cnat: add input feature node

This allows to configure nat on a per-interface basis. Special care must be taken to ensure the configuration remains consistent. Type: feature Change-Id: I352b2dce182e09d30813ce958333bb1ff37d9b4e Signed-off-by: Aloys Augustin <aloaugus@cisco.com> Signed-off-by: Nathan Skrzypczak <nathan.skrzypczak@gmail.com>
2021-02-25 12:06:11 +01:00
parent 4d237874e5
commit cc9a1a0d39
6 changed files with 507 additions and 0 deletions
--- a/src/plugins/cnat/CMakeLists.txt
+++ b/src/plugins/cnat/CMakeLists.txt
@@ -17,6 +17,7 @@ add_vpp_plugin(cnat
  cnat_client.c
  cnat_node_snat.c
  cnat_node_vip.c
+  cnat_node_feature.c
  cnat_scanner.c
  cnat_session.c
  cnat_translation.c
--- a/src/plugins/cnat/cnat.api
+++ b/src/plugins/cnat/cnat.api
@@ -167,6 +167,17 @@ autoreply define cnat_add_del_snat_prefix
  vl_api_prefix_t prefix;
 };

+enum cnat_snat_policies:u32
+{
+  CNAT_SNAT_POLICY_NONE = 1,
+};
+
+autoreply define cnat_set_snat_policy
+{
+  u32 client_index;
+  u32 context;
+  vl_api_cnat_snat_policies_t policy;
+};
 /*
 * fd.io coding-style-patch-verification: ON
 *
--- a/src/plugins/cnat/cnat_api.c
+++ b/src/plugins/cnat/cnat_api.c
@@ -337,6 +337,23 @@ static void
  REPLY_MACRO (VL_API_CNAT_ADD_DEL_SNAT_PREFIX_REPLY);
 }

+static void
+vl_api_cnat_set_snat_policy_t_handler (vl_api_cnat_set_snat_policy_t *mp)
+{
+  vl_api_cnat_set_snat_policy_reply_t *rmp;
+  int rv = 0;
+  vl_api_cnat_snat_policies_t policy = clib_net_to_host_u32 (mp->policy);
+  switch (policy)
+    {
+    case CNAT_SNAT_POLICY_NONE:
+      cnat_set_snat_policy (NULL);
+      break;
+    default:
+      rv = 1;
+    }
+
+  REPLY_MACRO (VL_API_CNAT_SET_SNAT_POLICY_REPLY);
+}
 #include <cnat/cnat.api.c>

 static clib_error_t *
--- a/src/plugins/cnat/cnat_node_feature.c
+++ b/src/plugins/cnat/cnat_node_feature.c
--- a/src/plugins/cnat/cnat_snat.c
+++ b/src/plugins/cnat/cnat_snat.c
@@ -17,6 +17,59 @@
 #include <cnat/cnat_snat.h>
 #include <cnat/cnat_translation.h>

+cnat_snat_policy_main_t cnat_snat_policy_main;
+
+void
+cnat_set_snat_policy (cnat_snat_policy_t fp)
+{
+  cnat_snat_policy_main.snat_policy = fp;
+}
+
+static clib_error_t *
+cnat_snat_policy_cmd (vlib_main_t *vm, unformat_input_t *input,
+		      vlib_cli_command_t *cmd)
+{
+  cnat_snat_policy_t fp = NULL;
+
+  while (unformat_check_input (input) != UNFORMAT_END_OF_INPUT)
+    {
+      if (unformat (input, "none"))
+	;
+      else
+	return clib_error_return (0, "unknown input '%U'",
+				  format_unformat_error, input);
+    }
+
+  cnat_set_snat_policy (fp);
+  return NULL;
+}
+
+VLIB_CLI_COMMAND (cnat_snat_policy_command, static) = {
+  .path = "cnat set snat policy",
+  .short_help = "cnat set snat policy {none,k8s}",
+  .function = cnat_snat_policy_cmd,
+};
+
+static clib_error_t *
+show_cnat_snat_policy_cmd (vlib_main_t *vm, unformat_input_t *input,
+			   vlib_cli_command_t *cmd)
+{
+  u8 *s = format (NULL, "snat policy: ");
+  if (cnat_snat_policy_main.snat_policy == NULL)
+    s = format (s, "none");
+  else
+    s = format (s, "unknown (%x)", cnat_snat_policy_main.snat_policy);
+
+  vlib_cli_output (vm, (char *) s);
+  return NULL;
+}
+
+VLIB_CLI_COMMAND (show_cnat_snat_policy_command, static) = {
+  .path = "show cnat snat policy",
+  .short_help = "show cnat snat policy",
+  .function = show_cnat_snat_policy_cmd,
+};
+
 static void
 cnat_compute_prefix_lengths_in_search_order (cnat_snat_pfx_table_t *
 					     table, ip_address_family_t af)
--- a/src/plugins/cnat/cnat_snat.h
+++ b/src/plugins/cnat/cnat_snat.h
@@ -17,12 +17,28 @@
 #define __CNAT_SNAT_H__

 #include <cnat/cnat_types.h>
+#include <cnat/cnat_session.h>

+/* function to use to decide whether to snat connections in the output
+   feature */
+typedef void (*cnat_snat_policy_t) (vlib_main_t *vm, vlib_buffer_t *b,
+				    cnat_session_t *session,
+				    cnat_node_ctx_t *ctx, u8 *do_snat);
+
+typedef struct cnat_snat_policy_main_t_
+{
+  /* SNAT policy for the output feature node */
+  cnat_snat_policy_t snat_policy;
+
+} cnat_snat_policy_main_t;
+
+extern cnat_snat_policy_main_t cnat_snat_policy_main;

 extern void cnat_set_snat (ip4_address_t * ip4, ip6_address_t * ip6,
 			   u32 sw_if_index);
 extern int cnat_add_snat_prefix (ip_prefix_t * pfx);
 extern int cnat_del_snat_prefix (ip_prefix_t * pfx);
+extern void cnat_set_snat_policy (cnat_snat_policy_t fp);

 int cnat_search_snat_prefix (ip46_address_t * addr, ip_address_family_t af);