chore(nat): Improve AllocatorError variants and messages

nat/src/stateful/allocation.rs

@@ -14,10 +14,12 @@ pub enum AllocatorError {
     NoFreeIp,
     #[error("failed to allocate port block")]
     NoPortBlock,
-    #[error("no free port block available (base: {0})")]
+    #[error("no free port available in port block (block base index: {0})")]
     NoFreePort(u16),
     #[error("failed to allocate port: {0}")]
     PortAllocationFailed(NatPortError),
+    #[error("failed to reserve port: {0}")]
+    PortReservationFailed(u16),
     #[error("unsupported protocol: {0:?}")]
     UnsupportedProtocol(NextHeader),
     #[error("missing VPC discriminant")]

nat/src/stateful/apalloc/port_alloc.rs

@@ -499,7 +499,7 @@ impl<I: NatIpWithBitmap> AllocatedPortBlock<I> {
                     )
                 })?,
             )
-            .map_err(|()| AllocatorError::NoFreePort(port.as_u16()))?;
+            .map_err(|()| AllocatorError::PortReservationFailed(port.as_u16()))?;
 
         Ok(AllocatedPort::new(port, self.clone()))
     }

nat/src/stateful/mod.rs

@@ -16,68 +16,5 @@ pub use allocator_writer::NatAllocatorWriter;
 pub use allocator_writer::StatefulNatConfig;
 pub use nf::StatefulNat;
 
-#[allow(unused)]
-use tracing::{debug, error, warn};
-
 use tracectl::trace_target;
 trace_target!("stateful-nat", LevelFilter::INFO, &["nat", "pipeline"]);
-
-#[cfg(test)]
-mod tests {
-    use crate::NatPort;
-    use net::headers::Transport;
-    use net::tcp::Tcp;
-    use net::tcp::port::TcpPort;
-    use net::udp::Udp;
-    use net::udp::port::UdpPort;
-
-    #[test]
-    fn test_set_tcp_ports() {
-        let mut transport = Transport::Tcp(Tcp::new(
-            TcpPort::try_from(80).expect("Invalid port"),
-            TcpPort::try_from(443).expect("Invalid port"),
-        ));
-        let target_port = NatPort::new_port_checked(1234).expect("Invalid port");
-
-        transport
-            .try_set_source(target_port.try_into().unwrap())
-            .unwrap();
-        let Transport::Tcp(ref mut tcp) = transport else {
-            unreachable!()
-        };
-        assert_eq!(tcp.source(), TcpPort::try_from(1234).unwrap());
-
-        transport
-            .try_set_destination(target_port.try_into().unwrap())
-            .unwrap();
-        let Transport::Tcp(ref mut tcp) = transport else {
-            unreachable!()
-        };
-        assert_eq!(tcp.destination(), TcpPort::try_from(1234).unwrap());
-    }
-
-    #[test]
-    fn test_set_udp_port() {
-        let mut transport = Transport::Udp(Udp::new(
-            UdpPort::try_from(80).expect("Invalid port"),
-            UdpPort::try_from(443).expect("Invalid port"),
-        ));
-        let target_port = NatPort::new_port_checked(1234).expect("Invalid port");
-
-        transport
-            .try_set_source(target_port.try_into().unwrap())
-            .unwrap();
-        let Transport::Udp(ref mut udp) = transport else {
-            unreachable!()
-        };
-        assert_eq!(udp.source(), UdpPort::try_from(1234).unwrap());
-
-        transport
-            .try_set_destination(target_port.try_into().unwrap())
-            .unwrap();
-        let Transport::Udp(ref mut udp) = transport else {
-            unreachable!()
-        };
-        assert_eq!(udp.destination(), UdpPort::try_from(1234).unwrap());
-    }
-}

nat/src/stateful/nf.rs

@@ -528,6 +528,7 @@ fn translate_error(error: &StatefulNatError) -> DoneReason {
         | StatefulNatError::IcmpError
         | StatefulNatError::AllocationFailure(
             AllocatorError::PortAllocationFailed(_)
+            | AllocatorError::PortReservationFailed(_)
             | AllocatorError::MissingDiscriminant
             | AllocatorError::UnsupportedDiscriminant,
         ) => DoneReason::NatFailure,
@@ -567,3 +568,63 @@ impl<Buf: PacketBufferMut> NetworkFunction<Buf> for StatefulNat {
         self.pipeline_data = data;
     }
 }
+
+#[cfg(test)]
+mod tests {
+    use crate::NatPort;
+    use net::headers::Transport;
+    use net::tcp::Tcp;
+    use net::tcp::port::TcpPort;
+    use net::udp::Udp;
+    use net::udp::port::UdpPort;
+
+    #[test]
+    fn test_set_tcp_ports() {
+        let mut transport = Transport::Tcp(Tcp::new(
+            TcpPort::try_from(80).expect("Invalid port"),
+            TcpPort::try_from(443).expect("Invalid port"),
+        ));
+        let target_port = NatPort::new_port_checked(1234).expect("Invalid port");
+
+        transport
+            .try_set_source(target_port.try_into().unwrap())
+            .unwrap();
+        let Transport::Tcp(ref mut tcp) = transport else {
+            unreachable!()
+        };
+        assert_eq!(tcp.source(), TcpPort::try_from(1234).unwrap());
+
+        transport
+            .try_set_destination(target_port.try_into().unwrap())
+            .unwrap();
+        let Transport::Tcp(ref mut tcp) = transport else {
+            unreachable!()
+        };
+        assert_eq!(tcp.destination(), TcpPort::try_from(1234).unwrap());
+    }
+
+    #[test]
+    fn test_set_udp_port() {
+        let mut transport = Transport::Udp(Udp::new(
+            UdpPort::try_from(80).expect("Invalid port"),
+            UdpPort::try_from(443).expect("Invalid port"),
+        ));
+        let target_port = NatPort::new_port_checked(1234).expect("Invalid port");
+
+        transport
+            .try_set_source(target_port.try_into().unwrap())
+            .unwrap();
+        let Transport::Udp(ref mut udp) = transport else {
+            unreachable!()
+        };
+        assert_eq!(udp.source(), UdpPort::try_from(1234).unwrap());
+
+        transport
+            .try_set_destination(target_port.try_into().unwrap())
+            .unwrap();
+        let Transport::Udp(ref mut udp) = transport else {
+            unreachable!()
+        };
+        assert_eq!(udp.destination(), UdpPort::try_from(1234).unwrap());
+    }
+}