X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=src%2Fplugins%2Fcnat%2Fcnat_snat_policy.c;h=cd9bfef492a83b2f5996527289ed596991cbdd4a;hb=f6beee077;hp=298dc76d681ed9966db67210ba0500afbfc740e2;hpb=c5fa5391ed04ec1d18129792dc38524f81a7b6e1;p=vpp.git

diff --git a/src/plugins/cnat/cnat_snat_policy.c b/src/plugins/cnat/cnat_snat_policy.c
index 298dc76d681..cd9bfef492a 100644
--- a/src/plugins/cnat/cnat_snat_policy.c
+++ b/src/plugins/cnat/cnat_snat_policy.c
@@ -29,6 +29,8 @@ unformat_cnat_snat_interface_map_type (unformat_input_t *input, va_list *args)
     *a = CNAT_SNAT_IF_MAP_INCLUDE_V6;
   else if (unformat (input, "k8s"))
     *a = CNAT_SNAT_IF_MAP_INCLUDE_POD;
+  else if (unformat (input, "host"))
+    *a = CNAT_SNAT_IF_MAP_INCLUDE_HOST;
   else
     return 0;
   return 1;
@@ -49,6 +51,9 @@ format_cnat_snat_interface_map_type (u8 *s, va_list *args)
     case CNAT_SNAT_IF_MAP_INCLUDE_POD:
       s = format (s, "k8s pod");
       break;
+    case CNAT_SNAT_IF_MAP_INCLUDE_HOST:
+      s = format (s, "k8s host");
+      break;
     default:
       s = format (s, "(unknown)");
       break;
@@ -296,6 +301,14 @@ cnat_snat_policy_k8s (vlib_buffer_t *b, cnat_session_t *session)
   u32 in_if = vnet_buffer (b)->sw_if_index[VLIB_RX];
   u32 out_if = vnet_buffer (b)->sw_if_index[VLIB_TX];
 
+  /* we should never snat traffic that we punt to the host, pass traffic as it
+   * is for us */
+  if (clib_bitmap_get (cpm->interface_maps[CNAT_SNAT_IF_MAP_INCLUDE_HOST],
+		       out_if))
+    {
+      return 0;
+    }
+
   /* source nat for outgoing connections */
   if (cnat_snat_policy_interface_enabled (in_if, af))
     if (cnat_search_snat_prefix (dst_addr, af))