From e3f078fcfc76d465552f0a0343a1886f4d177dd0 Mon Sep 17 00:00:00 2001
From: Matthew Smith <mgsmith@netgate.com>
Date: Wed, 4 Nov 2020 11:18:10 -0600
Subject: [PATCH] nat: fix byte order on ipfix message fields

Type: fix

The code for quota exceeded events is a u32 and was being copied
into ipfix packets in host byte order. Same for the limit field.

Swap the order before copying into packet buffer.

This change was applied once before but had to be reverted. This was
because between the time the change was uploaded/reviewed and the
time it was merged, a different patch was merged which activated a
NAT ipfix unit test that had formerly only been run as part of the
extended tests. The test was expecting the values to be in host byte
order so it failed with this patch applied. This time around, that
test has also been updated to expect network byte order.

Change-Id: If5413b1f806d664f6786e56ba13c3eee573c26d2
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
---
 src/plugins/nat/lib/ipfix_logging.c   | 9 ++++++---
 src/plugins/nat/nat44-ed/nat44_ed.api | 2 +-
 src/plugins/nat/nat44-ei/nat44_ei.api | 2 +-
 src/plugins/nat/test/test_nat44_ei.py | 4 ++--
 4 files changed, 10 insertions(+), 7 deletions(-)

diff --git a/src/plugins/nat/lib/ipfix_logging.c b/src/plugins/nat/lib/ipfix_logging.c
index 38a2cc9931b..2a5130e09d0 100644
--- a/src/plugins/nat/lib/ipfix_logging.c
+++ b/src/plugins/nat/lib/ipfix_logging.c
@@ -780,7 +780,7 @@ nat_ipfix_logging_max_entries_per_usr (u32 thread_index,
   vlib_main_t *vm = vlib_get_main ();
   u64 now;
   u8 nat_event = QUOTA_EXCEEDED;
-  u32 quota_event = MAX_ENTRIES_PER_USER;
+  u32 quota_event = clib_host_to_net_u32 (MAX_ENTRIES_PER_USER);
   u16 template_id;
 
   now = (u64) ((vlib_time_now (vm) - silm->vlib_time_0) * 1e3);
@@ -835,6 +835,7 @@ nat_ipfix_logging_max_entries_per_usr (u32 thread_index,
       clib_memcpy_fast (b0->data + offset, &quota_event, sizeof (quota_event));
       offset += sizeof (quota_event);
 
+      limit = clib_host_to_net_u32 (limit);
       clib_memcpy_fast (b0->data + offset, &limit, sizeof (limit));
       offset += sizeof (limit);
 
@@ -871,7 +872,7 @@ nat_ipfix_logging_max_ses (u32 thread_index, u32 limit, int do_flush)
   vlib_main_t *vm = vlib_get_main ();
   u64 now;
   u8 nat_event = QUOTA_EXCEEDED;
-  u32 quota_event = MAX_SESSION_ENTRIES;
+  u32 quota_event = clib_host_to_net_u32 (MAX_SESSION_ENTRIES);
   u16 template_id;
 
   now = (u64) ((vlib_time_now (vm) - silm->vlib_time_0) * 1e3);
@@ -926,6 +927,7 @@ nat_ipfix_logging_max_ses (u32 thread_index, u32 limit, int do_flush)
       clib_memcpy_fast (b0->data + offset, &quota_event, sizeof (quota_event));
       offset += sizeof (quota_event);
 
+      limit = clib_host_to_net_u32 (limit);
       clib_memcpy_fast (b0->data + offset, &limit, sizeof (limit));
       offset += sizeof (limit);
 
@@ -959,7 +961,7 @@ nat_ipfix_logging_max_bib (u32 thread_index, u32 limit, int do_flush)
   vlib_main_t *vm = vlib_get_main ();
   u64 now;
   u8 nat_event = QUOTA_EXCEEDED;
-  u32 quota_event = MAX_BIB_ENTRIES;
+  u32 quota_event = clib_host_to_net_u32 (MAX_BIB_ENTRIES);
   u16 template_id;
 
   now = (u64) ((vlib_time_now (vm) - silm->vlib_time_0) * 1e3);
@@ -1014,6 +1016,7 @@ nat_ipfix_logging_max_bib (u32 thread_index, u32 limit, int do_flush)
       clib_memcpy_fast (b0->data + offset, &quota_event, sizeof (quota_event));
       offset += sizeof (quota_event);
 
+      limit = clib_host_to_net_u32 (limit);
       clib_memcpy_fast (b0->data + offset, &limit, sizeof (limit));
       offset += sizeof (limit);
 
diff --git a/src/plugins/nat/nat44-ed/nat44_ed.api b/src/plugins/nat/nat44-ed/nat44_ed.api
index 4028aa71d7b..c65b7a81166 100644
--- a/src/plugins/nat/nat44-ed/nat44_ed.api
+++ b/src/plugins/nat/nat44-ed/nat44_ed.api
@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-option version = "5.2.0";
+option version = "5.3.0";
 import "vnet/ip/ip_types.api";
 import "vnet/interface_types.api";
 import "plugins/nat/lib/nat_types.api";
diff --git a/src/plugins/nat/nat44-ei/nat44_ei.api b/src/plugins/nat/nat44-ei/nat44_ei.api
index 708c20aaadd..38251b072dd 100644
--- a/src/plugins/nat/nat44-ei/nat44_ei.api
+++ b/src/plugins/nat/nat44-ei/nat44_ei.api
@@ -13,7 +13,7 @@
  * limitations under the License.
  */
 
-option version = "1.0.0";
+option version = "1.1.0";
 import "vnet/ip/ip_types.api";
 import "vnet/interface_types.api";
 import "plugins/nat/lib/nat_types.api";
diff --git a/src/plugins/nat/test/test_nat44_ei.py b/src/plugins/nat/test/test_nat44_ei.py
index 4b0bf030963..4160ea2c344 100644
--- a/src/plugins/nat/test/test_nat44_ei.py
+++ b/src/plugins/nat/test/test_nat44_ei.py
@@ -623,9 +623,9 @@ class MethodHolder(VppTestCase):
         # natEvent
         self.assertEqual(scapy.compat.orb(record[230]), 13)
         # natQuotaExceededEvent
-        self.assertEqual(struct.pack("I", 1), record[466])
+        self.assertEqual(struct.pack("!I", 1), record[466])
         # maxSessionEntries
-        self.assertEqual(struct.pack("I", limit), record[471])
+        self.assertEqual(struct.pack("!I", limit), record[471])
 
     def verify_no_nat44_user(self):
         """ Verify that there is no NAT44EI user """
-- 
2.16.6