summaryrefslogtreecommitdiffstats
path: root/src/plugins/nat
diff options
context:
space:
mode:
authorAlexander Chernavin <achernavin@netgate.com>2019-11-22 10:10:45 -0500
committerOle Trøan <otroan@employees.org>2019-11-27 10:57:30 +0000
commitd3b8c861a44e70c197ab721fa3ce7f38bbeab7fd (patch)
treecc74274181cd192bbb7589572cdaa2aa99892b2c /src/plugins/nat
parent9fb6d40eb3d4a2da8f45187de773498b784596e6 (diff)
nat: fix dhcp client on outside interface with output feature
When a DHCP client is configured on a NAT outside interface with output feature enabled, DHCP packets will reach the NAT in2out-output node and will be dropped with "out of ports" reason. With this commit, allow locally originated DHCP packets to be sent from a NAT outside interface with output feature enabled. Type: fix Change-Id: I47d76b22587f2bf0c7b0b9dfda41c89f8f61d0b4 Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Diffstat (limited to 'src/plugins/nat')
-rwxr-xr-xsrc/plugins/nat/in2out.c37
-rw-r--r--src/plugins/nat/in2out_ed.c49
2 files changed, 86 insertions, 0 deletions
diff --git a/src/plugins/nat/in2out.c b/src/plugins/nat/in2out.c
index 5cfe058c099..f3878dbbe30 100755
--- a/src/plugins/nat/in2out.c
+++ b/src/plugins/nat/in2out.c
@@ -24,6 +24,7 @@
#include <vnet/ip/ip.h>
#include <vnet/ethernet/ethernet.h>
#include <vnet/fib/ip4_fib.h>
+#include <vnet/udp/udp.h>
#include <nat/nat.h>
#include <nat/nat_ipfix_logging.h>
#include <nat/nat_reass.h>
@@ -1032,6 +1033,18 @@ snat_in2out_node_fn_inline (vlib_main_t * vm,
thread_index,
sw_if_index0)))
goto trace00;
+
+ /*
+ * Send DHCP packets to the ipv4 stack, or we won't
+ * be able to use dhcp client on the outside interface
+ */
+ if (PREDICT_FALSE
+ ((b0->flags & VNET_BUFFER_F_LOCALLY_ORIGINATED)
+ && proto0 == SNAT_PROTOCOL_UDP
+ && (udp0->dst_port ==
+ clib_host_to_net_u16
+ (UDP_DST_PORT_dhcp_to_server))))
+ goto trace00;
}
else
{
@@ -1228,6 +1241,18 @@ snat_in2out_node_fn_inline (vlib_main_t * vm,
thread_index,
sw_if_index1)))
goto trace01;
+
+ /*
+ * Send DHCP packets to the ipv4 stack, or we won't
+ * be able to use dhcp client on the outside interface
+ */
+ if (PREDICT_FALSE
+ ((b1->flags & VNET_BUFFER_F_LOCALLY_ORIGINATED)
+ && proto1 == SNAT_PROTOCOL_UDP
+ && (udp1->dst_port ==
+ clib_host_to_net_u16
+ (UDP_DST_PORT_dhcp_to_server))))
+ goto trace01;
}
else
{
@@ -1458,6 +1483,18 @@ snat_in2out_node_fn_inline (vlib_main_t * vm,
thread_index,
sw_if_index0)))
goto trace0;
+
+ /*
+ * Send DHCP packets to the ipv4 stack, or we won't
+ * be able to use dhcp client on the outside interface
+ */
+ if (PREDICT_FALSE
+ ((b0->flags & VNET_BUFFER_F_LOCALLY_ORIGINATED)
+ && proto0 == SNAT_PROTOCOL_UDP
+ && (udp0->dst_port ==
+ clib_host_to_net_u16
+ (UDP_DST_PORT_dhcp_to_server))))
+ goto trace0;
}
else
{
diff --git a/src/plugins/nat/in2out_ed.c b/src/plugins/nat/in2out_ed.c
index 733e4f0c0e5..2d2be5c3812 100644
--- a/src/plugins/nat/in2out_ed.c
+++ b/src/plugins/nat/in2out_ed.c
@@ -23,6 +23,7 @@
#include <vnet/ip/ip.h>
#include <vnet/ethernet/ethernet.h>
#include <vnet/fib/ip4_fib.h>
+#include <vnet/udp/udp.h>
#include <vppinfra/error.h>
#include <nat/nat.h>
#include <nat/nat_ipfix_logging.h>
@@ -1005,6 +1006,18 @@ nat44_ed_in2out_node_fn_inline (vlib_main_t * vm,
udp0->dst_port, thread_index, sw_if_index0,
vnet_buffer (b0)->sw_if_index[VLIB_TX])))
goto trace00;
+
+ /*
+ * Send DHCP packets to the ipv4 stack, or we won't
+ * be able to use dhcp client on the outside interface
+ */
+ if (PREDICT_FALSE
+ ((b0->flags & VNET_BUFFER_F_LOCALLY_ORIGINATED)
+ && proto0 == SNAT_PROTOCOL_UDP
+ && (udp0->dst_port ==
+ clib_host_to_net_u16
+ (UDP_DST_PORT_dhcp_to_server))))
+ goto trace00;
}
else
{
@@ -1228,6 +1241,18 @@ nat44_ed_in2out_node_fn_inline (vlib_main_t * vm,
udp1->dst_port, thread_index, sw_if_index1,
vnet_buffer (b1)->sw_if_index[VLIB_TX])))
goto trace01;
+
+ /*
+ * Send DHCP packets to the ipv4 stack, or we won't
+ * be able to use dhcp client on the outside interface
+ */
+ if (PREDICT_FALSE
+ ((b1->flags & VNET_BUFFER_F_LOCALLY_ORIGINATED)
+ && proto1 == SNAT_PROTOCOL_UDP
+ && (udp1->dst_port ==
+ clib_host_to_net_u16
+ (UDP_DST_PORT_dhcp_to_server))))
+ goto trace01;
}
else
{
@@ -1495,6 +1520,18 @@ nat44_ed_in2out_node_fn_inline (vlib_main_t * vm,
udp0->dst_port, thread_index, sw_if_index0,
vnet_buffer (b0)->sw_if_index[VLIB_TX])))
goto trace0;
+
+ /*
+ * Send DHCP packets to the ipv4 stack, or we won't
+ * be able to use dhcp client on the outside interface
+ */
+ if (PREDICT_FALSE
+ ((b0->flags & VNET_BUFFER_F_LOCALLY_ORIGINATED)
+ && proto0 == SNAT_PROTOCOL_UDP
+ && (udp0->dst_port ==
+ clib_host_to_net_u16
+ (UDP_DST_PORT_dhcp_to_server))))
+ goto trace0;
}
else
{
@@ -1796,6 +1833,18 @@ nat44_ed_in2out_reass_node_fn_inline (vlib_main_t * vm,
&fragments_to_loopback);
goto trace0;
}
+
+ /*
+ * Send DHCP packets to the ipv4 stack, or we won't
+ * be able to use dhcp client on the outside interface
+ */
+ if (PREDICT_FALSE
+ ((b0->flags & VNET_BUFFER_F_LOCALLY_ORIGINATED)
+ && proto0 == SNAT_PROTOCOL_UDP
+ && (udp0->dst_port ==
+ clib_host_to_net_u16
+ (UDP_DST_PORT_dhcp_to_server))))
+ goto trace0;
}
else
{