From e506fbc9fef063e437425f5c7f2d9b1e26d90766 Mon Sep 17 00:00:00 2001
From: Klement Sekera <ksekera@cisco.com>
Date: Tue, 22 Jun 2021 15:56:36 +0200
Subject: nat: ICMP handling fixes

If ICMP comes from a router on path, source address must not be
rewritten in o2i path to avoid getting wrong checksum.

Fix ICMP checksum computations.

Type: fix
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I035debccf966d7dbd63c364cb1e43380d641f708
---
 src/plugins/nat/nat44-ed/nat44_ed_in2out.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'src/plugins/nat/nat44-ed/nat44_ed_in2out.c')

diff --git a/src/plugins/nat/nat44-ed/nat44_ed_in2out.c b/src/plugins/nat/nat44-ed/nat44_ed_in2out.c
index 426b6eeba5c..f7257db789f 100644
--- a/src/plugins/nat/nat44-ed/nat44_ed_in2out.c
+++ b/src/plugins/nat/nat44-ed/nat44_ed_in2out.c
@@ -1183,7 +1183,7 @@ nat44_ed_in2out_fast_path_node_fn_inline (vlib_main_t *vm,
 	}
 
       if (NAT_ED_TRNSL_ERR_SUCCESS !=
-	  (translation_error = nat_6t_flow_buf_translate (
+	  (translation_error = nat_6t_flow_buf_translate_i2o (
 	     sm, b0, ip0, f, proto0, is_output_feature)))
 	{
 	  nat_free_session_data (sm, s0, thread_index, 0);
@@ -1331,7 +1331,7 @@ nat44_ed_in2out_slow_path_node_fn_inline (vlib_main_t *vm,
 
 	  if (NAT_NEXT_DROP != next[0] && s0 &&
 	      NAT_ED_TRNSL_ERR_SUCCESS !=
-		(translation_error = nat_6t_flow_buf_translate (
+		(translation_error = nat_6t_flow_buf_translate_i2o (
 		   sm, b0, ip0, &s0->i2o, proto0, is_output_feature)))
 	    {
 	      goto trace0;
@@ -1349,7 +1349,7 @@ nat44_ed_in2out_slow_path_node_fn_inline (vlib_main_t *vm,
 	    now, thread_index, proto0, &s0, is_multi_worker);
 	  if (NAT_NEXT_DROP != next[0] && s0 &&
 	      NAT_ED_TRNSL_ERR_SUCCESS !=
-		(translation_error = nat_6t_flow_buf_translate (
+		(translation_error = nat_6t_flow_buf_translate_i2o (
 		   sm, b0, ip0, &s0->i2o, proto0, is_output_feature)))
 	    {
 	      goto trace0;
@@ -1426,7 +1426,7 @@ nat44_ed_in2out_slow_path_node_fn_inline (vlib_main_t *vm,
       b0->flags |= VNET_BUFFER_F_IS_NATED;
 
       if (NAT_ED_TRNSL_ERR_SUCCESS !=
-	  (translation_error = nat_6t_flow_buf_translate (
+	  (translation_error = nat_6t_flow_buf_translate_i2o (
 	     sm, b0, ip0, &s0->i2o, proto0, is_output_feature)))
 	{
 	  nat_free_session_data (sm, s0, thread_index, 0);
-- 
cgit 1.2.3-korg