plugins/nat/nat_api.c @@ -724,6 +724,7 @@ static void ip4_address_t local_addr, external_addr; u16 local_port = 0, external_port = 0; u32 vrf_id, external_sw_if_index; + twice_nat_type_t twice_nat = TWICE_NAT_DISABLED; int rv = 0; snat_protocol_t proto; u8 *tag = 0; @@ -744,6 +745,10 @@ static void vrf_id = clib_net_to_host_u32 (mp->vrf_id); external_sw_if_index = clib_net_to_host_u32 (mp->external_sw_if_index); proto = ip_proto_to_snat_proto (mp->protocol); + if (mp->twice_nat) + twice_nat = TWICE_NAT; + else if (mp->self_twice_nat) + twice_nat = TWICE_NAT_SELF; mp->tag[sizeof (mp->tag) - 1] = 0; tag = format (0, "%s", mp->tag); vec_terminate_c_string (tag); @@ -751,7 +756,7 @@ static void rv = snat_add_static_mapping (local_addr, external_addr, local_port, external_port, vrf_id, mp->addr_only, external_sw_if_index, proto, mp->is_add, - mp->twice_nat, mp->out2in_only, tag); + twice_nat, mp->out2in_only, tag); vec_free (tag); @@ -804,7 +809,10 @@ send_nat44_static_mapping_details (snat_static_mapping_t * m, rmp->external_sw_if_index = ~0; rmp->vrf_id = htonl (m->vrf_id); rmp->context = context; - rmp->twice_nat = m->twice_nat; + if (m->twice_nat == TWICE_NAT) + rmp->twice_nat = 1; + else if (m->twice_nat == TWICE_NAT_SELF) + rmp->self_twice_nat = 1; rmp->out2in_only = m->out2in_only; if (m->addr_only == 0) { @@ -1324,6 +1332,7 @@ static void { snat_main_t *sm = &snat_main; vl_api_nat44_add_del_lb_static_mapping_reply_t *rmp; + twice_nat_type_t twice_nat = TWICE_NAT_DISABLED; int rv = 0; nat44_lb_addr_port_t *locals = 0; ip4_address_t e_addr; @@ -1339,6 +1348,10 @@ static void locals = unformat_nat44_lb_addr_port (mp->locals, mp->local_num); clib_memcpy (&e_addr, mp->external_addr, 4); proto = ip_proto_to_snat_proto (mp->protocol); + if (mp->twice_nat) + twice_nat = TWICE_NAT; + else if (mp->self_twice_nat) + twice_nat = TWICE_NAT_SELF; mp->tag[sizeof (mp->tag) - 1] = 0; tag = format (0, "%s", mp->tag); vec_terminate_c_string (tag); @@ -1347,7 +1360,7 @@ static void nat44_add_del_lb_static_mapping (e_addr, clib_net_to_host_u16 (mp->external_port), proto, clib_net_to_host_u32 (mp->vrf_id), - locals, mp->is_add, mp->twice_nat, + locals, mp->is_add, twice_nat, mp->out2in_only, tag); vec_free (locals); @@ -1391,7 +1404,10 @@ send_nat44_lb_static_mapping_details (snat_static_mapping_t * m, rmp->protocol = snat_proto_to_ip_proto (m->proto); rmp->vrf_id = ntohl (m->vrf_id); rmp->context = context; - rmp->twice_nat = m->twice_nat; + if (m->twice_nat == TWICE_NAT) + rmp->twice_nat = 1; + else if (m->twice_nat == TWICE_NAT_SELF) + rmp->self_twice_nat = 1; rmp->out2in_only = m->out2in_only; if (m->tag) strncpy ((char *) rmp->tag, (char *) m->tag, vec_len (m->tag)); |