From 331acc632477ed2da1c9c0b90915a227b5e343d5 Mon Sep 17 00:00:00 2001
From: Matus Fabian <matfabia@cisco.com>
Date: Fri, 8 Dec 2017 03:38:51 -0800
Subject: NAT: DS-Lite AFTR tunnel endpoint address respond to ICMPv6 echo
 request (VPP-1090)

Change-Id: I361c043979274eac1aefcd95abdf1624a3ef2756
Signed-off-by: Matus Fabian <matfabia@cisco.com>
---
 src/plugins/nat/dslite_in2out.c | 11 ++++++++---
 test/test_nat.py                | 14 ++++++++++++++
 2 files changed, 22 insertions(+), 3 deletions(-)

diff --git a/src/plugins/nat/dslite_in2out.c b/src/plugins/nat/dslite_in2out.c
index 9a7751ce11c..54568914ce0 100644
--- a/src/plugins/nat/dslite_in2out.c
+++ b/src/plugins/nat/dslite_in2out.c
@@ -20,7 +20,7 @@ vlib_node_registration_t dslite_in2out_slowpath_node;
 typedef enum
 {
   DSLITE_IN2OUT_NEXT_IP4_LOOKUP,
-  DSLITE_IN2OUT_NEXT_IP6_LOOKUP,
+  DSLITE_IN2OUT_NEXT_IP6_ICMP,
   DSLITE_IN2OUT_NEXT_DROP,
   DSLITE_IN2OUT_NEXT_SLOWPATH,
   DSLITE_IN2OUT_N_NEXT,
@@ -278,6 +278,11 @@ dslite_in2out_node_fn_inline (vlib_main_t * vm, vlib_node_runtime_t * node,
 
 	  if (PREDICT_FALSE (ip60->protocol != IP_PROTOCOL_IP_IN_IP))
 	    {
+	      if (ip60->protocol == IP_PROTOCOL_ICMP6)
+		{
+		  next0 = DSLITE_IN2OUT_NEXT_IP6_ICMP;
+		  goto trace0;
+		}
 	      error0 = DSLITE_ERROR_BAD_IP6_PROTOCOL;
 	      next0 = DSLITE_IN2OUT_NEXT_DROP;
 	      goto trace0;
@@ -443,7 +448,7 @@ VLIB_REGISTER_NODE (dslite_in2out_node) = {
   .next_nodes = {
     [DSLITE_IN2OUT_NEXT_DROP] = "error-drop",
     [DSLITE_IN2OUT_NEXT_IP4_LOOKUP] = "ip4-lookup",
-    [DSLITE_IN2OUT_NEXT_IP6_LOOKUP] = "ip6-lookup",
+    [DSLITE_IN2OUT_NEXT_IP6_ICMP] = "ip6-icmp-input",
     [DSLITE_IN2OUT_NEXT_SLOWPATH] = "dslite-in2out-slowpath",
   },
 };
@@ -472,7 +477,7 @@ VLIB_REGISTER_NODE (dslite_in2out_slowpath_node) = {
   .next_nodes = {
     [DSLITE_IN2OUT_NEXT_DROP] = "error-drop",
     [DSLITE_IN2OUT_NEXT_IP4_LOOKUP] = "ip4-lookup",
-    [DSLITE_IN2OUT_NEXT_IP6_LOOKUP] = "ip6-lookup",
+    [DSLITE_IN2OUT_NEXT_IP6_ICMP] = "ip6-lookup",
     [DSLITE_IN2OUT_NEXT_SLOWPATH] = "dslite-in2out-slowpath",
   },
 };
diff --git a/test/test_nat.py b/test/test_nat.py
index 0448faee0ec..e7723b1df0e 100644
--- a/test/test_nat.py
+++ b/test/test_nat.py
@@ -4678,6 +4678,20 @@ class TestDSlite(MethodHolder):
         self.check_ip_checksum(capture)
         self.check_icmp_checksum(capture)
 
+        # ping DS-Lite AFTR tunnel endpoint address
+        p = (Ether(dst=self.pg1.local_mac, src=self.pg1.remote_mac) /
+             IPv6(src=self.pg1.remote_hosts[1].ip6, dst=aftr_ip6) /
+             ICMPv6EchoRequest())
+        self.pg1.add_stream(p)
+        self.pg_enable_capture(self.pg_interfaces)
+        self.pg_start()
+        capture = self.pg1.get_capture(1)
+        self.assertEqual(1, len(capture))
+        capture = capture[0]
+        self.assertEqual(capture[IPv6].src, aftr_ip6)
+        self.assertEqual(capture[IPv6].dst, self.pg1.remote_hosts[1].ip6)
+        self.assertTrue(capture.haslayer(ICMPv6EchoReply))
+
     def tearDown(self):
         super(TestDSlite, self).tearDown()
         if not self.vpp_dead:
-- 
cgit 1.2.3-korg