diff options
| author |   Vladimir Isaev <visaev@netgate.com> | 2020-08-27 13:34:50 +0300 |
|---|---|---|
| committer |   Ole Tr�an <otroan@employees.org> | 2020-09-11 11:45:33 +0000 |
| commit | 8fb4d10dc208fb3f284fe79e838343797cb2d813 (patch) | |
| tree | 4e4ba07e5dad1aa011b7655fc8c76d064439aee1 /src/plugins/nat/nat.c | |
| parent | 171d6aceb039a7f0b0d67c837ff74359dae01ae4 (diff) | |
nat: Fix next feature for ED with multiple workers
Multiple (> 1) workers leads to handoff node being enabled.
This node pops next feature index to nat.arc_next to make sure
that packet will be pushed to the next feature in the arc.
But node nat44-ed-in2out-output also pops next feature and changes
arc_next. So actual next feature will be skipped in that case.
It leads to all nat44-ed-in2out packets being dropped if we have
multiple workers (handoff node enabled).
To resolve this a new node was added (nat-pre-in2out-output) to fill
arc_next in single worker case and multiple worker case is already
handled by handoff node.
Type: fix
Signed-off-by: Vladimir Isaev <visaev@netgate.com>
Change-Id: I9dfba68f00164d2d5ab867224871811bef4411ed
Diffstat (limited to 'src/plugins/nat/nat.c')
| -rw-r--r-- | src/plugins/nat/nat.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/src/plugins/nat/nat.c b/src/plugins/nat/nat.c index 61a36ec4e90..15c767c82c3 100644 --- a/src/plugins/nat/nat.c +++ b/src/plugins/nat/nat.c @@ -142,6 +142,12 @@ VNET_FEATURE_INIT (ip4_snat_hairpin_src, static) = { .node_name = "nat44-hairpin-src", .runs_after = VNET_FEATURES ("acl-plugin-out-ip4-fa","ip4-sv-reassembly-output-feature"), }; +VNET_FEATURE_INIT (nat_pre_in2out_output, static) = { + .arc_name = "ip4-output", + .node_name = "nat-pre-in2out-output", + .runs_after = VNET_FEATURES ("ip4-sv-reassembly-output-feature"), + .runs_before = VNET_FEATURES ("acl-plugin-out-ip4-fa"), +}; VNET_FEATURE_INIT (ip4_nat44_ed_in2out_output, static) = { .arc_name = "ip4-output", .node_name = "nat44-ed-in2out-output", @@ -2249,7 +2255,7 @@ feature_set: return rv; vnet_feature_enable_disable ("ip4-unicast", "nat-pre-out2in", sw_if_index, !is_del, 0, 0); - vnet_feature_enable_disable ("ip4-output", "nat44-ed-in2out-output", + vnet_feature_enable_disable ("ip4-output", "nat-pre-in2out-output", sw_if_index, !is_del, 0, 0); } else @@ -4662,6 +4668,7 @@ VLIB_REGISTER_NODE (nat_default_node) = { [NAT_NEXT_ICMP_ERROR] = "ip4-icmp-error", [NAT_NEXT_IN2OUT_ED_FAST_PATH] = "nat44-ed-in2out", [NAT_NEXT_IN2OUT_ED_SLOW_PATH] = "nat44-ed-in2out-slowpath", + [NAT_NEXT_IN2OUT_ED_OUTPUT_FAST_PATH] = "nat44-ed-in2out-output", [NAT_NEXT_IN2OUT_ED_OUTPUT_SLOW_PATH] = "nat44-ed-in2out-output-slowpath", [NAT_NEXT_OUT2IN_ED_FAST_PATH] = "nat44-ed-out2in", [NAT_NEXT_OUT2IN_ED_SLOW_PATH] = "nat44-ed-out2in-slowpath", |