From f6beee077ef3e79a32043dd4685e87d7a6d16a5b Mon Sep 17 00:00:00 2001
From: HediBouattour <hedibouattour2010@gmail.com>
Date: Wed, 16 Aug 2023 13:26:22 +0200
Subject: [PATCH] cnat: add host tag to bitmap in cnat snat

Type: feature

this patch adds a new tag "host" to interfaces for cnat-snat
if an interface is tagged pod and host we do not snat traffic outgoing through it

Change-Id: I71f5bfcb85581bb8508ba547374f0603f1079ac6
Signed-off-by: hedi bouattour <hedibouattour2010@gmail.com>
---
 src/plugins/cnat/cnat.api           |  1 +
 src/plugins/cnat/cnat_snat_policy.c | 13 +++++++++++++
 src/plugins/cnat/cnat_snat_policy.h |  3 +++
 3 files changed, 17 insertions(+)

diff --git a/src/plugins/cnat/cnat.api b/src/plugins/cnat/cnat.api
index 846917eb2e7..6026432507f 100644
--- a/src/plugins/cnat/cnat.api
+++ b/src/plugins/cnat/cnat.api
@@ -173,6 +173,7 @@ enum cnat_snat_policy_table:u8
   CNAT_POLICY_INCLUDE_V4 = 0,
   CNAT_POLICY_INCLUDE_V6 = 1,
   CNAT_POLICY_POD = 2,
+  CNAT_POLICY_HOST = 3,
 };
 
 autoreply define cnat_snat_policy_add_del_if
diff --git a/src/plugins/cnat/cnat_snat_policy.c b/src/plugins/cnat/cnat_snat_policy.c
index 298dc76d681..cd9bfef492a 100644
--- a/src/plugins/cnat/cnat_snat_policy.c
+++ b/src/plugins/cnat/cnat_snat_policy.c
@@ -29,6 +29,8 @@ unformat_cnat_snat_interface_map_type (unformat_input_t *input, va_list *args)
     *a = CNAT_SNAT_IF_MAP_INCLUDE_V6;
   else if (unformat (input, "k8s"))
     *a = CNAT_SNAT_IF_MAP_INCLUDE_POD;
+  else if (unformat (input, "host"))
+    *a = CNAT_SNAT_IF_MAP_INCLUDE_HOST;
   else
     return 0;
   return 1;
@@ -49,6 +51,9 @@ format_cnat_snat_interface_map_type (u8 *s, va_list *args)
     case CNAT_SNAT_IF_MAP_INCLUDE_POD:
       s = format (s, "k8s pod");
       break;
+    case CNAT_SNAT_IF_MAP_INCLUDE_HOST:
+      s = format (s, "k8s host");
+      break;
     default:
       s = format (s, "(unknown)");
       break;
@@ -296,6 +301,14 @@ cnat_snat_policy_k8s (vlib_buffer_t *b, cnat_session_t *session)
   u32 in_if = vnet_buffer (b)->sw_if_index[VLIB_RX];
   u32 out_if = vnet_buffer (b)->sw_if_index[VLIB_TX];
 
+  /* we should never snat traffic that we punt to the host, pass traffic as it
+   * is for us */
+  if (clib_bitmap_get (cpm->interface_maps[CNAT_SNAT_IF_MAP_INCLUDE_HOST],
+		       out_if))
+    {
+      return 0;
+    }
+
   /* source nat for outgoing connections */
   if (cnat_snat_policy_interface_enabled (in_if, af))
     if (cnat_search_snat_prefix (dst_addr, af))
diff --git a/src/plugins/cnat/cnat_snat_policy.h b/src/plugins/cnat/cnat_snat_policy.h
index 987ae494e16..61c2382602f 100644
--- a/src/plugins/cnat/cnat_snat_policy.h
+++ b/src/plugins/cnat/cnat_snat_policy.h
@@ -45,6 +45,9 @@ typedef enum cnat_snat_interface_map_type_t_
   CNAT_SNAT_IF_MAP_INCLUDE_V4 = AF_IP4,
   CNAT_SNAT_IF_MAP_INCLUDE_V6 = AF_IP6,
   CNAT_SNAT_IF_MAP_INCLUDE_POD,
+  /* CNAT_SNAT_IF_MAP_INCLUDE_HOST is used for interfaces used for punt,
+     replicating uplink */
+  CNAT_SNAT_IF_MAP_INCLUDE_HOST,
   CNAT_N_SNAT_IF_MAP,
 } cnat_snat_interface_map_type_t;
 
-- 
2.16.6