diff options
| author |   Dave Barach <dave@barachs.net> | 2017-01-27 04:04:35 -0500 |
|---|---|---|
| committer | Dave Barach <dave@barachs.net> | 2017-01-27 04:16:48 -0500 |
| commit | 19359429304030728c14bc7296024301867f1e81 (patch) | |
| tree | 3af6976b2951c166dcb314b4dd288569d2ddd2ab | |
| parent | 3d31f00c64de8900730440750182e64fa01ef885 (diff) | |
drop-and-count snat out2in packets with no translations
Send dhcp server-to-client packets to the ip stack, so we can acquire
snat outside interface addresses from a dhcp server
Change-Id: I7751356fa23d9f26b503c9796bd85f96275fe978
Signed-off-by: Dave Barach <dave@barachs.net>
| -rw-r--r-- | src/plugins/snat/out2in.c | 44 |
1 files changed, 41 insertions, 3 deletions
diff --git a/src/plugins/snat/out2in.c b/src/plugins/snat/out2in.c index 855e9efb806..f08e16d3c51 100644 --- a/src/plugins/snat/out2in.c +++ b/src/plugins/snat/out2in.c @@ -19,6 +19,7 @@ #include <vnet/handoff.h> #include <vnet/ip/ip.h> +#include <vnet/ip/udp.h> #include <vnet/ethernet/ethernet.h> #include <vnet/fib/ip4_fib.h> #include <snat/snat.h> @@ -437,6 +438,14 @@ snat_out2in_node_fn (vlib_main_t * vm, if (snat_static_mapping_match(sm, key0, &sm0, 1)) { b0->error = node->errors[SNAT_OUT2IN_ERROR_NO_TRANSLATION]; + /* + * Send DHCP packets to the ipv4 stack, or we won't + * be able to use dhcp client on the outside interface + */ + if (proto0 != SNAT_PROTOCOL_UDP + || (udp0->dst_port + != clib_host_to_net_u16(UDP_DST_PORT_dhcp_to_client))) + next0 = SNAT_OUT2IN_NEXT_DROP; goto trace0; } @@ -444,7 +453,11 @@ snat_out2in_node_fn (vlib_main_t * vm, s0 = create_session_for_static_mapping(sm, b0, sm0, key0, node, cpu_index); if (!s0) - goto trace0; + { + b0->error = node->errors[SNAT_OUT2IN_ERROR_NO_TRANSLATION]; + next0 = SNAT_OUT2IN_NEXT_DROP; + goto trace0; + } } else s0 = pool_elt_at_index (sm->per_thread_data[cpu_index].sessions, @@ -556,6 +569,14 @@ snat_out2in_node_fn (vlib_main_t * vm, if (snat_static_mapping_match(sm, key1, &sm1, 1)) { b1->error = node->errors[SNAT_OUT2IN_ERROR_NO_TRANSLATION]; + /* + * Send DHCP packets to the ipv4 stack, or we won't + * be able to use dhcp client on the outside interface + */ + if (proto1 != SNAT_PROTOCOL_UDP + || (udp1->dst_port + != clib_host_to_net_u16(UDP_DST_PORT_dhcp_to_client))) + next1 = SNAT_OUT2IN_NEXT_DROP; goto trace1; } @@ -563,7 +584,11 @@ snat_out2in_node_fn (vlib_main_t * vm, s1 = create_session_for_static_mapping(sm, b1, sm1, key1, node, cpu_index); if (!s1) - goto trace1; + { + b1->error = node->errors[SNAT_OUT2IN_ERROR_NO_TRANSLATION]; + next1 = SNAT_OUT2IN_NEXT_DROP; + goto trace1; + } } else s1 = pool_elt_at_index (sm->per_thread_data[cpu_index].sessions, @@ -709,6 +734,15 @@ snat_out2in_node_fn (vlib_main_t * vm, if (snat_static_mapping_match(sm, key0, &sm0, 1)) { b0->error = node->errors[SNAT_OUT2IN_ERROR_NO_TRANSLATION]; + /* + * Send DHCP packets to the ipv4 stack, or we won't + * be able to use dhcp client on the outside interface + */ + if (proto0 != SNAT_PROTOCOL_UDP + || (udp0->dst_port + != clib_host_to_net_u16(UDP_DST_PORT_dhcp_to_client))) + + next0 = SNAT_OUT2IN_NEXT_DROP; goto trace00; } @@ -716,7 +750,11 @@ snat_out2in_node_fn (vlib_main_t * vm, s0 = create_session_for_static_mapping(sm, b0, sm0, key0, node, cpu_index); if (!s0) - goto trace00; + { + b0->error = node->errors[SNAT_OUT2IN_ERROR_NO_TRANSLATION]; + next0 = SNAT_OUT2IN_NEXT_DROP; + goto trace00; + } } else s0 = pool_elt_at_index (sm->per_thread_data[cpu_index].sessions, |