nat: deny adding intf addr if static-mapping-only

[vpp.git] / src / plugins / nat / nat44_api.c

diff --git a/src/plugins/nat/nat44_api.c b/src/plugins/nat/nat44_api.c
index cfe2211..a5e2919 100644 (file)
--- a/src/plugins/nat/nat44_api.c
+++ b/src/plugins/nat/nat44_api.c
@@ -333,6 +333,31 @@ vl_api_nat_get_timeouts_t_handler (vl_api_nat_get_timeouts_t * mp)
   /* *INDENT-ON* */
 }
 
+static void
+vl_api_nat_set_fq_options_t_handler (vl_api_nat_set_fq_options_t *mp)
+{
+  snat_main_t *sm = &snat_main;
+  vl_api_nat_set_fq_options_reply_t *rmp;
+  int rv = 0;
+  u32 frame_queue_nelts = ntohl (mp->frame_queue_nelts);
+  rv = snat_set_frame_queue_nelts (frame_queue_nelts);
+  REPLY_MACRO (VL_API_NAT_SET_FQ_OPTIONS_REPLY);
+}
+
+static void
+vl_api_nat_show_fq_options_t_handler (vl_api_nat_show_fq_options_t *mp)
+{
+  vl_api_nat_show_fq_options_reply_t *rmp;
+  snat_main_t *sm = &snat_main;
+  int rv = 0;
+  /* clang-format off */
+  REPLY_MACRO2_ZERO (VL_API_NAT_SHOW_FQ_OPTIONS_REPLY,
+  ({
+    rmp->frame_queue_nelts = htonl (sm->frame_queue_nelts);
+  }));
+  /* clang-format on */
+}
+
 static void
   vl_api_nat_set_addr_and_port_alloc_alg_t_handler
   (vl_api_nat_set_addr_and_port_alloc_alg_t * mp)
@@ -828,13 +853,10 @@ static void
   tag = format (0, "%s", mp->tag);
   vec_terminate_c_string (tag);
 
-  rv = snat_add_static_mapping (local_addr, external_addr, local_port,
-                               external_port, vrf_id,
-                               mp->flags & NAT_API_IS_ADDR_ONLY,
-                               external_sw_if_index, proto,
-                               mp->is_add, twice_nat,
-                               mp->flags & NAT_API_IS_OUT2IN_ONLY, tag, 0,
-                               pool_addr, 0);
+  rv = snat_add_static_mapping (
+    local_addr, external_addr, local_port, external_port, vrf_id,
+    mp->flags & NAT_API_IS_ADDR_ONLY, external_sw_if_index, proto, mp->is_add,
+    twice_nat, mp->flags & NAT_API_IS_OUT2IN_ONLY, tag, 0, pool_addr, 0);
   vec_free (tag);
 
   REPLY_MACRO (VL_API_NAT44_ADD_DEL_STATIC_MAPPING_REPLY);
@@ -1135,6 +1157,12 @@ static void
   int rv = 0;
   u8 is_del;
 
+  if (sm->static_mapping_only)
+    {
+      rv = VNET_API_ERROR_FEATURE_DISABLED;
+      goto send_reply;
+    }
+
   is_del = !mp->is_add;
 
   VALIDATE_SW_IF_INDEX (mp);
@@ -1143,6 +1171,8 @@ static void
                                   mp->flags & NAT_API_IS_TWICE_NAT);
 
   BAD_SW_IF_INDEX_LABEL;
+
+send_reply:
   REPLY_MACRO (VL_API_NAT44_ADD_DEL_INTERFACE_ADDR_REPLY);
 }
 
@@ -1622,7 +1652,7 @@ vl_api_nat44_del_session_t_handler (vl_api_nat44_del_session_t * mp)
       nat44_del_ed_session (sm, &addr, port, &eh_addr, eh_port, mp->protocol,
                            vrf_id, is_in);
   else
-    rv = nat44_del_session (sm, &addr, port, proto, vrf_id, is_in);
+    rv = nat44_ei_del_session (sm, &addr, port, proto, vrf_id, is_in);
 
   REPLY_MACRO (VL_API_NAT44_DEL_SESSION_REPLY);
 }