diff options
Diffstat (limited to 'src/plugins/snat')
-rw-r--r-- | src/plugins/snat/out2in.c | 44 |
1 files changed, 41 insertions, 3 deletions
diff --git a/src/plugins/snat/out2in.c b/src/plugins/snat/out2in.c index 855e9efb806..f08e16d3c51 100644 --- a/src/plugins/snat/out2in.c +++ b/src/plugins/snat/out2in.c @@ -19,6 +19,7 @@ #include <vnet/handoff.h> #include <vnet/ip/ip.h> +#include <vnet/ip/udp.h> #include <vnet/ethernet/ethernet.h> #include <vnet/fib/ip4_fib.h> #include <snat/snat.h> @@ -437,6 +438,14 @@ snat_out2in_node_fn (vlib_main_t * vm, if (snat_static_mapping_match(sm, key0, &sm0, 1)) { b0->error = node->errors[SNAT_OUT2IN_ERROR_NO_TRANSLATION]; + /* + * Send DHCP packets to the ipv4 stack, or we won't + * be able to use dhcp client on the outside interface + */ + if (proto0 != SNAT_PROTOCOL_UDP + || (udp0->dst_port + != clib_host_to_net_u16(UDP_DST_PORT_dhcp_to_client))) + next0 = SNAT_OUT2IN_NEXT_DROP; goto trace0; } @@ -444,7 +453,11 @@ snat_out2in_node_fn (vlib_main_t * vm, s0 = create_session_for_static_mapping(sm, b0, sm0, key0, node, cpu_index); if (!s0) - goto trace0; + { + b0->error = node->errors[SNAT_OUT2IN_ERROR_NO_TRANSLATION]; + next0 = SNAT_OUT2IN_NEXT_DROP; + goto trace0; + } } else s0 = pool_elt_at_index (sm->per_thread_data[cpu_index].sessions, @@ -556,6 +569,14 @@ snat_out2in_node_fn (vlib_main_t * vm, if (snat_static_mapping_match(sm, key1, &sm1, 1)) { b1->error = node->errors[SNAT_OUT2IN_ERROR_NO_TRANSLATION]; + /* + * Send DHCP packets to the ipv4 stack, or we won't + * be able to use dhcp client on the outside interface + */ + if (proto1 != SNAT_PROTOCOL_UDP + || (udp1->dst_port + != clib_host_to_net_u16(UDP_DST_PORT_dhcp_to_client))) + next1 = SNAT_OUT2IN_NEXT_DROP; goto trace1; } @@ -563,7 +584,11 @@ snat_out2in_node_fn (vlib_main_t * vm, s1 = create_session_for_static_mapping(sm, b1, sm1, key1, node, cpu_index); if (!s1) - goto trace1; + { + b1->error = node->errors[SNAT_OUT2IN_ERROR_NO_TRANSLATION]; + next1 = SNAT_OUT2IN_NEXT_DROP; + goto trace1; + } } else s1 = pool_elt_at_index (sm->per_thread_data[cpu_index].sessions, @@ -709,6 +734,15 @@ snat_out2in_node_fn (vlib_main_t * vm, if (snat_static_mapping_match(sm, key0, &sm0, 1)) { b0->error = node->errors[SNAT_OUT2IN_ERROR_NO_TRANSLATION]; + /* + * Send DHCP packets to the ipv4 stack, or we won't + * be able to use dhcp client on the outside interface + */ + if (proto0 != SNAT_PROTOCOL_UDP + || (udp0->dst_port + != clib_host_to_net_u16(UDP_DST_PORT_dhcp_to_client))) + + next0 = SNAT_OUT2IN_NEXT_DROP; goto trace00; } @@ -716,7 +750,11 @@ snat_out2in_node_fn (vlib_main_t * vm, s0 = create_session_for_static_mapping(sm, b0, sm0, key0, node, cpu_index); if (!s0) - goto trace00; + { + b0->error = node->errors[SNAT_OUT2IN_ERROR_NO_TRANSLATION]; + next0 = SNAT_OUT2IN_NEXT_DROP; + goto trace00; + } } else s0 = pool_elt_at_index (sm->per_thread_data[cpu_index].sessions, |