diff options
| author |   Vladislav Grishenko <themiron@yandex-team.ru> | 2022-12-04 15:02:03 +0500 |
|---|---|---|
| committer |   Matthew Smith <mgsmith@netgate.com> | 2022-12-15 13:19:57 +0000 |
| commit | 3abb32c6fe038d757493381b9ea19c19682ca026 (patch) | |
| tree | c20bd11738527235a292b3302dbb7dc0e29f6eef /src/plugins/nat | |
| parent | 243a0433ff05a37113d6890bbeb163bbea033687 (diff) | |
nat: disable nat44-ed/ei features on interface deletion
After deleting a sw interface with nat44 features, the next created
sw interface will get the same sw_index reused and therefore will
erroneously have the same nat features enabled.
Type: fix
Change-Id: I1d84f842ab7ab2a757668ae1a111efe67e1e924d
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
Diffstat (limited to 'src/plugins/nat')
| -rw-r--r-- | src/plugins/nat/nat44-ed/nat44_ed.c | 49 | ||||
| -rw-r--r-- | src/plugins/nat/nat44-ei/nat44_ei.c | 49 |
2 files changed, 98 insertions, 0 deletions
diff --git a/src/plugins/nat/nat44-ed/nat44_ed.c b/src/plugins/nat/nat44-ed/nat44_ed.c index 348fff2619d..82b9de1c3f0 100644 --- a/src/plugins/nat/nat44-ed/nat44_ed.c +++ b/src/plugins/nat/nat44-ed/nat44_ed.c @@ -2587,6 +2587,55 @@ nat44_ed_del_output_interfaces () return error; } +static clib_error_t * +nat44_ed_sw_interface_add_del (vnet_main_t *vnm, u32 sw_if_index, u32 is_add) +{ + snat_main_t *sm = &snat_main; + snat_interface_t *i; + int error = 0; + + if (is_add) + return 0; + + if (!sm->enabled) + return 0; + + i = nat44_ed_get_interface (sm->interfaces, sw_if_index); + if (i) + { + bool is_inside = nat44_ed_is_interface_inside (i); + bool is_outside = nat44_ed_is_interface_outside (i); + + if (is_inside) + { + error |= nat44_ed_del_interface (sw_if_index, 1); + } + if (is_outside) + { + error |= nat44_ed_del_interface (sw_if_index, 0); + } + + if (error) + { + nat_log_err ("error occurred while removing interface"); + } + } + + i = nat44_ed_get_interface (sm->output_feature_interfaces, sw_if_index); + if (i) + { + error = nat44_ed_del_output_interface (sw_if_index); + if (error) + { + nat_log_err ("error occurred while removing output interface"); + } + } + + return 0; +} + +VNET_SW_INTERFACE_ADD_DEL_FUNCTION (nat44_ed_sw_interface_add_del); + int nat44_ed_del_static_mappings () { diff --git a/src/plugins/nat/nat44-ei/nat44_ei.c b/src/plugins/nat/nat44-ei/nat44_ei.c index 171ca7dcb4c..e16625a2946 100644 --- a/src/plugins/nat/nat44-ei/nat44_ei.c +++ b/src/plugins/nat/nat44-ei/nat44_ei.c @@ -1183,6 +1183,55 @@ nat44_ei_del_output_interfaces () return error; } +static clib_error_t * +nat44_ei_sw_interface_add_del (vnet_main_t *vnm, u32 sw_if_index, u32 is_add) +{ + nat44_ei_main_t *nm = &nat44_ei_main; + nat44_ei_interface_t *i; + int error = 0; + + if (is_add) + return 0; + + if (!nm->enabled) + return 0; + + i = nat44_ei_get_interface (nm->interfaces, sw_if_index); + if (i) + { + bool is_inside = nat44_ei_interface_is_inside (i); + bool is_outside = nat44_ei_interface_is_outside (i); + + if (is_inside) + { + error |= nat44_ei_del_interface (sw_if_index, 1); + } + if (is_outside) + { + error |= nat44_ei_del_interface (sw_if_index, 0); + } + + if (error) + { + nat44_ei_log_err ("error occurred while removing interface"); + } + } + + i = nat44_ei_get_interface (nm->output_feature_interfaces, sw_if_index); + if (i) + { + error = nat44_ei_del_output_interface (sw_if_index); + if (error) + { + nat44_ei_log_err ("error occurred while removing output interface"); + } + } + + return 0; +} + +VNET_SW_INTERFACE_ADD_DEL_FUNCTION (nat44_ei_sw_interface_add_del); + int nat44_ei_del_static_mappings () { |