aboutsummaryrefslogtreecommitdiffstats
path: root/src/plugins/nat
diff options
context:
space:
mode:
Diffstat (limited to 'src/plugins/nat')
-rw-r--r--src/plugins/nat/nat.c2
-rw-r--r--src/plugins/nat/nat44_api.c7
-rw-r--r--src/plugins/nat/nat_ha.c22
-rw-r--r--src/plugins/nat/nat_ha.h5
-rw-r--r--src/plugins/nat/test/test_nat44.py116
5 files changed, 42 insertions, 110 deletions
diff --git a/src/plugins/nat/nat.c b/src/plugins/nat/nat.c
index 74adae9ce34..0ca2042191d 100644
--- a/src/plugins/nat/nat.c
+++ b/src/plugins/nat/nat.c
@@ -3017,6 +3017,8 @@ nat44_plugin_disable ()
return 1;
}
+ nat_ha_disable ();
+
// first unregister all nodes from interfaces
vec = vec_dup (sm->interfaces);
/* *INDENT-OFF* */
diff --git a/src/plugins/nat/nat44_api.c b/src/plugins/nat/nat44_api.c
index 37c3dbadfc0..4600645d402 100644
--- a/src/plugins/nat/nat44_api.c
+++ b/src/plugins/nat/nat44_api.c
@@ -1509,10 +1509,9 @@ static void
rv =
nat44_lb_static_mapping_add_del_local (e_addr,
- clib_net_to_host_u16
- (mp->external_port), l_addr,
- clib_net_to_host_u16 (mp->
- local.port),
+ mp->external_port,
+ l_addr,
+ mp->local.port,
proto,
clib_net_to_host_u32 (mp->
local.vrf_id),
diff --git a/src/plugins/nat/nat_ha.c b/src/plugins/nat/nat_ha.c
index 93f762f61ae..3ae572ba930 100644
--- a/src/plugins/nat/nat_ha.c
+++ b/src/plugins/nat/nat_ha.c
@@ -124,6 +124,7 @@ typedef struct
/* NAT HA settings */
typedef struct nat_ha_main_s
{
+ u8 enabled;
/* local IP address and UDP port */
ip4_address_t src_ip_address;
u16 src_port;
@@ -318,6 +319,16 @@ nat_ha_enable (nat_ha_sadd_cb_t sadd_cb,
ha->sadd_cb = sadd_cb;
ha->sdel_cb = sdel_cb;
ha->sref_cb = sref_cb;
+
+ ha->enabled = 1;
+}
+
+void
+nat_ha_disable ()
+{
+ nat_ha_main_t *ha = &nat_ha_main;
+ ha->dst_port = 0;
+ ha->enabled = 0;
}
void
@@ -749,12 +760,23 @@ nat_ha_sref (ip4_address_t * out_addr, u16 out_port, ip4_address_t * eh_addr,
nat_ha_event_add (&event, 0, thread_index, 0);
}
+static_always_inline u8
+plugin_enabled ()
+{
+ nat_ha_main_t *ha = &nat_ha_main;
+ return ha->enabled;
+}
+
/* per thread process waiting for interrupt */
static uword
nat_ha_worker_fn (vlib_main_t * vm, vlib_node_runtime_t * rt,
vlib_frame_t * f)
{
u32 thread_index = vm->thread_index;
+
+ if (plugin_enabled () == 0)
+ return 0;
+
/* flush HA NAT data under construction */
nat_ha_event_add (0, 1, thread_index, 0);
/* scan if we need to resend some non-ACKed data */
diff --git a/src/plugins/nat/nat_ha.h b/src/plugins/nat/nat_ha.h
index 92fc3373673..6bc5be23a0a 100644
--- a/src/plugins/nat/nat_ha.h
+++ b/src/plugins/nat/nat_ha.h
@@ -45,6 +45,11 @@ void nat_ha_enable (nat_ha_sadd_cb_t sadd_cb, nat_ha_sdel_cb_t sdel_cb,
nat_ha_sref_cb_t sref_cb);
/**
+ * @brief Disable NAT HA
+ */
+void nat_ha_disable ();
+
+/**
* @brief Initialize NAT HA
*/
void nat_ha_init (vlib_main_t * vm, u32 num_workers, u32 num_threads);
diff --git a/src/plugins/nat/test/test_nat44.py b/src/plugins/nat/test/test_nat44.py
index d635abf9825..de4210fa3ff 100644
--- a/src/plugins/nat/test/test_nat44.py
+++ b/src/plugins/nat/test/test_nat44.py
@@ -2593,7 +2593,6 @@ class TestNAT44(MethodHolder):
data = ipfix.decode_data_set(p.getlayer(Set))
self.verify_ipfix_addr_exhausted(data)
- @unittest.skipUnless(running_extended_tests, "part of extended tests")
def test_ipfix_max_sessions(self):
""" IPFIX logging maximum session entries exceeded """
self.nat44_add_address(self.nat_addr)
@@ -3582,53 +3581,6 @@ class TestNAT44(MethodHolder):
self.pg1.resolve_arp()
self.pg2.resolve_arp()
- @unittest.skipUnless(running_extended_tests, "part of extended tests")
- def test_session_timeout(self):
- """ NAT44 session timeouts """
- self.nat44_add_address(self.nat_addr)
- flags = self.config_flags.NAT_IS_INSIDE
- self.vapi.nat44_interface_add_del_feature(
- sw_if_index=self.pg0.sw_if_index,
- flags=flags, is_add=1)
- self.vapi.nat44_interface_add_del_feature(
- sw_if_index=self.pg1.sw_if_index,
- is_add=1)
- self.vapi.nat_set_timeouts(udp=5, tcp_established=7440,
- tcp_transitory=240, icmp=60)
-
- max_sessions = 1000
- pkts = []
- for i in range(0, max_sessions):
- src = "10.10.%u.%u" % ((i & 0xFF00) >> 8, i & 0xFF)
- p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
- IP(src=src, dst=self.pg1.remote_ip4) /
- UDP(sport=1025, dport=53))
- pkts.append(p)
- self.pg0.add_stream(pkts)
- self.pg_enable_capture(self.pg_interfaces)
- self.pg_start()
- self.pg1.get_capture(max_sessions)
-
- sleep(6)
-
- pkts = []
- for i in range(0, max_sessions):
- src = "10.10.%u.%u" % ((i & 0xFF00) >> 8, i & 0xFF)
- p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
- IP(src=src, dst=self.pg1.remote_ip4) /
- UDP(sport=1026, dport=53))
- pkts.append(p)
- self.pg0.add_stream(pkts)
- self.pg_enable_capture(self.pg_interfaces)
- self.pg_start()
- self.pg1.get_capture(max_sessions)
-
- nsessions = 0
- users = self.vapi.nat44_user_dump()
- for user in users:
- nsessions = nsessions + user.nsessions
- self.assertLess(nsessions, 2 * max_sessions)
-
def test_mss_clamping(self):
""" TCP MSS clamping """
self.nat44_add_address(self.nat_addr)
@@ -3669,10 +3621,8 @@ class TestNAT44(MethodHolder):
# Negotiated MSS value smaller than configured - unchanged
self.verify_mss_value(capture[0], 1400)
- @unittest.skipUnless(running_extended_tests, "part of extended tests")
def test_ha_send(self):
""" Send HA session synchronization events (active) """
- self.nat44_add_address(self.nat_addr)
flags = self.config_flags.NAT_IS_INSIDE
self.vapi.nat44_interface_add_del_feature(
sw_if_index=self.pg0.sw_if_index,
@@ -3680,6 +3630,8 @@ class TestNAT44(MethodHolder):
self.vapi.nat44_interface_add_del_feature(
sw_if_index=self.pg1.sw_if_index,
is_add=1)
+ self.nat44_add_address(self.nat_addr)
+
self.vapi.nat_ha_set_listener(ip_address=self.pg3.local_ip4,
port=12345,
path_mtu=512)
@@ -4872,7 +4824,6 @@ class TestNAT44EndpointDependent(MethodHolder):
sessions = self.vapi.nat44_user_session_dump(server.ip4, 0)
self.assertEqual(len(sessions), 0)
- @unittest.skipUnless(running_extended_tests, "part of extended tests")
def test_static_lb_multi_clients(self):
""" NAT44 local service load balancing - multiple clients"""
@@ -4892,13 +4843,6 @@ class TestNAT44EndpointDependent(MethodHolder):
'probability': 10,
'vrf_id': 0}]
- self.nat44_add_address(self.nat_addr)
- self.vapi.nat44_add_del_lb_static_mapping(is_add=1,
- external_addr=external_addr,
- external_port=external_port,
- protocol=IP_PROTOS.tcp,
- local_num=len(locals),
- locals=locals)
flags = self.config_flags.NAT_IS_INSIDE
self.vapi.nat44_interface_add_del_feature(
sw_if_index=self.pg0.sw_if_index,
@@ -4907,6 +4851,14 @@ class TestNAT44EndpointDependent(MethodHolder):
sw_if_index=self.pg1.sw_if_index,
is_add=1)
+ self.nat44_add_address(self.nat_addr)
+ self.vapi.nat44_add_del_lb_static_mapping(is_add=1,
+ external_addr=external_addr,
+ external_port=external_port,
+ protocol=IP_PROTOS.tcp,
+ local_num=len(locals),
+ locals=locals)
+
server1_n = 0
server2_n = 0
clients = ip4_range(self.pg1.remote_ip4, 10, 50)
@@ -6801,54 +6753,6 @@ class TestNAT44EndpointDependent(MethodHolder):
self.logger.error(ppp("Unexpected or invalid packet:", p))
raise
- @unittest.skipUnless(running_extended_tests, "part of extended tests")
- def test_session_timeout(self):
- """ NAT44 session timeouts """
- self.nat44_add_address(self.nat_addr)
- flags = self.config_flags.NAT_IS_INSIDE
- self.vapi.nat44_interface_add_del_feature(
- sw_if_index=self.pg0.sw_if_index,
- flags=flags, is_add=1)
- self.vapi.nat44_interface_add_del_feature(
- sw_if_index=self.pg1.sw_if_index,
- is_add=1)
- self.vapi.nat_set_timeouts(udp=300, tcp_established=7440,
- tcp_transitory=240, icmp=5)
-
- max_sessions = 1000
- pkts = []
- for i in range(0, max_sessions):
- src = "10.10.%u.%u" % ((i & 0xFF00) >> 8, i & 0xFF)
- p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
- IP(src=src, dst=self.pg1.remote_ip4) /
- ICMP(id=1025, type='echo-request'))
- pkts.append(p)
- self.pg0.add_stream(pkts)
- self.pg_enable_capture(self.pg_interfaces)
- self.pg_start()
- self.pg1.get_capture(max_sessions)
-
- sleep(10)
-
- pkts = []
- for i in range(0, max_sessions):
- src = "10.11.%u.%u" % ((i & 0xFF00) >> 8, i & 0xFF)
- p = (Ether(dst=self.pg0.local_mac, src=self.pg0.remote_mac) /
- IP(src=src, dst=self.pg1.remote_ip4) /
- ICMP(id=1026, type='echo-request'))
- pkts.append(p)
- self.pg0.add_stream(pkts)
- self.pg_enable_capture(self.pg_interfaces)
- self.pg_start()
- self.pg1.get_capture(max_sessions)
-
- nsessions = 0
- users = self.vapi.nat44_user_dump()
- for user in users:
- nsessions = nsessions + user.nsessions
- self.assertLess(nsessions, 2 * max_sessions)
-
- @unittest.skipUnless(running_extended_tests, "part of extended tests")
def test_session_rst_timeout(self):
""" NAT44 session RST timeouts """
self.nat44_add_address(self.nat_addr)