From 79699b00c155f9f5b776451a55e151befa3ba33b Mon Sep 17 00:00:00 2001 From: Klement Sekera Date: Mon, 21 Jun 2021 16:04:40 +0200 Subject: nat: don't drop packet with ttl=1 if output feature TTL was already decremented in ip4-rewrite so it's okay if it's 1. Type: fix Signed-off-by: Klement Sekera Change-Id: I587dc343737c15247eb62837a06d5e44c0d11acc --- src/plugins/nat/nat44-ed/nat44_ed_in2out.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src/plugins/nat/nat44-ed') diff --git a/src/plugins/nat/nat44-ed/nat44_ed_in2out.c b/src/plugins/nat/nat44-ed/nat44_ed_in2out.c index f3f3ffa13b0..426b6eeba5c 100644 --- a/src/plugins/nat/nat44-ed/nat44_ed_in2out.c +++ b/src/plugins/nat/nat44-ed/nat44_ed_in2out.c @@ -1030,7 +1030,7 @@ nat44_ed_in2out_fast_path_node_fn_inline (vlib_main_t *vm, fib_table_get_index_for_sw_if_index (FIB_PROTOCOL_IP4, sw_if_index0); lookup.fib_index = rx_fib_index0; - if (PREDICT_FALSE (ip0->ttl == 1)) + if (PREDICT_FALSE (!is_output_feature && ip0->ttl == 1)) { vnet_buffer (b0)->sw_if_index[VLIB_TX] = (u32) ~ 0; icmp4_error_set_vnet_buffer (b0, ICMP4_time_exceeded, @@ -1308,7 +1308,7 @@ nat44_ed_in2out_slow_path_node_fn_inline (vlib_main_t *vm, rx_fib_index0 = fib_table_get_index_for_sw_if_index (FIB_PROTOCOL_IP4, sw_if_index0); - if (PREDICT_FALSE (ip0->ttl == 1)) + if (PREDICT_FALSE (!is_output_feature && ip0->ttl == 1)) { vnet_buffer (b0)->sw_if_index[VLIB_TX] = (u32) ~ 0; icmp4_error_set_vnet_buffer (b0, ICMP4_time_exceeded, -- cgit 1.2.3-korg