NAT44 - unknown protocols work with forwarding

If forwarding is enabled, inbound packets on an outside
interface should not be dropped and instead pass on to
the FIB lookup. This works for TCP and UDP but not other
IP protocols. Enable it for unknown protocols.

Change-Id: I1da84b5633a36b3e5e64079754db2fcc50f29819
Signed-off-by: Matthew Smith <mgsmith@netgate.com>

1 files changed, 9 insertions, 6 deletions

diff --git a/src/plugins/nat/out2in.c b/src/plugins/nat/out2in.c
index 4589c48aef6..f6d6a0a102d 100755
--- a/src/plugins/nat/out2in.c
+++ b/src/plugins/nat/out2in.c
@@ -1103,8 +1103,9 @@ snat_out2in_node_fn (vlib_main_t * vm,
             {
               s0 = snat_out2in_unknown_proto(sm, b0, ip0, rx_fib_index0,
                                              thread_index, now, vm, node);
-              if (!s0)
-                next0 = SNAT_OUT2IN_NEXT_DROP;
+	      if (!sm->forwarding_enabled)
+		if (!s0)
+		  next0 = SNAT_OUT2IN_NEXT_DROP;
               goto trace0;
             }
 
@@ -1273,8 +1274,9 @@ snat_out2in_node_fn (vlib_main_t * vm,
             {
               s1 = snat_out2in_unknown_proto(sm, b1, ip1, rx_fib_index1,
                                              thread_index, now, vm, node);
-              if (!s1)
-                next1 = SNAT_OUT2IN_NEXT_DROP;
+	      if (!sm->forwarding_enabled)
+		if (!s1)
+		  next1 = SNAT_OUT2IN_NEXT_DROP;
               goto trace1;
             }
 
@@ -1469,8 +1471,9 @@ snat_out2in_node_fn (vlib_main_t * vm,
             {
               s0 = snat_out2in_unknown_proto(sm, b0, ip0, rx_fib_index0,
                                              thread_index, now, vm, node);
-              if (!s0)
-                next0 = SNAT_OUT2IN_NEXT_DROP;
+	      if (!sm->forwarding_enabled)
+		if (!s0)
+		  next0 = SNAT_OUT2IN_NEXT_DROP;
               goto trace00;
             }