From 525c9d0f8645ef9901316f042c195adc970b4546 Mon Sep 17 00:00:00 2001 From: Dave Barach Date: Sat, 26 May 2018 10:48:55 -0400 Subject: VPP-1294: add missing feature arc constraint the ip4-dhcp-client-detect feature MUST run prior to nat44-out2in, or inbound dhcp broadcast packets will be dropped. Certain dhcp servers answer lease renewal dhcp-request packets with broadcast dhcp-acks, leading to unrecoverable lease loss. In detail, this constraint: VNET_FEATURE_INIT (ip4_snat_out2in, static) = { .arc_name = "ip4-unicast", .node_name = "nat44-out2in", .runs_after = VNET_FEATURES ("acl-plugin-in-ip4-fa"), }; doesn't get the job done: ip4-unicast: [17] nat44-out2in [23] ip4-dhcp-client-detect [26] ip4-not-enabled Add a proper constraint: VNET_FEATURE_INIT (ip4_snat_out2in, static) = { .arc_name = "ip4-unicast", .node_name = "nat44-out2in", .runs_after = VNET_FEATURES ("acl-plugin-in-ip4-fa", "ip4-dhcp-client-detect"), }; and the interface feature order is OK, at least in this regard: ip4-unicast: [17] ip4-dhcp-client-detect [18] nat44-out2in [26] ip4-not-enabled We need to carefully audit (especially) the ip4-unicast feature arc, which has [gasp] 37 features on it! Change-Id: I5e749ead7ab2a25d80839a331de6261e112977ad Signed-off-by: Dave Barach --- src/vnet/feature/feature.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'src/vnet/feature/feature.h') diff --git a/src/vnet/feature/feature.h b/src/vnet/feature/feature.h index ce9e2ca3570..81224ebf0e2 100644 --- a/src/vnet/feature/feature.h +++ b/src/vnet/feature/feature.h @@ -397,7 +397,8 @@ clib_error_t *vnet_feature_arc_init (vlib_main_t * vm, vnet_feature_registration_t * first_reg, char ***feature_nodes); -void vnet_interface_features_show (vlib_main_t * vm, u32 sw_if_index); +void vnet_interface_features_show (vlib_main_t * vm, u32 sw_if_index, + int verbose); #endif /* included_feature_h */ -- cgit 1.2.3-korg