summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAlexander Chernavin <achernavin@netgate.com>2020-01-14 06:11:42 -0500
committerOle Trøan <otroan@employees.org>2020-01-21 10:25:32 +0000
commit54eda4bcb80cfbaee16b26fad521d6ead5e0a518 (patch)
treebf213851355b8b898b39a7d296582c8a3c3b4ef3
parent2b4e7401499cdc7d51dec027745e0228d3f07b64 (diff)
nat: fix dhcp client on outside interface with output feature
There was an attempt to fix this problem in the commit: d3b8c861a44e70c197ab721fa3ce7f38bbeab7fd But checking the LOCALLY_ORIGINATED flag didn't work because this flag gets reset before it can reach the NAT nodes. With this commit, replace the check for the LOCALLY_ORIGINATED flag with a check to see if the packet is a DHCP broadcast. Type: fix Change-Id: I069c08a785b5988b10192f528e4f9c4c7cc2f8a3 Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
-rwxr-xr-xsrc/plugins/nat/in2out.c18
-rw-r--r--src/plugins/nat/in2out_ed.c18
2 files changed, 18 insertions, 18 deletions
diff --git a/src/plugins/nat/in2out.c b/src/plugins/nat/in2out.c
index 8d6f124f51b..7b712523f29 100755
--- a/src/plugins/nat/in2out.c
+++ b/src/plugins/nat/in2out.c
@@ -1043,11 +1043,11 @@ snat_in2out_node_fn_inline (vlib_main_t * vm,
* be able to use dhcp client on the outside interface
*/
if (PREDICT_FALSE
- ((b0->flags & VNET_BUFFER_F_LOCALLY_ORIGINATED)
- && proto0 == SNAT_PROTOCOL_UDP
+ (proto0 == SNAT_PROTOCOL_UDP
&& (vnet_buffer (b0)->ip.reass.l4_dst_port ==
clib_host_to_net_u16
- (UDP_DST_PORT_dhcp_to_server))))
+ (UDP_DST_PORT_dhcp_to_server))
+ && ip0->dst_address.as_u32 == 0xffffffff))
goto trace00;
}
else
@@ -1251,11 +1251,11 @@ snat_in2out_node_fn_inline (vlib_main_t * vm,
* be able to use dhcp client on the outside interface
*/
if (PREDICT_FALSE
- ((b1->flags & VNET_BUFFER_F_LOCALLY_ORIGINATED)
- && proto1 == SNAT_PROTOCOL_UDP
+ (proto1 == SNAT_PROTOCOL_UDP
&& (vnet_buffer (b1)->ip.reass.l4_dst_port ==
clib_host_to_net_u16
- (UDP_DST_PORT_dhcp_to_server))))
+ (UDP_DST_PORT_dhcp_to_server))
+ && ip1->dst_address.as_u32 == 0xffffffff))
goto trace01;
}
else
@@ -1492,11 +1492,11 @@ snat_in2out_node_fn_inline (vlib_main_t * vm,
* be able to use dhcp client on the outside interface
*/
if (PREDICT_FALSE
- ((b0->flags & VNET_BUFFER_F_LOCALLY_ORIGINATED)
- && proto0 == SNAT_PROTOCOL_UDP
+ (proto0 == SNAT_PROTOCOL_UDP
&& (vnet_buffer (b0)->ip.reass.l4_dst_port ==
clib_host_to_net_u16
- (UDP_DST_PORT_dhcp_to_server))))
+ (UDP_DST_PORT_dhcp_to_server))
+ && ip0->dst_address.as_u32 == 0xffffffff))
goto trace0;
}
else
diff --git a/src/plugins/nat/in2out_ed.c b/src/plugins/nat/in2out_ed.c
index ebcd29852bb..e52411094c2 100644
--- a/src/plugins/nat/in2out_ed.c
+++ b/src/plugins/nat/in2out_ed.c
@@ -1001,11 +1001,11 @@ nat44_ed_in2out_node_fn_inline (vlib_main_t * vm,
* be able to use dhcp client on the outside interface
*/
if (PREDICT_FALSE
- ((b0->flags & VNET_BUFFER_F_LOCALLY_ORIGINATED)
- && proto0 == SNAT_PROTOCOL_UDP
+ (proto0 == SNAT_PROTOCOL_UDP
&& (vnet_buffer (b0)->ip.reass.l4_dst_port ==
clib_host_to_net_u16
- (UDP_DST_PORT_dhcp_to_server))))
+ (UDP_DST_PORT_dhcp_to_server))
+ && ip0->dst_address.as_u32 == 0xffffffff))
goto trace00;
}
else
@@ -1245,11 +1245,11 @@ nat44_ed_in2out_node_fn_inline (vlib_main_t * vm,
* be able to use dhcp client on the outside interface
*/
if (PREDICT_FALSE
- ((b1->flags & VNET_BUFFER_F_LOCALLY_ORIGINATED)
- && proto1 == SNAT_PROTOCOL_UDP
+ (proto1 == SNAT_PROTOCOL_UDP
&& (vnet_buffer (b1)->ip.reass.l4_dst_port ==
clib_host_to_net_u16
- (UDP_DST_PORT_dhcp_to_server))))
+ (UDP_DST_PORT_dhcp_to_server))
+ && ip1->dst_address.as_u32 == 0xffffffff))
goto trace01;
}
else
@@ -1538,11 +1538,11 @@ nat44_ed_in2out_node_fn_inline (vlib_main_t * vm,
* be able to use dhcp client on the outside interface
*/
if (PREDICT_FALSE
- ((b0->flags & VNET_BUFFER_F_LOCALLY_ORIGINATED)
- && proto0 == SNAT_PROTOCOL_UDP
+ (proto0 == SNAT_PROTOCOL_UDP
&& (vnet_buffer (b0)->ip.reass.l4_dst_port ==
clib_host_to_net_u16
- (UDP_DST_PORT_dhcp_to_server))))
+ (UDP_DST_PORT_dhcp_to_server))
+ && ip0->dst_address.as_u32 == 0xffffffff))
goto trace0;
}
else