From a15cd027498a2a23f1ec03579e734847f8ff98cc Mon Sep 17 00:00:00 2001 From: Matus Fabian Date: Tue, 24 Apr 2018 05:23:56 -0700 Subject: NAT44: one-armed NAT and identity mapping (VPP-1212) Change-Id: I228728bacfca6056dc409a96de1bffb9cadcd3e6 Signed-off-by: Matus Fabian --- src/plugins/nat/nat.c | 13 ++++++++++--- test/test_nat.py | 3 +++ 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/src/plugins/nat/nat.c b/src/plugins/nat/nat.c index 499f3a242cb..ab951cf407c 100755 --- a/src/plugins/nat/nat.c +++ b/src/plugins/nat/nat.c @@ -365,6 +365,7 @@ nat44_classify_node_fn_inline (vlib_main_t * vm, u32 n_left_from, * from, * to_next; nat44_classify_next_t next_index; snat_main_t *sm = &snat_main; + snat_static_mapping_t *m; from = vlib_frame_vector_args (frame); n_left_from = frame->n_vectors; @@ -416,7 +417,9 @@ nat44_classify_node_fn_inline (vlib_main_t * vm, kv0.key = m_key0.as_u64; if (!clib_bihash_search_8_8 (&sm->static_mapping_by_external, &kv0, &value0)) { - next0 = NAT44_CLASSIFY_NEXT_OUT2IN; + m = pool_elt_at_index (sm->static_mappings, value0.value); + if (m->local_addr.as_u32 != m->external_addr.as_u32) + next0 = NAT44_CLASSIFY_NEXT_OUT2IN; goto enqueue0; } udp_header_t * udp0 = ip4_next_header (ip0); @@ -424,7 +427,11 @@ nat44_classify_node_fn_inline (vlib_main_t * vm, m_key0.protocol = ip_proto_to_snat_proto (ip0->protocol); kv0.key = m_key0.as_u64; if (!clib_bihash_search_8_8 (&sm->static_mapping_by_external, &kv0, &value0)) - next0 = NAT44_CLASSIFY_NEXT_OUT2IN; + { + m = pool_elt_at_index (sm->static_mappings, value0.value); + if (m->local_addr.as_u32 != m->external_addr.as_u32) + next0 = NAT44_CLASSIFY_NEXT_OUT2IN; + } } enqueue0: @@ -1793,7 +1800,7 @@ fib: pool_foreach (m, sm->static_mappings, ({ - if (!(m->addr_only)) + if (!(m->addr_only) || (m->local_addr.as_u32 == m->external_addr.as_u32)) continue; snat_add_del_addr_to_fib(&m->external_addr, 32, sw_if_index, !is_del); diff --git a/test/test_nat.py b/test/test_nat.py index 47f3b8c7299..51a60d1b56f 100644 --- a/test/test_nat.py +++ b/test/test_nat.py @@ -3350,10 +3350,13 @@ class TestNAT44(MethodHolder): self.vapi.nat44_forwarding_enable_disable(1) self.nat44_add_address(self.nat_addr) + self.vapi.nat44_add_del_identity_mapping(ip=self.pg1.remote_ip4n) self.nat44_add_static_mapping(self.pg0.remote_ip4, external_addr, local_port, external_port, proto=IP_PROTOS.tcp, out2in_only=1) self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) + self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index, + is_inside=0) self.vapi.nat44_interface_add_del_output_feature(self.pg1.sw_if_index, is_inside=0) -- cgit 1.2.3-korg