pnat: add support to wildcard IP Protocol field if not specified

- add pnat_binding_add_v2 which explicitly requires match mask to set to PNAT_PROTO if we want to match on IP Protocol - fix pnat_binding_add backward compatibility i.e. no need to set match mast to PNAT_PROTO Type: improvement Signed-off-by: Fahad Naeem <fahadnaeemkhan@gmail.com> Change-Id: I5a23244be55b7d4c10552c555881527a4b2f325f
author: Fahad Naeem <fahadnaeemkhan@gmail.com> 2022-05-10 01:03:52 -0500
committer: Ole Tr�an <otroan@employees.org> 2022-05-12 07:30:33 +0000
commit: 0891b6aa449cca525b61d0cc23759b2efcd158dc (patch)
tree: d2010d7871c420fd9631ec3ea57e62eba738e52e /src/plugins/nat/pnat
parent: e2159bd2d3721592edee90a511647f83ea9a4781 (diff)
4 files changed, 39 insertions, 4 deletions
diff --git a/src/plugins/nat/pnat/pnat.api b/src/plugins/nat/pnat/pnat.api
index b6632159d7c..de555c41412 100644
--- a/src/plugins/nat/pnat/pnat.api
+++ b/src/plugins/nat/pnat/pnat.api
@@ -26,6 +26,7 @@ enum pnat_mask
     PNAT_DPORT = 0x8,
     PNAT_COPY_BYTE = 0x10,
     PNAT_CLEAR_BYTE = 0x20,
+    PNAT_PROTO = 0x40,
 };
 
 enum pnat_attachment_point
@@ -65,6 +66,7 @@ autoendian define pnat_binding_add
     vl_api_pnat_rewrite_tuple_t rewrite;
 };
 
+
 autoendian define pnat_binding_add_reply
 {
     u32 context;
@@ -72,6 +74,22 @@ autoendian define pnat_binding_add_reply
     u32 binding_index;
 };
 
+autoendian define pnat_binding_add_v2
+{
+    u32 client_index;
+    u32 context;
+    vl_api_pnat_match_tuple_t match;
+    vl_api_pnat_rewrite_tuple_t rewrite;
+};
+
+
+autoendian define pnat_binding_add_v2_reply
+{
+    u32 context;
+    i32 retval;
+    u32 binding_index;
+};
+
 autoendian autoreply define pnat_binding_del
 {
     u32 client_index;
diff --git a/src/plugins/nat/pnat/pnat.c b/src/plugins/nat/pnat/pnat.c
index 547b063f286..2b4a6b49e96 100644
--- a/src/plugins/nat/pnat/pnat.c
+++ b/src/plugins/nat/pnat/pnat.c
@@ -56,7 +56,9 @@ static pnat_mask_fast_t pnat_mask2fast(pnat_mask_t lookup_mask) {
         m.as_u64[0] = 0xffffffff00000000;
     if (lookup_mask & PNAT_DA)
         m.as_u64[0] |= 0x00000000ffffffff;
-    m.as_u64[1] = 0xffffffff00000000;
+    m.as_u64[1] = 0x00ffffff00000000;
+    if (lookup_mask & PNAT_PROTO)
+        m.as_u64[1] |= 0xff00000000000000;
     if (lookup_mask & PNAT_SPORT)
         m.as_u64[1] |= 0x00000000ffff0000;
     if (lookup_mask & PNAT_DPORT)
diff --git a/src/plugins/nat/pnat/pnat_api.c b/src/plugins/nat/pnat/pnat_api.c
index 35a73955b33..02e61219d1e 100644
--- a/src/plugins/nat/pnat/pnat_api.c
+++ b/src/plugins/nat/pnat/pnat_api.c
@@ -36,12 +36,27 @@ static void vl_api_pnat_binding_add_t_handler(vl_api_pnat_binding_add_t *mp) {
     pnat_main_t *pm = &pnat_main;
     vl_api_pnat_binding_add_reply_t *rmp;
     u32 binding_index;
+
+    // for backward compatibility
+    if (mp->match.proto == 0)
+        mp->match.mask |= PNAT_PROTO;
+
     int rv = pnat_binding_add(&mp->match, &mp->rewrite, &binding_index);
     REPLY_MACRO2_END(VL_API_PNAT_BINDING_ADD_REPLY,
                      ({ rmp->binding_index = binding_index; }));
 }
 
 static void
+vl_api_pnat_binding_add_v2_t_handler(vl_api_pnat_binding_add_t *mp) {
+    pnat_main_t *pm = &pnat_main;
+    vl_api_pnat_binding_add_reply_t *rmp;
+    u32 binding_index;
+    int rv = pnat_binding_add(&mp->match, &mp->rewrite, &binding_index);
+    REPLY_MACRO2_END(VL_API_PNAT_BINDING_ADD_V2_REPLY,
+                     ({ rmp->binding_index = binding_index; }));
+}
+
+static void
 vl_api_pnat_binding_attach_t_handler(vl_api_pnat_binding_attach_t *mp) {
     pnat_main_t *pm = &pnat_main;
     vl_api_pnat_binding_attach_reply_t *rmp;
diff --git a/src/plugins/nat/pnat/pnat_cli.c b/src/plugins/nat/pnat/pnat_cli.c
index 082f0778acb..ce9beee540d 100644
--- a/src/plugins/nat/pnat/pnat_cli.c
+++ b/src/plugins/nat/pnat/pnat_cli.c
@@ -122,6 +122,8 @@ uword unformat_pnat_match_tuple(unformat_input_t *input, va_list *args) {
             t->mask |= PNAT_SA;
         else if (unformat(input, "dst %U", unformat_ip4_address, &t->dst))
             t->mask |= PNAT_DA;
+        else if (unformat(input, "proto %U", unformat_ip_protocol, &t->proto))
+            t->mask |= PNAT_PROTO;
         else if (unformat(input, "sport %d", &sport)) {
             if (sport == 0 || sport > 65535)
                 return 0;
@@ -132,9 +134,7 @@ uword unformat_pnat_match_tuple(unformat_input_t *input, va_list *args) {
                 return 0;
             t->mask |= PNAT_DPORT;
             t->dport = dport;
-        } else if (unformat(input, "proto %U", unformat_ip_protocol, &t->proto))
-            ;
-        else
+        } else
             break;
     }
     return 1;
author	Fahad Naeem <fahadnaeemkhan@gmail.com>	2022-05-10 01:03:52 -0500
committer	Ole Tr�an <otroan@employees.org>	2022-05-12 07:30:33 +0000
commit	0891b6aa449cca525b61d0cc23759b2efcd158dc (patch)
tree	d2010d7871c420fd9631ec3ea57e62eba738e52e /src/plugins/nat/pnat
parent	e2159bd2d3721592edee90a511647f83ea9a4781 (diff)