One armed NAT (VPP-1035)

[vpp.git] / src / plugins / nat / nat64.c

diff --git a/src/plugins/nat/nat64.c b/src/plugins/nat/nat64.c
index b04901f..952ca8f 100644 (file)
--- a/src/plugins/nat/nat64.c
+++ b/src/plugins/nat/nat64.c
@@ -107,7 +107,8 @@ nat64_add_del_pool_addr (ip4_address_t * addr, u32 vrf_id, u8 is_add)
       a->fib_index = 0;
       if (vrf_id != ~0)
        a->fib_index =
-         fib_table_find_or_create_and_lock (FIB_PROTOCOL_IP6, vrf_id);
+         fib_table_find_or_create_and_lock (FIB_PROTOCOL_IP6, vrf_id,
+                                            FIB_SOURCE_PLUGIN_HI);
 #define _(N, i, n, s) \
       clib_bitmap_alloc (a->busy_##n##_port_bitmap, 65535);
       foreach_snat_protocol
@@ -119,7 +120,8 @@ nat64_add_del_pool_addr (ip4_address_t * addr, u32 vrf_id, u8 is_add)
        return VNET_API_ERROR_NO_SUCH_ENTRY;
 
       if (a->fib_index)
-       fib_table_unlock (a->fib_index, FIB_PROTOCOL_IP6);
+       fib_table_unlock (a->fib_index, FIB_PROTOCOL_IP6,
+                         FIB_SOURCE_PLUGIN_HI);
 
 #define _(N, id, n, s) \
       clib_bitmap_free (a->busy_##n##_port_bitmap);
@@ -134,7 +136,7 @@ nat64_add_del_pool_addr (ip4_address_t * addr, u32 vrf_id, u8 is_add)
   /* *INDENT-OFF* */
   pool_foreach (interface, nm->interfaces,
   ({
-    if (interface->is_inside)
+    if (nat_interface_is_inside(interface))
       continue;
 
     snat_add_del_addr_to_fib (addr, 32, interface->sw_if_index, is_add);
@@ -168,7 +170,7 @@ nat64_add_del_interface (u32 sw_if_index, u8 is_inside, u8 is_add)
   snat_address_t *ap;
   const char *feature_name, *arc_name;
 
-  /* Check if address already exists */
+  /* Check if interface already exists */
   /* *INDENT-OFF* */
   pool_foreach (i, nm->interfaces,
   ({
@@ -183,19 +185,29 @@ nat64_add_del_interface (u32 sw_if_index, u8 is_inside, u8 is_add)
   if (is_add)
     {
       if (interface)
-       return VNET_API_ERROR_VALUE_EXIST;
+       goto set_flags;
 
       pool_get (nm->interfaces, interface);
       interface->sw_if_index = sw_if_index;
-      interface->is_inside = is_inside;
-
+      interface->flags = 0;
+    set_flags:
+      if (is_inside)
+       interface->flags |= NAT_INTERFACE_FLAG_IS_INSIDE;
+      else
+       interface->flags |= NAT_INTERFACE_FLAG_IS_OUTSIDE;
     }
   else
     {
       if (!interface)
        return VNET_API_ERROR_NO_SUCH_ENTRY;
 
-      pool_put (nm->interfaces, interface);
+      if ((nat_interface_is_inside (interface)
+          && nat_interface_is_outside (interface)))
+       interface->flags &=
+         is_inside ? ~NAT_INTERFACE_FLAG_IS_INSIDE :
+         ~NAT_INTERFACE_FLAG_IS_OUTSIDE;
+      else
+       pool_put (nm->interfaces, interface);
     }
 
   if (!is_inside)
@@ -353,8 +365,8 @@ nat64_add_del_static_bib_entry (ip6_address_t * in_addr,
 {
   nat64_main_t *nm = &nat64_main;
   nat64_db_bib_entry_t *bibe;
-  u32 fib_index =
-    fib_table_find_or_create_and_lock (FIB_PROTOCOL_IP6, vrf_id);
+  u32 fib_index = fib_table_find_or_create_and_lock (FIB_PROTOCOL_IP6, vrf_id,
+                                                    FIB_SOURCE_PLUGIN_HI);
   snat_protocol_t p = ip_proto_to_snat_proto (proto);
   ip46_address_t addr;
   int i;
@@ -644,7 +656,8 @@ nat64_add_del_prefix (ip6_address_t * prefix, u8 plen, u32 vrf_id, u8 is_add)
        {
          vec_add2 (nm->pref64, p, 1);
          p->fib_index =
-           fib_table_find_or_create_and_lock (FIB_PROTOCOL_IP6, vrf_id);
+           fib_table_find_or_create_and_lock (FIB_PROTOCOL_IP6, vrf_id,
+                                              FIB_SOURCE_PLUGIN_HI);
          p->vrf_id = vrf_id;
        }