diff options
author | Alexander Chernavin <achernavin@netgate.com> | 2020-03-19 11:17:52 -0400 |
---|---|---|
committer | Matthew Smith <mgsmith@netgate.com> | 2020-03-31 19:57:54 +0000 |
commit | 8c18f85d325d9c10c8ba695e51925a21f173fbb8 (patch) | |
tree | 9c15d068b7f606ea38ea15c2ba8ca65b00e087e3 | |
parent | 5cee0bca5d0f01d3f26e90dee79780382e843d04 (diff) |
nat: fix unknown proto translation out2in_ed
An unknown proto packet can be processed as UDP with destination port
rewriting which breaks the original packet.
With this commit, stop processing unknown proto packets after
nat44_ed_out2in_unknown_proto() execution.
Type: fix
Change-Id: Iea93faf3c282f542d5ee7120c15e1027c1e4abc9
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
-rw-r--r-- | src/plugins/nat/out2in_ed.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/plugins/nat/out2in_ed.c b/src/plugins/nat/out2in_ed.c index 69436145a67..adf0ec4f726 100644 --- a/src/plugins/nat/out2in_ed.c +++ b/src/plugins/nat/out2in_ed.c @@ -1026,13 +1026,13 @@ nat44_ed_out2in_slow_path_node_fn_inline (vlib_main_t * vm, s0 = nat44_ed_out2in_unknown_proto (sm, b0, ip0, rx_fib_index0, thread_index, now, vm, node); - other_packets++; if (!sm->forwarding_enabled) { if (!s0) next0 = NAT_NEXT_DROP; - goto trace0; } + other_packets++; + goto trace0; } if (PREDICT_FALSE (proto0 == SNAT_PROTOCOL_ICMP)) |