aboutsummaryrefslogtreecommitdiffstats
path: root/src/vnet
diff options
context:
space:
mode:
authorMatus Fabian <matfabia@cisco.com>2017-10-04 08:03:56 -0700
committerOle Trøan <otroan@employees.org>2017-10-09 10:53:40 +0000
commit87da476db0cd804e11463cc453a2bb41c6808542 (patch)
tree19bf8317d9d20dd53df96bdb3593b7c905dfcdd5 /src/vnet
parentdeabc7f731410122c2efb873e8da3c9f68270033 (diff)
NAT: hairpinning rework (VPP-1003)
Change-Id: I7c6911cd6ac366fe62675fd0ff8b0246a25ea1db Signed-off-by: Matus Fabian <matfabia@cisco.com>
Diffstat (limited to 'src/vnet')
-rw-r--r--src/vnet/buffer.h3
-rwxr-xr-xsrc/vnet/ip/ip4_forward.c10
2 files changed, 11 insertions, 2 deletions
diff --git a/src/vnet/buffer.h b/src/vnet/buffer.h
index fbefe7c2f56..e774a084436 100644
--- a/src/vnet/buffer.h
+++ b/src/vnet/buffer.h
@@ -54,7 +54,8 @@
_( 9, IS_IP6) \
_(10, OFFLOAD_IP_CKSUM) \
_(11, OFFLOAD_TCP_CKSUM) \
- _(12, OFFLOAD_UDP_CKSUM)
+ _(12, OFFLOAD_UDP_CKSUM) \
+ _(13, IS_NATED)
#define VNET_BUFFER_FLAGS_VLAN_BITS \
(VNET_BUFFER_F_VLAN_1_DEEP | VNET_BUFFER_F_VLAN_2_DEEP)
diff --git a/src/vnet/ip/ip4_forward.c b/src/vnet/ip/ip4_forward.c
index 64e5e8e829c..3aebb181fce 100755
--- a/src/vnet/ip/ip4_forward.c
+++ b/src/vnet/ip/ip4_forward.c
@@ -1710,6 +1710,9 @@ ip4_local_inline (vlib_main_t * vm,
* - uRPF check for any route to source - accept if passes.
* - allow packets destined to the broadcast address from unknown sources
*/
+ if (p0->flags & VNET_BUFFER_F_IS_NATED)
+ goto skip_check0;
+
error0 = ((error0 == IP4_ERROR_UNKNOWN_PROTOCOL &&
dpo0->dpoi_type == DPO_RECEIVE) ?
IP4_ERROR_SPOOFED_LOCAL_PACKETS : error0);
@@ -1717,6 +1720,11 @@ ip4_local_inline (vlib_main_t * vm,
!fib_urpf_check_size (lb0->lb_urpf) &&
ip0->dst_address.as_u32 != 0xFFFFFFFF)
? IP4_ERROR_SRC_LOOKUP_MISS : error0);
+
+ skip_check0:
+ if (p1->flags & VNET_BUFFER_F_IS_NATED)
+ goto skip_checks;
+
error1 = ((error1 == IP4_ERROR_UNKNOWN_PROTOCOL &&
dpo1->dpoi_type == DPO_RECEIVE) ?
IP4_ERROR_SPOOFED_LOCAL_PACKETS : error1);
@@ -1781,7 +1789,7 @@ ip4_local_inline (vlib_main_t * vm,
until support of IP frag reassembly is implemented */
proto0 = ip4_is_fragment (ip0) ? 0xfe : ip0->protocol;
- if (head_of_feature_arc == 0)
+ if (head_of_feature_arc == 0 || p0->flags & VNET_BUFFER_F_IS_NATED)
goto skip_check;
is_udp0 = proto0 == IP_PROTOCOL_UDP;