From 79699b00c155f9f5b776451a55e151befa3ba33b Mon Sep 17 00:00:00 2001
From: Klement Sekera <ksekera@cisco.com>
Date: Mon, 21 Jun 2021 16:04:40 +0200
Subject: nat: don't drop packet with ttl=1 if output feature

TTL was already decremented in ip4-rewrite so it's okay if it's 1.

Type: fix
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Change-Id: I587dc343737c15247eb62837a06d5e44c0d11acc
---
 test/test_nat44_ed.py | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

(limited to 'test')

diff --git a/test/test_nat44_ed.py b/test/test_nat44_ed.py
index 8fba019e7d8..9eea7c820ae 100644
--- a/test/test_nat44_ed.py
+++ b/test/test_nat44_ed.py
@@ -1189,6 +1189,32 @@ class TestNAT44ED(NAT44EDTestCase):
         capture = self.pg0.get_capture(len(pkts))
         self.verify_capture_in(capture, self.pg0)
 
+        # in2out
+        pkts = self.create_stream_in(self.pg0, self.pg1, ttl=2)
+        self.pg0.add_stream(pkts)
+        self.pg_enable_capture(self.pg_interfaces)
+        self.pg_start()
+        capture = self.pg1.get_capture(len(pkts))
+        self.verify_capture_out(capture, ignore_port=True)
+
+        # out2in
+        pkts = self.create_stream_out(self.pg1, ttl=2)
+        self.pg1.add_stream(pkts)
+        self.pg_enable_capture(self.pg_interfaces)
+        self.pg_start()
+        capture = self.pg0.get_capture(len(pkts))
+        self.verify_capture_in(capture, self.pg0)
+
+        # in2out
+        pkts = self.create_stream_in(self.pg0, self.pg1, ttl=1)
+        self.pg0.add_stream(pkts)
+        self.pg_enable_capture(self.pg_interfaces)
+        self.pg_start()
+        capture = self.pg0.get_capture(len(pkts))
+        for p in capture:
+            self.assertIn(ICMP, p)
+            self.assertEqual(p[ICMP].type, 11)  # 11 == time-exceeded
+
     def test_static_with_port_out2(self):
         """ NAT44ED 1:1 NAPT asymmetrical rule """
 
-- 
cgit 1.2.3-korg