From 1e5c07d379a092f4829e7081aa962d013b31fdfc Mon Sep 17 00:00:00 2001 From: Juraj Sloboda Date: Tue, 10 Apr 2018 13:51:54 +0200 Subject: Add special Twice-NAT feature (VPP-1221) When enabled then Twice-NAT is applied only when source IP equals destination IP after DNAT Change-Id: I58a9d1d222b2a10c83eafffb2107f32c1b4aa3a8 Signed-off-by: Juraj Sloboda --- src/plugins/nat/nat.h | 29 +++++++++++++++++++---------- 1 file changed, 19 insertions(+), 10 deletions(-) (limited to 'src/plugins/nat/nat.h') diff --git a/src/plugins/nat/nat.h b/src/plugins/nat/nat.h index 8d7d1738fb3..775376fcbab 100644 --- a/src/plugins/nat/nat.h +++ b/src/plugins/nat/nat.h @@ -125,11 +125,12 @@ typedef enum { } snat_session_state_t; -#define SNAT_SESSION_FLAG_STATIC_MAPPING 1 -#define SNAT_SESSION_FLAG_UNKNOWN_PROTO 2 -#define SNAT_SESSION_FLAG_LOAD_BALANCING 4 -#define SNAT_SESSION_FLAG_TWICE_NAT 8 -#define SNAT_SESSION_FLAG_FWD_BYPASS 16 +#define SNAT_SESSION_FLAG_STATIC_MAPPING 1 +#define SNAT_SESSION_FLAG_UNKNOWN_PROTO 2 +#define SNAT_SESSION_FLAG_LOAD_BALANCING 4 +#define SNAT_SESSION_FLAG_TWICE_NAT 8 +#define SNAT_SESSION_FLAG_ENDPOINT_DEPENDENT 16 +#define SNAT_SESSION_FLAG_FWD_BYPASS 32 #define NAT_INTERFACE_FLAG_IS_INSIDE 1 #define NAT_INTERFACE_FLAG_IS_OUTSIDE 2 @@ -211,13 +212,19 @@ typedef struct { u8 prefix; } nat44_lb_addr_port_t; +typedef enum { + TWICE_NAT_DISABLED, + TWICE_NAT, + TWICE_NAT_SELF, +} twice_nat_type_t; + typedef struct { ip4_address_t local_addr; ip4_address_t external_addr; u16 local_port; u16 external_port; u8 addr_only; - u8 twice_nat; + twice_nat_type_t twice_nat; u8 out2in_only; u32 vrf_id; u32 fib_index; @@ -422,7 +429,7 @@ int snat_static_mapping_match (snat_main_t * sm, snat_session_key_t * mapping, u8 by_external, u8 *is_addr_only, - u8 *twice_nat, + twice_nat_type_t *twice_nat, u8 *lb); void snat_add_del_addr_to_fib (ip4_address_t * addr, @@ -474,7 +481,7 @@ typedef struct { @param s NAT session @return 1 if NAT session is endpoint dependent */ -#define is_ed_session(s) (snat_is_unk_proto_session (s) || is_twice_nat_session (s) || is_lb_session (s)) +#define is_ed_session(s) (s->flags & SNAT_SESSION_FLAG_ENDPOINT_DEPENDENT) #define nat_interface_is_inside(i) i->flags & NAT_INTERFACE_FLAG_IS_INSIDE #define nat_interface_is_outside(i) i->flags & NAT_INTERFACE_FLAG_IS_OUTSIDE @@ -558,7 +565,8 @@ void nat44_add_del_address_dpo (ip4_address_t addr, u8 is_add); int snat_add_static_mapping(ip4_address_t l_addr, ip4_address_t e_addr, u16 l_port, u16 e_port, u32 vrf_id, int addr_only, u32 sw_if_index, snat_protocol_t proto, int is_add, - u8 twice_nat, u8 out2in_only, u8 *tag); + twice_nat_type_t twice_nat, u8 out2in_only, + u8 *tag); clib_error_t * snat_api_init(vlib_main_t * vm, snat_main_t * sm); int snat_set_workers (uword * bitmap); int snat_interface_add_del(u32 sw_if_index, u8 is_inside, int is_del); @@ -571,7 +579,8 @@ u8 * format_snat_protocol(u8 * s, va_list * args); int nat44_add_del_lb_static_mapping (ip4_address_t e_addr, u16 e_port, snat_protocol_t proto, u32 vrf_id, nat44_lb_addr_port_t *locals, u8 is_add, - u8 twice_nat, u8 out2in_only, u8 *tag); + twice_nat_type_t twice_nat, u8 out2in_only, + u8 *tag); int nat44_del_session (snat_main_t *sm, ip4_address_t *addr, u16 port, snat_protocol_t proto, u32 vrf_id, int is_in); void nat_free_session_data (snat_main_t * sm, snat_session_t * s, -- cgit 1.2.3-korg