summaryrefslogtreecommitdiffstats
path: root/src/plugins/nat
diff options
context:
space:
mode:
authorJuraj Sloboda <jsloboda@cisco.com>2018-07-09 02:36:37 +0200
committerDamjan Marion <dmarion@me.com>2018-07-10 10:10:05 +0000
commitc746a15272f1430926cdd3d00745e19a8fe596dc (patch)
treec8010fff8e168b61e5fad99391e5b99766ba1c34 /src/plugins/nat
parent3ecef99484463666d62568da931fd908f3e86d7c (diff)
Do not translate packets destined for NAT64 inside interface (VPP-1331)
Change-Id: Ieb8020f57ed5ad20daf552cd62ae3fdd8c573926 Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
Diffstat (limited to 'src/plugins/nat')
-rw-r--r--src/plugins/nat/nat64_in2out.c29
1 files changed, 29 insertions, 0 deletions
diff --git a/src/plugins/nat/nat64_in2out.c b/src/plugins/nat/nat64_in2out.c
index 603b30ee11a..6ff428bbb86 100644
--- a/src/plugins/nat/nat64_in2out.c
+++ b/src/plugins/nat/nat64_in2out.c
@@ -116,6 +116,26 @@ typedef struct nat64_in2out_set_ctx_t_
u32 thread_index;
} nat64_in2out_set_ctx_t;
+static inline u8
+nat64_not_translate (u32 sw_if_index, ip6_address_t ip6_addr)
+{
+ ip6_address_t *addr;
+ ip6_main_t *im6 = &ip6_main;
+ ip_lookup_main_t *lm6 = &im6->lookup_main;
+ ip_interface_address_t *ia = 0;
+
+ /* *INDENT-OFF* */
+ foreach_ip_interface_address (lm6, ia, sw_if_index, 0,
+ ({
+ addr = ip_interface_address_get_address (lm6, ia);
+ if (0 == ip6_address_compare (addr, &ip6_addr))
+ return 1;
+ }));
+ /* *INDENT-ON* */
+
+ return 0;
+}
+
/**
* @brief Check whether is a hairpinning.
*
@@ -927,6 +947,7 @@ nat64_in2out_node_fn_inline (vlib_main_t * vm, vlib_node_runtime_t * node,
u8 l4_protocol0;
u32 proto0;
nat64_in2out_set_ctx_t ctx0;
+ u32 sw_if_index0;
/* speculatively enqueue b0 to the current next frame */
bi0 = from[0];
@@ -955,6 +976,14 @@ nat64_in2out_node_fn_inline (vlib_main_t * vm, vlib_node_runtime_t * node,
goto trace0;
}
+ sw_if_index0 = vnet_buffer (b0)->sw_if_index[VLIB_RX];
+
+ if (nat64_not_translate (sw_if_index0, ip60->dst_address))
+ {
+ next0 = NAT64_IN2OUT_NEXT_IP6_LOOKUP;
+ goto trace0;
+ }
+
proto0 = ip_proto_to_snat_proto (l4_protocol0);
if (is_slow_path)