diff options
author | Juraj Sloboda <jsloboda@cisco.com> | 2018-07-09 02:36:37 +0200 |
---|---|---|
committer | Damjan Marion <dmarion@me.com> | 2018-07-10 10:10:05 +0000 |
commit | c746a15272f1430926cdd3d00745e19a8fe596dc (patch) | |
tree | c8010fff8e168b61e5fad99391e5b99766ba1c34 /src/plugins | |
parent | 3ecef99484463666d62568da931fd908f3e86d7c (diff) |
Do not translate packets destined for NAT64 inside interface (VPP-1331)
Change-Id: Ieb8020f57ed5ad20daf552cd62ae3fdd8c573926
Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
Diffstat (limited to 'src/plugins')
-rw-r--r-- | src/plugins/nat/nat64_in2out.c | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/src/plugins/nat/nat64_in2out.c b/src/plugins/nat/nat64_in2out.c index 603b30ee11a..6ff428bbb86 100644 --- a/src/plugins/nat/nat64_in2out.c +++ b/src/plugins/nat/nat64_in2out.c @@ -116,6 +116,26 @@ typedef struct nat64_in2out_set_ctx_t_ u32 thread_index; } nat64_in2out_set_ctx_t; +static inline u8 +nat64_not_translate (u32 sw_if_index, ip6_address_t ip6_addr) +{ + ip6_address_t *addr; + ip6_main_t *im6 = &ip6_main; + ip_lookup_main_t *lm6 = &im6->lookup_main; + ip_interface_address_t *ia = 0; + + /* *INDENT-OFF* */ + foreach_ip_interface_address (lm6, ia, sw_if_index, 0, + ({ + addr = ip_interface_address_get_address (lm6, ia); + if (0 == ip6_address_compare (addr, &ip6_addr)) + return 1; + })); + /* *INDENT-ON* */ + + return 0; +} + /** * @brief Check whether is a hairpinning. * @@ -927,6 +947,7 @@ nat64_in2out_node_fn_inline (vlib_main_t * vm, vlib_node_runtime_t * node, u8 l4_protocol0; u32 proto0; nat64_in2out_set_ctx_t ctx0; + u32 sw_if_index0; /* speculatively enqueue b0 to the current next frame */ bi0 = from[0]; @@ -955,6 +976,14 @@ nat64_in2out_node_fn_inline (vlib_main_t * vm, vlib_node_runtime_t * node, goto trace0; } + sw_if_index0 = vnet_buffer (b0)->sw_if_index[VLIB_RX]; + + if (nat64_not_translate (sw_if_index0, ip60->dst_address)) + { + next0 = NAT64_IN2OUT_NEXT_IP6_LOOKUP; + goto trace0; + } + proto0 = ip_proto_to_snat_proto (l4_protocol0); if (is_slow_path) |