NAT44 - unknown protocols work with forwarding

If forwarding is enabled, inbound packets on an outside
interface should not be dropped and instead pass on to
the FIB lookup. This works for TCP and UDP but not other
IP protocols. Enable it for unknown protocols.

Change-Id: I1da84b5633a36b3e5e64079754db2fcc50f29819
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
(cherry picked from commit 03f942a1cc4de3963507fc7075d91aff0cae7d58)

1 files changed, 9 insertions, 6 deletions

diff --git a/src/plugins/nat/out2in.c b/src/plugins/nat/out2in.c
index 11e39ec07a8..e6854e55440 100755
--- a/src/plugins/nat/out2in.c
+++ b/src/plugins/nat/out2in.c
@@ -1103,8 +1103,9 @@ snat_out2in_node_fn (vlib_main_t * vm,
             {
               s0 = snat_out2in_unknown_proto(sm, b0, ip0, rx_fib_index0,
                                              thread_index, now, vm, node);
-              if (!s0)
-                next0 = SNAT_OUT2IN_NEXT_DROP;
+	      if (!sm->forwarding_enabled)
+		if (!s0)
+		  next0 = SNAT_OUT2IN_NEXT_DROP;
               goto trace0;
             }
 
@@ -1269,8 +1270,9 @@ snat_out2in_node_fn (vlib_main_t * vm,
             {
               s1 = snat_out2in_unknown_proto(sm, b1, ip1, rx_fib_index1,
                                              thread_index, now, vm, node);
-              if (!s1)
-                next1 = SNAT_OUT2IN_NEXT_DROP;
+	      if (!sm->forwarding_enabled)
+		if (!s1)
+		  next1 = SNAT_OUT2IN_NEXT_DROP;
               goto trace1;
             }
 
@@ -1461,8 +1463,9 @@ snat_out2in_node_fn (vlib_main_t * vm,
             {
               s0 = snat_out2in_unknown_proto(sm, b0, ip0, rx_fib_index0,
                                              thread_index, now, vm, node);
-              if (!s0)
-                next0 = SNAT_OUT2IN_NEXT_DROP;
+	      if (!sm->forwarding_enabled)
+		if (!s0)
+		  next0 = SNAT_OUT2IN_NEXT_DROP;
               goto trace00;
             }