NAT44: prohibit multiple static mappings for a single local address (VPP-1224)

author Matus Fabian <matfabia@cisco.com>

Wed, 4 Apr 2018 10:27:43 +0000 (03:27 -0700)

committer Dave Barach <openvpp@barachs.net>

Wed, 4 Apr 2018 13:05:05 +0000 (13:05 +0000)
author Matus Fabian <matfabia@cisco.com>
Wed, 4 Apr 2018 10:27:43 +0000 (03:27 -0700)
committer Dave Barach <openvpp@barachs.net>
Wed, 4 Apr 2018 13:05:05 +0000 (13:05 +0000)
diff --git a/src/plugins/nat/nat.c b/src/plugins/nat/nat.c

index a2b4010..9a62047 100644 (file)
--- a/src/plugins/nat/nat.c
+++ b/src/plugins/nat/nat.c
@@ -785,6 +785,17 @@ int snat_add_static_mapping(ip4_address_t l_addr, ip4_address_t e_addr,
            vrf_id = sm->inside_vrf_id;
          }
  
+      if (!out2in_only)
+        {
+          m_key.addr = l_addr;
+          m_key.port = addr_only ? 0 : l_port;
+          m_key.protocol = addr_only ? 0 : proto;
+          m_key.fib_index = fib_index;
+          kv.key = m_key.as_u64;
+          if (!clib_bihash_search_8_8 (&sm->static_mapping_by_local, &kv, &value))
+            return VNET_API_ERROR_VALUE_EXIST;
+        }
+
        /* Find external address in allocated addresses and reserve port for
           address and port pair mapping when dynamic translations enabled */
        if (!(addr_only || sm->static_mapping_only || out2in_only))
author	Matus Fabian <matfabia@cisco.com>
	Wed, 4 Apr 2018 10:27:43 +0000 (03:27 -0700)
committer	Dave Barach <openvpp@barachs.net>
	Wed, 4 Apr 2018 13:05:05 +0000 (13:05 +0000)