diff options
author | Alexander Chernavin <achernavin@netgate.com> | 2020-01-14 06:11:42 -0500 |
---|---|---|
committer | Ole Trøan <otroan@employees.org> | 2020-01-21 10:25:32 +0000 |
commit | 54eda4bcb80cfbaee16b26fad521d6ead5e0a518 (patch) | |
tree | bf213851355b8b898b39a7d296582c8a3c3b4ef3 /src/plugins | |
parent | 2b4e7401499cdc7d51dec027745e0228d3f07b64 (diff) |
nat: fix dhcp client on outside interface with output feature
There was an attempt to fix this problem in the commit:
d3b8c861a44e70c197ab721fa3ce7f38bbeab7fd
But checking the LOCALLY_ORIGINATED flag didn't work because this flag
gets reset before it can reach the NAT nodes.
With this commit, replace the check for the LOCALLY_ORIGINATED flag
with a check to see if the packet is a DHCP broadcast.
Type: fix
Change-Id: I069c08a785b5988b10192f528e4f9c4c7cc2f8a3
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Diffstat (limited to 'src/plugins')
-rwxr-xr-x | src/plugins/nat/in2out.c | 18 | ||||
-rw-r--r-- | src/plugins/nat/in2out_ed.c | 18 |
2 files changed, 18 insertions, 18 deletions
diff --git a/src/plugins/nat/in2out.c b/src/plugins/nat/in2out.c index 8d6f124f51b..7b712523f29 100755 --- a/src/plugins/nat/in2out.c +++ b/src/plugins/nat/in2out.c @@ -1043,11 +1043,11 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, * be able to use dhcp client on the outside interface */ if (PREDICT_FALSE - ((b0->flags & VNET_BUFFER_F_LOCALLY_ORIGINATED) - && proto0 == SNAT_PROTOCOL_UDP + (proto0 == SNAT_PROTOCOL_UDP && (vnet_buffer (b0)->ip.reass.l4_dst_port == clib_host_to_net_u16 - (UDP_DST_PORT_dhcp_to_server)))) + (UDP_DST_PORT_dhcp_to_server)) + && ip0->dst_address.as_u32 == 0xffffffff)) goto trace00; } else @@ -1251,11 +1251,11 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, * be able to use dhcp client on the outside interface */ if (PREDICT_FALSE - ((b1->flags & VNET_BUFFER_F_LOCALLY_ORIGINATED) - && proto1 == SNAT_PROTOCOL_UDP + (proto1 == SNAT_PROTOCOL_UDP && (vnet_buffer (b1)->ip.reass.l4_dst_port == clib_host_to_net_u16 - (UDP_DST_PORT_dhcp_to_server)))) + (UDP_DST_PORT_dhcp_to_server)) + && ip1->dst_address.as_u32 == 0xffffffff)) goto trace01; } else @@ -1492,11 +1492,11 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, * be able to use dhcp client on the outside interface */ if (PREDICT_FALSE - ((b0->flags & VNET_BUFFER_F_LOCALLY_ORIGINATED) - && proto0 == SNAT_PROTOCOL_UDP + (proto0 == SNAT_PROTOCOL_UDP && (vnet_buffer (b0)->ip.reass.l4_dst_port == clib_host_to_net_u16 - (UDP_DST_PORT_dhcp_to_server)))) + (UDP_DST_PORT_dhcp_to_server)) + && ip0->dst_address.as_u32 == 0xffffffff)) goto trace0; } else diff --git a/src/plugins/nat/in2out_ed.c b/src/plugins/nat/in2out_ed.c index ebcd29852bb..e52411094c2 100644 --- a/src/plugins/nat/in2out_ed.c +++ b/src/plugins/nat/in2out_ed.c @@ -1001,11 +1001,11 @@ nat44_ed_in2out_node_fn_inline (vlib_main_t * vm, * be able to use dhcp client on the outside interface */ if (PREDICT_FALSE - ((b0->flags & VNET_BUFFER_F_LOCALLY_ORIGINATED) - && proto0 == SNAT_PROTOCOL_UDP + (proto0 == SNAT_PROTOCOL_UDP && (vnet_buffer (b0)->ip.reass.l4_dst_port == clib_host_to_net_u16 - (UDP_DST_PORT_dhcp_to_server)))) + (UDP_DST_PORT_dhcp_to_server)) + && ip0->dst_address.as_u32 == 0xffffffff)) goto trace00; } else @@ -1245,11 +1245,11 @@ nat44_ed_in2out_node_fn_inline (vlib_main_t * vm, * be able to use dhcp client on the outside interface */ if (PREDICT_FALSE - ((b1->flags & VNET_BUFFER_F_LOCALLY_ORIGINATED) - && proto1 == SNAT_PROTOCOL_UDP + (proto1 == SNAT_PROTOCOL_UDP && (vnet_buffer (b1)->ip.reass.l4_dst_port == clib_host_to_net_u16 - (UDP_DST_PORT_dhcp_to_server)))) + (UDP_DST_PORT_dhcp_to_server)) + && ip1->dst_address.as_u32 == 0xffffffff)) goto trace01; } else @@ -1538,11 +1538,11 @@ nat44_ed_in2out_node_fn_inline (vlib_main_t * vm, * be able to use dhcp client on the outside interface */ if (PREDICT_FALSE - ((b0->flags & VNET_BUFFER_F_LOCALLY_ORIGINATED) - && proto0 == SNAT_PROTOCOL_UDP + (proto0 == SNAT_PROTOCOL_UDP && (vnet_buffer (b0)->ip.reass.l4_dst_port == clib_host_to_net_u16 - (UDP_DST_PORT_dhcp_to_server)))) + (UDP_DST_PORT_dhcp_to_server)) + && ip0->dst_address.as_u32 == 0xffffffff)) goto trace0; } else |