From f039587701b47b3b27e281858eef56b29ff91864 Mon Sep 17 00:00:00 2001 From: Alexander Chernavin Date: Fri, 11 Dec 2020 03:36:45 -0500 Subject: [PATCH] nat: deny adding intf addr if static-mapping-only If static-mapping-only is enabled, NAT pool cannot be configured, only static mappings. There're two ways to add addresses to the NAT pool: by address range, or by first found address from an interface. NAT44_ADD_DEL_ADDRESS_RANGE already tests if dynamic mappings are available but NAT44_ADD_DEL_INTERFACE_ADDR doesn't. If static-mapping-only is enabled, adding addresses by range is rejected but by interface not. With this change, if static-mapping-only is enabled, do not allow to add addresses to the NAT pool both ways. Type: fix Signed-off-by: Alexander Chernavin Change-Id: Ifc055ea9a71a5e579388833a2990aef21bf7ed29 --- src/plugins/nat/nat44_api.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/plugins/nat/nat44_api.c b/src/plugins/nat/nat44_api.c index 05a79719261..a5e29198c64 100644 --- a/src/plugins/nat/nat44_api.c +++ b/src/plugins/nat/nat44_api.c @@ -1157,6 +1157,12 @@ static void int rv = 0; u8 is_del; + if (sm->static_mapping_only) + { + rv = VNET_API_ERROR_FEATURE_DISABLED; + goto send_reply; + } + is_del = !mp->is_add; VALIDATE_SW_IF_INDEX (mp); @@ -1165,6 +1171,8 @@ static void mp->flags & NAT_API_IS_TWICE_NAT); BAD_SW_IF_INDEX_LABEL; + +send_reply: REPLY_MACRO (VL_API_NAT44_ADD_DEL_INTERFACE_ADDR_REPLY); } -- 2.16.6