NAT44 - unknown protocols work with forwarding

mgsmith1000 · Damjan Marion · commit 03f942a1cc4d · 2018-03-05T08:03:43.000Z
If forwarding is enabled, inbound packets on an outside
interface should not be dropped and instead pass on to
the FIB lookup. This works for TCP and UDP but not other
IP protocols. Enable it for unknown protocols.

Change-Id: I1da84b5633a36b3e5e64079754db2fcc50f29819
Signed-off-by: Matthew Smith &lt;mgsmith@netgate.com&gt;
diff --git a/src/plugins/nat/out2in.c b/src/plugins/nat/out2in.c
@@ -1103,8 +1103,9 @@ snat_out2in_node_fn (vlib_main_t * vm,
             {
               s0 = snat_out2in_unknown_proto(sm, b0, ip0, rx_fib_index0,
                                              thread_index, now, vm, node);
-              if (!s0)
-                next0 = SNAT_OUT2IN_NEXT_DROP;
+	      if (!sm->forwarding_enabled)
+		if (!s0)
+		  next0 = SNAT_OUT2IN_NEXT_DROP;
               goto trace0;
             }
 
@@ -1273,8 +1274,9 @@ snat_out2in_node_fn (vlib_main_t * vm,
             {
               s1 = snat_out2in_unknown_proto(sm, b1, ip1, rx_fib_index1,
                                              thread_index, now, vm, node);
-              if (!s1)
-                next1 = SNAT_OUT2IN_NEXT_DROP;
+	      if (!sm->forwarding_enabled)
+		if (!s1)
+		  next1 = SNAT_OUT2IN_NEXT_DROP;
               goto trace1;
             }
 
@@ -1469,8 +1471,9 @@ snat_out2in_node_fn (vlib_main_t * vm,
             {
               s0 = snat_out2in_unknown_proto(sm, b0, ip0, rx_fib_index0,
                                              thread_index, now, vm, node);
-              if (!s0)
-                next0 = SNAT_OUT2IN_NEXT_DROP;
+	      if (!sm->forwarding_enabled)
+		if (!s0)
+		  next0 = SNAT_OUT2IN_NEXT_DROP;
               goto trace00;
             }
 

Original file line number	Diff line number	Diff line change
`@@ -1103,8 +1103,9 @@ snat_out2in_node_fn (vlib_main_t * vm,`
`1103`	`1103`	`{`
`1104`	`1104`	`s0 = snat_out2in_unknown_proto(sm, b0, ip0, rx_fib_index0,`
`1105`	`1105`	`thread_index, now, vm, node);`
`1106`		`- if (!s0)`
`1107`		`- next0 = SNAT_OUT2IN_NEXT_DROP;`
	`1106`	`+ if (!sm->forwarding_enabled)`
	`1107`	`+ if (!s0)`
	`1108`	`+ next0 = SNAT_OUT2IN_NEXT_DROP;`
`1108`	`1109`	`goto trace0;`
`1109`	`1110`	`}`
`1110`	`1111`
`@@ -1273,8 +1274,9 @@ snat_out2in_node_fn (vlib_main_t * vm,`
`1273`	`1274`	`{`
`1274`	`1275`	`s1 = snat_out2in_unknown_proto(sm, b1, ip1, rx_fib_index1,`
`1275`	`1276`	`thread_index, now, vm, node);`
`1276`		`- if (!s1)`
`1277`		`- next1 = SNAT_OUT2IN_NEXT_DROP;`
	`1277`	`+ if (!sm->forwarding_enabled)`
	`1278`	`+ if (!s1)`
	`1279`	`+ next1 = SNAT_OUT2IN_NEXT_DROP;`
`1278`	`1280`	`goto trace1;`
`1279`	`1281`	`}`
`1280`	`1282`
`@@ -1469,8 +1471,9 @@ snat_out2in_node_fn (vlib_main_t * vm,`
`1469`	`1471`	`{`
`1470`	`1472`	`s0 = snat_out2in_unknown_proto(sm, b0, ip0, rx_fib_index0,`
`1471`	`1473`	`thread_index, now, vm, node);`
`1472`		`- if (!s0)`
`1473`		`- next0 = SNAT_OUT2IN_NEXT_DROP;`
	`1474`	`+ if (!sm->forwarding_enabled)`
	`1475`	`+ if (!s0)`
	`1476`	`+ next0 = SNAT_OUT2IN_NEXT_DROP;`
`1474`	`1477`	`goto trace00;`
`1475`	`1478`	`}`
`1476`	`1479`