diff options
| -rw-r--r-- | src/plugins/nat/nat44-ed/nat44_ed_in2out.c | 4 | ||||
| -rw-r--r-- | test/test_nat44_ed.py | 26 |
2 files changed, 28 insertions, 2 deletions
diff --git a/src/plugins/nat/nat44-ed/nat44_ed_in2out.c b/src/plugins/nat/nat44-ed/nat44_ed_in2out.c index f3f3ffa13b0..426b6eeba5c 100644 --- a/src/plugins/nat/nat44-ed/nat44_ed_in2out.c +++ b/src/plugins/nat/nat44-ed/nat44_ed_in2out.c @@ -1030,7 +1030,7 @@ nat44_ed_in2out_fast_path_node_fn_inline (vlib_main_t *vm, fib_table_get_index_for_sw_if_index (FIB_PROTOCOL_IP4, sw_if_index0); lookup.fib_index = rx_fib_index0; - if (PREDICT_FALSE (ip0->ttl == 1)) + if (PREDICT_FALSE (!is_output_feature && ip0->ttl == 1)) { vnet_buffer (b0)->sw_if_index[VLIB_TX] = (u32) ~ 0; icmp4_error_set_vnet_buffer (b0, ICMP4_time_exceeded, @@ -1308,7 +1308,7 @@ nat44_ed_in2out_slow_path_node_fn_inline (vlib_main_t *vm, rx_fib_index0 = fib_table_get_index_for_sw_if_index (FIB_PROTOCOL_IP4, sw_if_index0); - if (PREDICT_FALSE (ip0->ttl == 1)) + if (PREDICT_FALSE (!is_output_feature && ip0->ttl == 1)) { vnet_buffer (b0)->sw_if_index[VLIB_TX] = (u32) ~ 0; icmp4_error_set_vnet_buffer (b0, ICMP4_time_exceeded, diff --git a/test/test_nat44_ed.py b/test/test_nat44_ed.py index 8fba019e7d8..9eea7c820ae 100644 --- a/test/test_nat44_ed.py +++ b/test/test_nat44_ed.py @@ -1189,6 +1189,32 @@ class TestNAT44ED(NAT44EDTestCase): capture = self.pg0.get_capture(len(pkts)) self.verify_capture_in(capture, self.pg0) + # in2out + pkts = self.create_stream_in(self.pg0, self.pg1, ttl=2) + self.pg0.add_stream(pkts) + self.pg_enable_capture(self.pg_interfaces) + self.pg_start() + capture = self.pg1.get_capture(len(pkts)) + self.verify_capture_out(capture, ignore_port=True) + + # out2in + pkts = self.create_stream_out(self.pg1, ttl=2) + self.pg1.add_stream(pkts) + self.pg_enable_capture(self.pg_interfaces) + self.pg_start() + capture = self.pg0.get_capture(len(pkts)) + self.verify_capture_in(capture, self.pg0) + + # in2out + pkts = self.create_stream_in(self.pg0, self.pg1, ttl=1) + self.pg0.add_stream(pkts) + self.pg_enable_capture(self.pg_interfaces) + self.pg_start() + capture = self.pg0.get_capture(len(pkts)) + for p in capture: + self.assertIn(ICMP, p) + self.assertEqual(p[ICMP].type, 11) # 11 == time-exceeded + def test_static_with_port_out2(self): """ NAT44ED 1:1 NAPT asymmetrical rule """ |