diff options
Diffstat (limited to 'src/plugins/nat')
-rw-r--r-- | src/plugins/nat/nat.c | 2 | ||||
-rw-r--r-- | src/plugins/nat/nat44_api.c | 7 | ||||
-rw-r--r-- | src/plugins/nat/nat_ha.c | 22 | ||||
-rw-r--r-- | src/plugins/nat/nat_ha.h | 5 | ||||
-rw-r--r-- | src/plugins/nat/test/test_nat44.py | 116 |
5 files changed, 42 insertions, 110 deletions
diff --git a/src/plugins/nat/nat.c b/src/plugins/nat/nat.c index 74adae9ce34..0ca2042191d 100644 --- a/src/plugins/nat/nat.c +++ b/src/plugins/nat/nat.c @@ -3017,6 +3017,8 @@ nat44_plugin_disable () return 1; } + nat_ha_disable (); + // first unregister all nodes from interfaces vec = vec_dup (sm->interfaces); /* *INDENT-OFF* */ diff --git a/src/plugins/nat/nat44_api.c b/src/plugins/nat/nat44_api.c index 37c3dbadfc0..4600645d402 100644 --- a/src/plugins/nat/nat44_api.c +++ b/src/plugins/nat/nat44_api.c @@ -1509,10 +1509,9 @@ static void rv = nat44_lb_static_mapping_add_del_local (e_addr, - clib_net_to_host_u16 - (mp->external_port), l_addr, - clib_net_to_host_u16 (mp-> - local.port), + mp->external_port, + l_addr, + mp->local.port, proto, clib_net_to_host_u32 (mp-> local.vrf_id), diff --git a/src/plugins/nat/nat_ha.c b/src/plugins/nat/nat_ha.c index 93f762f61ae..3ae572ba930 100644 --- a/src/plugins/nat/nat_ha.c +++ b/src/plugins/nat/nat_ha.c @@ -124,6 +124,7 @@ typedef struct /* NAT HA settings */ typedef struct nat_ha_main_s { + u8 enabled; /* local IP address and UDP port */ ip4_address_t src_ip_address; u16 src_port; @@ -318,6 +319,16 @@ nat_ha_enable (nat_ha_sadd_cb_t sadd_cb, ha->sadd_cb = sadd_cb; ha->sdel_cb = sdel_cb; ha->sref_cb = sref_cb; + + ha->enabled = 1; +} + +void +nat_ha_disable () +{ + nat_ha_main_t *ha = &nat_ha_main; + ha->dst_port = 0; + ha->enabled = 0; } void @@ -749,12 +760,23 @@ nat_ha_sref (ip4_address_t * out_addr, u16 out_port, ip4_address_t * eh_addr, nat_ha_event_add (&event, 0, thread_index, 0); } +static_always_inline u8 +plugin_enabled () +{ + nat_ha_main_t *ha = &nat_ha_main; + return ha->enabled; +} + /* per thread process waiting for interrupt */ static uword nat_ha_worker_fn (vlib_main_t * vm, vlib_node_runtime_t * rt, vlib_frame_t * f) { u32 thread_index = vm->thread_index; + + if (plugin_enabled () == 0) + return 0; + /* flush HA NAT data under construction */ nat_ha_event_add (0, 1, thread_index, 0); /* scan if we need to resend some non-ACKed data */ diff --git a/src/plugins/nat/nat_ha.h b/src/plugins/nat/nat_ha.h index 92fc3373673..6bc5be23a0a 100644 --- a/src/plugins/nat/nat_ha.h +++ b/src/plugins/nat/nat_ha.h @@ -45,6 +45,11 @@ void nat_ha_enable (nat_ha_sadd_cb_t sadd_cb, nat_ha_sdel_cb_t sdel_cb, nat_ha_sref_cb_t sref_cb); /** + * @brief Disable NAT HA + */ +void nat_ha_disable (); + +/** * @brief Initialize NAT HA */ void nat_ha_init (vlib_main_t * vm, u32 num_workers, u32 num_threads); diff --git a/src/plugins/nat/test/test_nat44.py b/src/plugins/nat/test/test_nat44.py index d635abf9825..de4210fa3ff 100644 --- a/src/plugins/nat/test/test_nat44.py +++ b/src/plugins/nat/test/test_nat44.py @@ -2593,7 +2593,6 @@ class TestNAT44(MethodHolder): data = ipfix.decode_data_set(p.getlayer(Set)) self.verify_ipfix_addr_exhausted(data) - @unittest.skipUnless(running_extended_tests, "part of extended tests") def test_ipfix_max_sessions(self): """ IPFIX logging maximum session entries exceeded """ self.nat44_add_address(self.nat_addr) @@ -3582,53 +3581,6 @@ class TestNAT44(MethodHolder): self.pg1.resolve_arp() self.pg2.resolve_arp() - @unittest.skipUnless(running_extended_tests, "part of extended tests") - def test_session_timeout(self): - """ NAT44 session timeouts """ - self.nat44_add_address(self.nat_addr) - flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature( - sw_if_index=self.pg0.sw_if_index, - flags=flags, is_add=1) - self.vapi.nat44_interface_add_del_feature( - sw_if_index=self.pg1.sw_if_index, - is_add=1) - self.vapi.nat_set_timeouts(udp=5, tcp_established=7440, - tcp_transitory=240, icmp=60) - - max_sessions = 1000 - pkts = [] - for i in range(0, max_sessions): - src = "10.10.%u.%u" % ((i & 0xFF00) >> 8, i & 0xFF) - p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) / - IP(src=src, dst=self.pg1.remote_ip4) / - UDP(sport=1025, dport=53)) - pkts.append(p) - self.pg0.add_stream(pkts) - self.pg_enable_capture(self.pg_interfaces) - self.pg_start() - self.pg1.get_capture(max_sessions) - - sleep(6) - - pkts = [] - for i in range(0, max_sessions): - src = "10.10.%u.%u" % ((i & 0xFF00) >> 8, i & 0xFF) - p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) / - IP(src=src, dst=self.pg1.remote_ip4) / - UDP(sport=1026, dport=53)) - pkts.append(p) - self.pg0.add_stream(pkts) - self.pg_enable_capture(self.pg_interfaces) - self.pg_start() - self.pg1.get_capture(max_sessions) - - nsessions = 0 - users = self.vapi.nat44_user_dump() - for user in users: - nsessions = nsessions + user.nsessions - self.assertLess(nsessions, 2 * max_sessions) - def test_mss_clamping(self): """ TCP MSS clamping """ self.nat44_add_address(self.nat_addr) @@ -3669,10 +3621,8 @@ class TestNAT44(MethodHolder): # Negotiated MSS value smaller than configured - unchanged self.verify_mss_value(capture[0], 1400) - @unittest.skipUnless(running_extended_tests, "part of extended tests") def test_ha_send(self): """ Send HA session synchronization events (active) """ - self.nat44_add_address(self.nat_addr) flags = self.config_flags.NAT_IS_INSIDE self.vapi.nat44_interface_add_del_feature( sw_if_index=self.pg0.sw_if_index, @@ -3680,6 +3630,8 @@ class TestNAT44(MethodHolder): self.vapi.nat44_interface_add_del_feature( sw_if_index=self.pg1.sw_if_index, is_add=1) + self.nat44_add_address(self.nat_addr) + self.vapi.nat_ha_set_listener(ip_address=self.pg3.local_ip4, port=12345, path_mtu=512) @@ -4872,7 +4824,6 @@ class TestNAT44EndpointDependent(MethodHolder): sessions = self.vapi.nat44_user_session_dump(server.ip4, 0) self.assertEqual(len(sessions), 0) - @unittest.skipUnless(running_extended_tests, "part of extended tests") def test_static_lb_multi_clients(self): """ NAT44 local service load balancing - multiple clients""" @@ -4892,13 +4843,6 @@ class TestNAT44EndpointDependent(MethodHolder): 'probability': 10, 'vrf_id': 0}] - self.nat44_add_address(self.nat_addr) - self.vapi.nat44_add_del_lb_static_mapping(is_add=1, - external_addr=external_addr, - external_port=external_port, - protocol=IP_PROTOS.tcp, - local_num=len(locals), - locals=locals) flags = self.config_flags.NAT_IS_INSIDE self.vapi.nat44_interface_add_del_feature( sw_if_index=self.pg0.sw_if_index, @@ -4907,6 +4851,14 @@ class TestNAT44EndpointDependent(MethodHolder): sw_if_index=self.pg1.sw_if_index, is_add=1) + self.nat44_add_address(self.nat_addr) + self.vapi.nat44_add_del_lb_static_mapping(is_add=1, + external_addr=external_addr, + external_port=external_port, + protocol=IP_PROTOS.tcp, + local_num=len(locals), + locals=locals) + server1_n = 0 server2_n = 0 clients = ip4_range(self.pg1.remote_ip4, 10, 50) @@ -6801,54 +6753,6 @@ class TestNAT44EndpointDependent(MethodHolder): self.logger.error(ppp("Unexpected or invalid packet:", p)) raise - @unittest.skipUnless(running_extended_tests, "part of extended tests") - def test_session_timeout(self): - """ NAT44 session timeouts """ - self.nat44_add_address(self.nat_addr) - flags = self.config_flags.NAT_IS_INSIDE - self.vapi.nat44_interface_add_del_feature( - sw_if_index=self.pg0.sw_if_index, - flags=flags, is_add=1) - self.vapi.nat44_interface_add_del_feature( - sw_if_index=self.pg1.sw_if_index, - is_add=1) - self.vapi.nat_set_timeouts(udp=300, tcp_established=7440, - tcp_transitory=240, icmp=5) - - max_sessions = 1000 - pkts = [] - for i in range(0, max_sessions): - src = "10.10.%u.%u" % ((i & 0xFF00) >> 8, i & 0xFF) - p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) / - IP(src=src, dst=self.pg1.remote_ip4) / - ICMP(id=1025, type='echo-request')) - pkts.append(p) - self.pg0.add_stream(pkts) - self.pg_enable_capture(self.pg_interfaces) - self.pg_start() - self.pg1.get_capture(max_sessions) - - sleep(10) - - pkts = [] - for i in range(0, max_sessions): - src = "10.11.%u.%u" % ((i & 0xFF00) >> 8, i & 0xFF) - p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) / - IP(src=src, dst=self.pg1.remote_ip4) / - ICMP(id=1026, type='echo-request')) - pkts.append(p) - self.pg0.add_stream(pkts) - self.pg_enable_capture(self.pg_interfaces) - self.pg_start() - self.pg1.get_capture(max_sessions) - - nsessions = 0 - users = self.vapi.nat44_user_dump() - for user in users: - nsessions = nsessions + user.nsessions - self.assertLess(nsessions, 2 * max_sessions) - - @unittest.skipUnless(running_extended_tests, "part of extended tests") def test_session_rst_timeout(self): """ NAT44 session RST timeouts """ self.nat44_add_address(self.nat_addr) |