nat: fix dhcp client on outside interface with output feature

When a DHCP client is configured on a NAT outside interface with output feature enabled, DHCP packets will reach the NAT in2out-output node and will be dropped with "out of ports" reason. With this commit, allow locally originated DHCP packets to be sent from a NAT outside interface with output feature enabled. Type: fix Change-Id: I47d76b22587f2bf0c7b0b9dfda41c89f8f61d0b4 Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
author: Alexander Chernavin <achernavin@netgate.com> 2019-11-22 10:10:45 -0500
committer: Ole Trøan <otroan@employees.org> 2019-11-27 10:57:30 +0000
commit: d3b8c861a44e70c197ab721fa3ce7f38bbeab7fd (patch)
tree: cc74274181cd192bbb7589572cdaa2aa99892b2c /src/plugins/nat/in2out.c
parent: 9fb6d40eb3d4a2da8f45187de773498b784596e6 (diff)
1 files changed, 37 insertions, 0 deletions
diff --git a/src/plugins/nat/in2out.c b/src/plugins/nat/in2out.c
index 5cfe058c099..f3878dbbe30 100755
--- a/src/plugins/nat/in2out.c
+++ b/src/plugins/nat/in2out.c
@@ -24,6 +24,7 @@
 #include <vnet/ip/ip.h>
 #include <vnet/ethernet/ethernet.h>
 #include <vnet/fib/ip4_fib.h>
+#include <vnet/udp/udp.h>
 #include <nat/nat.h>
 #include <nat/nat_ipfix_logging.h>
 #include <nat/nat_reass.h>
@@ -1032,6 +1033,18 @@ snat_in2out_node_fn_inline (vlib_main_t * vm,
 									   thread_index,
 									   sw_if_index0)))
 			goto trace00;
+
+		      /*
+		       * Send DHCP packets to the ipv4 stack, or we won't
+		       * be able to use dhcp client on the outside interface
+		       */
+		      if (PREDICT_FALSE
+			  ((b0->flags & VNET_BUFFER_F_LOCALLY_ORIGINATED)
+			   && proto0 == SNAT_PROTOCOL_UDP
+			   && (udp0->dst_port ==
+			       clib_host_to_net_u16
+			       (UDP_DST_PORT_dhcp_to_server))))
+			goto trace00;
 		    }
 		  else
 		    {
@@ -1228,6 +1241,18 @@ snat_in2out_node_fn_inline (vlib_main_t * vm,
 									   thread_index,
 									   sw_if_index1)))
 			goto trace01;
+
+		      /*
+		       * Send DHCP packets to the ipv4 stack, or we won't
+		       * be able to use dhcp client on the outside interface
+		       */
+		      if (PREDICT_FALSE
+			  ((b1->flags & VNET_BUFFER_F_LOCALLY_ORIGINATED)
+			   && proto1 == SNAT_PROTOCOL_UDP
+			   && (udp1->dst_port ==
+			       clib_host_to_net_u16
+			       (UDP_DST_PORT_dhcp_to_server))))
+			goto trace01;
 		    }
 		  else
 		    {
@@ -1458,6 +1483,18 @@ snat_in2out_node_fn_inline (vlib_main_t * vm,
 									   thread_index,
 									   sw_if_index0)))
 			goto trace0;
+
+		      /*
+		       * Send DHCP packets to the ipv4 stack, or we won't
+		       * be able to use dhcp client on the outside interface
+		       */
+		      if (PREDICT_FALSE
+			  ((b0->flags & VNET_BUFFER_F_LOCALLY_ORIGINATED)
+			   && proto0 == SNAT_PROTOCOL_UDP
+			   && (udp0->dst_port ==
+			       clib_host_to_net_u16
+			       (UDP_DST_PORT_dhcp_to_server))))
+			goto trace0;
 		    }
 		  else
 		    {
author	Alexander Chernavin <achernavin@netgate.com>	2019-11-22 10:10:45 -0500
committer	Ole Trøan <otroan@employees.org>	2019-11-27 10:57:30 +0000
commit	d3b8c861a44e70c197ab721fa3ce7f38bbeab7fd (patch)
tree	cc74274181cd192bbb7589572cdaa2aa99892b2c /src/plugins/nat/in2out.c
parent	9fb6d40eb3d4a2da8f45187de773498b784596e6 (diff)