Fix handling of ping to SNAT out interface

Change-Id: I322bfb3469b3d0d5b0cac39a6c2dba1c6f83ce3d Signed-off-by: Juraj Sloboda <jsloboda@cisco.com>
author: Juraj Sloboda <jsloboda@cisco.com> 2017-02-16 17:17:19 -0800
committer: Damjan Marion <dmarion.lists@gmail.com> 2017-02-17 16:31:21 +0000
commit: 665e482f2422cab52da221b019bb81993d7950f3 (patch)
tree: bd0e927deef3b94331c715637e84c151292393d9 /src
parent: 52a047a822242216247a97988ee5ffb329ef9f48 (diff)
1 files changed, 7 insertions, 6 deletions
diff --git a/src/plugins/snat/out2in.c b/src/plugins/snat/out2in.c
index 3c1bb8852f6..328f5ba4c5e 100644
--- a/src/plugins/snat/out2in.c
+++ b/src/plugins/snat/out2in.c
@@ -270,12 +270,6 @@ static inline u32 icmp_out2in_slow_path (snat_main_t *sm,
 
   if (!is_error_message)
     {
-      if (PREDICT_FALSE(icmp0->type != ICMP4_echo_reply))
-        {
-          b0->error = node->errors[SNAT_OUT2IN_ERROR_BAD_ICMP_TYPE];
-          next0 = SNAT_OUT2IN_NEXT_DROP;
-          goto out;
-        }
       key0.protocol = SNAT_PROTOCOL_ICMP;
       key0.port = echo0->identifier;
     }
@@ -353,6 +347,13 @@ static inline u32 icmp_out2in_slow_path (snat_main_t *sm,
     s0 = pool_elt_at_index (sm->per_thread_data[cpu_index].sessions,
                             value0.value);
 
+  if (PREDICT_FALSE(icmp0->type != ICMP4_echo_reply && !is_error_message))
+    {
+      b0->error = node->errors[SNAT_OUT2IN_ERROR_BAD_ICMP_TYPE];
+      next0 = SNAT_OUT2IN_NEXT_DROP;
+      goto out;
+    }
+
   sum0 = ip_incremental_checksum (0, icmp0,
                                   ntohs(ip0->length) - ip4_header_bytes (ip0));
   checksum0 = ~ip_csum_fold (sum0);
author	Juraj Sloboda <jsloboda@cisco.com>	2017-02-16 17:17:19 -0800
committer	Damjan Marion <dmarion.lists@gmail.com>	2017-02-17 16:31:21 +0000
commit	665e482f2422cab52da221b019bb81993d7950f3 (patch)
tree	bd0e927deef3b94331c715637e84c151292393d9 /src
parent	52a047a822242216247a97988ee5ffb329ef9f48 (diff)