From 2aad876be8d5b1754976dc29a401a4bbf4a2c76d Mon Sep 17 00:00:00 2001 From: Matus Fabian Date: Wed, 7 Mar 2018 04:57:22 -0800 Subject: [PATCH] NAT44: fix nat_not_translate_output_feature for ICMP (VPP-1191) Change-Id: I1552e1418b704fdf1f1fa2c0174313b9b82a37a3 Signed-off-by: Matus Fabian --- src/plugins/nat/in2out.c | 15 ++++---- test/test_nat.py | 79 +++++++++++++++++++++------------------- 2 files changed, 49 insertions(+), 45 deletions(-) diff --git a/src/plugins/nat/in2out.c b/src/plugins/nat/in2out.c index f009ce47d78..5d6969f5789 100755 --- a/src/plugins/nat/in2out.c +++ b/src/plugins/nat/in2out.c @@ -254,14 +254,13 @@ snat_not_translate (snat_main_t * sm, vlib_node_runtime_t *node, static inline int nat_not_translate_output_feature (snat_main_t * sm, ip4_header_t * ip0, - u32 proto0, u32 thread_index) + u32 proto0, u16 src_port, u32 thread_index) { - udp_header_t * udp0 = ip4_next_header (ip0); snat_session_key_t key0; clib_bihash_kv_8_8_t kv0, value0; key0.addr = ip0->src_address; - key0.port = udp0->src_port; + key0.port = src_port; key0.protocol = proto0; key0.fib_index = sm->outside_fib_index; kv0.key = key0.as_u64; @@ -562,7 +561,7 @@ u32 icmp_match_in2out_slow(snat_main_t *sm, vlib_node_runtime_t *node, if (vnet_buffer(b0)->sw_if_index[VLIB_TX] != ~0) { if (PREDICT_FALSE(nat_not_translate_output_feature(sm, - ip0, IP_PROTOCOL_ICMP, thread_index))) + ip0, SNAT_PROTOCOL_ICMP, key0.port, thread_index))) { dont_translate = 1; goto out; @@ -571,7 +570,7 @@ u32 icmp_match_in2out_slow(snat_main_t *sm, vlib_node_runtime_t *node, else { if (PREDICT_FALSE(snat_not_translate(sm, node, sw_if_index0, - ip0, IP_PROTOCOL_ICMP, rx_fib_index0, thread_index))) + ip0, SNAT_PROTOCOL_ICMP, rx_fib_index0, thread_index))) { dont_translate = 1; goto out; @@ -1602,7 +1601,7 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, if (is_output_feature) { if (PREDICT_FALSE(nat_not_translate_output_feature(sm, - ip0, proto0, thread_index))) + ip0, proto0, udp0->src_port, thread_index))) goto trace00; } else @@ -1794,7 +1793,7 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, if (is_output_feature) { if (PREDICT_FALSE(nat_not_translate_output_feature(sm, - ip1, proto1, thread_index))) + ip1, proto1, udp1->src_port, thread_index))) goto trace00; } else @@ -2022,7 +2021,7 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, if (is_output_feature) { if (PREDICT_FALSE(nat_not_translate_output_feature(sm, - ip0, proto0, thread_index))) + ip0, proto0, udp0->src_port, thread_index))) goto trace0; } else diff --git a/test/test_nat.py b/test/test_nat.py index ec2009ef6fd..344a459cbde 100644 --- a/test/test_nat.py +++ b/test/test_nat.py @@ -1806,10 +1806,36 @@ class TestNAT44(MethodHolder): self.logger.error(ppp("Unexpected or invalid packet:", p)) raise - # multiple clients + @unittest.skipUnless(running_extended_tests(), "part of extended tests") + def test_static_lb_multi_clients(self): + """ NAT44 local service load balancing - multiple clients""" + + external_addr_n = socket.inet_pton(socket.AF_INET, self.nat_addr) + external_port = 80 + local_port = 8080 + server1 = self.pg0.remote_hosts[0] + server2 = self.pg0.remote_hosts[1] + + locals = [{'addr': server1.ip4n, + 'port': local_port, + 'probability': 90}, + {'addr': server2.ip4n, + 'port': local_port, + 'probability': 10}] + + self.nat44_add_address(self.nat_addr) + self.vapi.nat44_add_del_lb_static_mapping(external_addr_n, + external_port, + IP_PROTOS.tcp, + local_num=len(locals), + locals=locals) + self.vapi.nat44_interface_add_del_feature(self.pg0.sw_if_index) + self.vapi.nat44_interface_add_del_feature(self.pg1.sw_if_index, + is_inside=0) + server1_n = 0 server2_n = 0 - clients = ip4_range(self.pg1.remote_ip4, 10, 20) + clients = ip4_range(self.pg1.remote_ip4, 10, 50) pkts = [] for client in clients: p = (Ether(src=self.pg1.remote_mac, dst=self.pg1.local_mac) / @@ -3327,47 +3353,26 @@ class TestNAT44(MethodHolder): raise # from local network host to external network - ext_port = 0 - p = (Ether(src=self.pg0.remote_mac, dst=self.pg0.local_mac) / - IP(src=self.pg0.remote_ip4, dst=self.pg1.remote_ip4) / - TCP(sport=23456, dport=34567)) - self.pg0.add_stream(p) + pkts = self.create_stream_in(self.pg0, self.pg1) + self.pg0.add_stream(pkts) self.pg_enable_capture(self.pg_interfaces) self.pg_start() - capture = self.pg1.get_capture(1) - p = capture[0] - try: - ip = p[IP] - tcp = p[TCP] - self.assertEqual(ip.src, self.nat_addr) - self.assertNotEqual(tcp.sport, 23456) - ext_port = tcp.sport - self.check_tcp_checksum(p) - self.check_ip_checksum(p) - except: - self.logger.error(ppp("Unexpected or invalid packet:", p)) - raise + capture = self.pg1.get_capture(len(pkts)) + self.verify_capture_out(capture) + pkts = self.create_stream_in(self.pg0, self.pg1) + self.pg0.add_stream(pkts) + self.pg_enable_capture(self.pg_interfaces) + self.pg_start() + capture = self.pg1.get_capture(len(pkts)) + self.verify_capture_out(capture) # from external network back to local network host - p = (Ether(src=self.pg1.remote_mac, dst=self.pg1.local_mac) / - IP(src=self.pg1.remote_ip4, dst=self.nat_addr) / - TCP(sport=34567, dport=ext_port)) - self.pg1.add_stream(p) + pkts = self.create_stream_out(self.pg1) + self.pg1.add_stream(pkts) self.pg_enable_capture(self.pg_interfaces) self.pg_start() - capture = self.pg0.get_capture(1) - p = capture[0] - server = None - try: - ip = p[IP] - tcp = p[TCP] - self.assertEqual(ip.dst, self.pg0.remote_ip4) - self.assertEqual(tcp.dport, 23456) - self.check_tcp_checksum(p) - self.check_ip_checksum(p) - except: - self.logger.error(ppp("Unexpected or invalid packet:", p)) - raise + capture = self.pg0.get_capture(len(pkts)) + self.verify_capture_in(capture, self.pg0) def test_output_feature_and_service2(self): """ NAT44 interface output feature and service host direct access """