summaryrefslogtreecommitdiffstats
path: root/src/plugins/nat/out2in.c
diff options
context:
space:
mode:
authorJuraj Sloboda <jsloboda@cisco.com>2017-11-23 13:20:48 +0100
committerOle Trøan <otroan@employees.org>2017-12-20 11:12:24 +0000
commit7b929793feba7d966c34b1ddb31dc818174f3a57 (patch)
tree34eba85b00e775127732dddb56e679d14fc9cc75 /src/plugins/nat/out2in.c
parent5ff506a194f4951372500608a233c5c4cc6990a9 (diff)
Translate matching packets using NAT (VPP-1069)
Add API function which enables forwarding of packets not matching existing translation or static mapping instead of dropping them. When forwarding is enabled matching packets will be translated while non-matching packets will be forwarded without translation. Change-Id: Ic13040cbad16d3a1ecdc3e02a497171bef6aa413 Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
Diffstat (limited to 'src/plugins/nat/out2in.c')
-rwxr-xr-xsrc/plugins/nat/out2in.c122
1 files changed, 74 insertions, 48 deletions
diff --git a/src/plugins/nat/out2in.c b/src/plugins/nat/out2in.c
index b5464e0ad41..d548ab31fc5 100755
--- a/src/plugins/nat/out2in.c
+++ b/src/plugins/nat/out2in.c
@@ -320,16 +320,24 @@ u32 icmp_match_out2in_slow(snat_main_t *sm, vlib_node_runtime_t *node,
destination address and port in packet */
if (snat_static_mapping_match(sm, key0, &sm0, 1, &is_addr_only, 0))
{
- /* Don't NAT packet aimed at the intfc address */
- if (PREDICT_FALSE(is_interface_addr(sm, node, sw_if_index0,
- ip0->dst_address.as_u32)))
+ if (!sm->forwarding_enabled)
+ {
+ /* Don't NAT packet aimed at the intfc address */
+ if (PREDICT_FALSE(is_interface_addr(sm, node, sw_if_index0,
+ ip0->dst_address.as_u32)))
+ {
+ dont_translate = 1;
+ goto out;
+ }
+ b0->error = node->errors[SNAT_OUT2IN_ERROR_NO_TRANSLATION];
+ next0 = SNAT_OUT2IN_NEXT_DROP;
+ goto out;
+ }
+ else
{
dont_translate = 1;
goto out;
}
- b0->error = node->errors[SNAT_OUT2IN_ERROR_NO_TRANSLATION];
- next0 = SNAT_OUT2IN_NEXT_DROP;
- goto out;
}
if (PREDICT_FALSE(icmp0->type != ICMP4_echo_reply &&
@@ -1017,16 +1025,21 @@ snat_out2in_node_fn (vlib_main_t * vm,
destination address and port in packet */
if (snat_static_mapping_match(sm, key0, &sm0, 1, 0, 0))
{
- b0->error = node->errors[SNAT_OUT2IN_ERROR_NO_TRANSLATION];
- /*
- * Send DHCP packets to the ipv4 stack, or we won't
- * be able to use dhcp client on the outside interface
- */
- if (proto0 != SNAT_PROTOCOL_UDP
- || (udp0->dst_port
- != clib_host_to_net_u16(UDP_DST_PORT_dhcp_to_client)))
- next0 = SNAT_OUT2IN_NEXT_DROP;
- goto trace0;
+ if (!sm->forwarding_enabled)
+ {
+ b0->error = node->errors[SNAT_OUT2IN_ERROR_NO_TRANSLATION];
+ /*
+ * Send DHCP packets to the ipv4 stack, or we won't
+ * be able to use dhcp client on the outside interface
+ */
+ if (proto0 != SNAT_PROTOCOL_UDP
+ || (udp0->dst_port
+ != clib_host_to_net_u16(UDP_DST_PORT_dhcp_to_client)))
+ next0 = SNAT_OUT2IN_NEXT_DROP;
+ goto trace0;
+ }
+ else
+ goto trace0;
}
/* Create session initiated by host from external network */
@@ -1175,16 +1188,21 @@ snat_out2in_node_fn (vlib_main_t * vm,
destination address and port in packet */
if (snat_static_mapping_match(sm, key1, &sm1, 1, 0, 0))
{
- b1->error = node->errors[SNAT_OUT2IN_ERROR_NO_TRANSLATION];
- /*
- * Send DHCP packets to the ipv4 stack, or we won't
- * be able to use dhcp client on the outside interface
- */
- if (proto1 != SNAT_PROTOCOL_UDP
- || (udp1->dst_port
- != clib_host_to_net_u16(UDP_DST_PORT_dhcp_to_client)))
- next1 = SNAT_OUT2IN_NEXT_DROP;
- goto trace1;
+ if (!sm->forwarding_enabled)
+ {
+ b1->error = node->errors[SNAT_OUT2IN_ERROR_NO_TRANSLATION];
+ /*
+ * Send DHCP packets to the ipv4 stack, or we won't
+ * be able to use dhcp client on the outside interface
+ */
+ if (proto1 != SNAT_PROTOCOL_UDP
+ || (udp1->dst_port
+ != clib_host_to_net_u16(UDP_DST_PORT_dhcp_to_client)))
+ next1 = SNAT_OUT2IN_NEXT_DROP;
+ goto trace1;
+ }
+ else
+ goto trace1;
}
/* Create session initiated by host from external network */
@@ -1369,17 +1387,21 @@ snat_out2in_node_fn (vlib_main_t * vm,
destination address and port in packet */
if (snat_static_mapping_match(sm, key0, &sm0, 1, 0, 0))
{
- b0->error = node->errors[SNAT_OUT2IN_ERROR_NO_TRANSLATION];
- /*
- * Send DHCP packets to the ipv4 stack, or we won't
- * be able to use dhcp client on the outside interface
- */
- if (proto0 != SNAT_PROTOCOL_UDP
- || (udp0->dst_port
- != clib_host_to_net_u16(UDP_DST_PORT_dhcp_to_client)))
-
- next0 = SNAT_OUT2IN_NEXT_DROP;
- goto trace00;
+ if (!sm->forwarding_enabled)
+ {
+ b0->error = node->errors[SNAT_OUT2IN_ERROR_NO_TRANSLATION];
+ /*
+ * Send DHCP packets to the ipv4 stack, or we won't
+ * be able to use dhcp client on the outside interface
+ */
+ if (proto0 != SNAT_PROTOCOL_UDP
+ || (udp0->dst_port
+ != clib_host_to_net_u16(UDP_DST_PORT_dhcp_to_client)))
+ next0 = SNAT_OUT2IN_NEXT_DROP;
+ goto trace00;
+ }
+ else
+ goto trace00;
}
/* Create session initiated by host from external network */
@@ -1605,17 +1627,21 @@ nat44_out2in_reass_node_fn (vlib_main_t * vm,
destination address and port in packet */
if (snat_static_mapping_match(sm, key0, &sm0, 1, 0, 0))
{
- b0->error = node->errors[SNAT_OUT2IN_ERROR_NO_TRANSLATION];
- /*
- * Send DHCP packets to the ipv4 stack, or we won't
- * be able to use dhcp client on the outside interface
- */
- if (proto0 != SNAT_PROTOCOL_UDP
- || (udp0->dst_port
- != clib_host_to_net_u16(UDP_DST_PORT_dhcp_to_client)))
-
- next0 = SNAT_OUT2IN_NEXT_DROP;
- goto trace0;
+ if (!sm->forwarding_enabled)
+ {
+ b0->error = node->errors[SNAT_OUT2IN_ERROR_NO_TRANSLATION];
+ /*
+ * Send DHCP packets to the ipv4 stack, or we won't
+ * be able to use dhcp client on the outside interface
+ */
+ if (proto0 != SNAT_PROTOCOL_UDP
+ || (udp0->dst_port
+ != clib_host_to_net_u16(UDP_DST_PORT_dhcp_to_client)))
+ next0 = SNAT_OUT2IN_NEXT_DROP;
+ goto trace0;
+ }
+ else
+ goto trace0;
}
/* Create session initiated by host from external network */