ligang/vpp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

NAT44: fix nat_not_translate_output_feature for ICMP (VPP-1191)

Browse Source 
Change-Id: I1552e1418b704fdf1f1fa2c0174313b9b82a37a3
Signed-off-by: Matus Fabian <matfabia@cisco.com>
This commit is contained in:
Matus Fabian
2018-03-07 04:57:22 -08:00
committed by Damjan Marion
parent 2ca200501e
commit 2aad876be8
2 changed files with 49 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
src/plugins/nat/in2out.c
View File

@ -254,14 +254,13 @@ snat_not_translate (snat_main_t * sm, vlib_node_runtime_t *node,
static inline int
nat_not_translate_output_feature (snat_main_t * sm, ip4_header_t * ip0,
u32 proto0, u32 thread_index)
u32 proto0, u16 src_port, u32 thread_index)
{
udp_header_t * udp0 = ip4_next_header (ip0);
snat_session_key_t key0;
clib_bihash_kv_8_8_t kv0, value0;
key0.addr = ip0->src_address;
key0.port = udp0->src_port;
key0.port = src_port;
key0.protocol = proto0;
key0.fib_index = sm->outside_fib_index;
kv0.key = key0.as_u64;
@ -562,7 +561,7 @@ u32 icmp_match_in2out_slow(snat_main_t *sm, vlib_node_runtime_t *node,
if (vnet_buffer(b0)->sw_if_index[VLIB_TX] != ~0)
{
if (PREDICT_FALSE(nat_not_translate_output_feature(sm,
ip0, IP_PROTOCOL_ICMP, thread_index)))
ip0, SNAT_PROTOCOL_ICMP, key0.port, thread_index)))
{
dont_translate = 1;
goto out;
@ -571,7 +570,7 @@ u32 icmp_match_in2out_slow(snat_main_t *sm, vlib_node_runtime_t *node,
else
{
if (PREDICT_FALSE(snat_not_translate(sm, node, sw_if_index0,
ip0, IP_PROTOCOL_ICMP, rx_fib_index0, thread_index)))
ip0, SNAT_PROTOCOL_ICMP, rx_fib_index0, thread_index)))
{
dont_translate = 1;
goto out;
@ -1602,7 +1601,7 @@ snat_in2out_node_fn_inline (vlib_main_t * vm,
if (is_output_feature)
{
if (PREDICT_FALSE(nat_not_translate_output_feature(sm,
ip0, proto0, thread_index)))
ip0, proto0, udp0->src_port, thread_index)))
goto trace00;
}
else
@ -1794,7 +1793,7 @@ snat_in2out_node_fn_inline (vlib_main_t * vm,
if (is_output_feature)
{
if (PREDICT_FALSE(nat_not_translate_output_feature(sm,
ip1, proto1, thread_index)))
ip1, proto1, udp1->src_port, thread_index)))
goto trace00;
}
else
@ -2022,7 +2021,7 @@ snat_in2out_node_fn_inline (vlib_main_t * vm,
if (is_output_feature)
{
if (PREDICT_FALSE(nat_not_translate_output_feature(sm,
ip0, proto0, thread_index)))
ip0, proto0, udp0->src_port, thread_index)))
goto trace0;
}
else

79
test/test_nat.py
View File

@ -1806,10 +1806,36 @@ class TestNAT44(MethodHolder):
self.logger.error(ppp("Unexpected or invalid packet:", p))
raise
# multiple clients
@unittest.skipUnless(running_extended_tests(), "part of extended tests")
def test_static_lb_multi_clients(self):
""" NAT44 local service load balancing - multiple clients"""
external_addr_n = socket.inet_pton(socket.AF_INET, self.nat_addr)
external_port = 80
local_port = 8080
server1 = self.pg0.remote_hosts[0]
server2 = self.pg0.remote_hosts[1]
locals = [{'addr': server1.ip4n,
'port': local_port,
'probability': 90},
{'addr': server2.ip4n,
'port': local_port,
'probability': 10}]
self.nat44_add_address(self.nat_addr)
self.vapi.nat44_add_del_lb_static_mapping(external_addr_n,
external_port,
IP_PROTOS.tcp,
local_num=len(locals),
locals=locals)
self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index)
self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index,
is_inside=0)
server1_n = 0
server2_n = 0
clients = ip4_range(self.pg1.remote_ip4, 10, 20)
clients = ip4_range(self.pg1.remote_ip4, 10, 50)
pkts = []
for client in clients:
p = (Ether(src=self.pg1.remote_mac, dst=self.pg1.local_mac) /
@ -3327,47 +3353,26 @@ class TestNAT44(MethodHolder):
raise
# from local network host to external network
ext_port = 0
p = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) /
IP(src=self.pg0.remote_ip4, dst=self.pg1.remote_ip4) /
TCP(sport=23456, dport=34567))
self.pg0.add_stream(p)
pkts = self.create_stream_in(self.pg0, self.pg1)
self.pg0.add_stream(pkts)
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
capture = self.pg1.get_capture(1)
p = capture[0]
try:
ip = p[IP]
tcp = p[TCP]
self.assertEqual(ip.src, self.nat_addr)
self.assertNotEqual(tcp.sport, 23456)
ext_port = tcp.sport
self.check_tcp_checksum(p)
self.check_ip_checksum(p)
except:
self.logger.error(ppp("Unexpected or invalid packet:", p))
raise
capture = self.pg1.get_capture(len(pkts))
self.verify_capture_out(capture)
pkts = self.create_stream_in(self.pg0, self.pg1)
self.pg0.add_stream(pkts)
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
capture = self.pg1.get_capture(len(pkts))
self.verify_capture_out(capture)
# from external network back to local network host
p = (Ether(src=self.pg1.remote_mac, dst=self.pg1.local_mac) /
IP(src=self.pg1.remote_ip4, dst=self.nat_addr) /
TCP(sport=34567, dport=ext_port))
self.pg1.add_stream(p)
pkts = self.create_stream_out(self.pg1)
self.pg1.add_stream(pkts)
self.pg_enable_capture(self.pg_interfaces)
self.pg_start()
capture = self.pg0.get_capture(1)
p = capture[0]
server = None
try:
ip = p[IP]
tcp = p[TCP]
self.assertEqual(ip.dst, self.pg0.remote_ip4)
self.assertEqual(tcp.dport, 23456)
self.check_tcp_checksum(p)
self.check_ip_checksum(p)
except:
self.logger.error(ppp("Unexpected or invalid packet:", p))
raise
capture = self.pg0.get_capture(len(pkts))
self.verify_capture_in(capture, self.pg0)
def test_output_feature_and_service2(self):
""" NAT44 interface output feature and service host direct access """