Code Review / vpp.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 78d24f3)
nat: disable nat44-ei-in2out-output ttl check 48/36248/3
authorAlexander Skorichenko <askorichenko@netgate.com>
Fri, 27 May 2022 08:23:20 +0000 (08:23 +0000)
committerMatthew Smith <mgsmith@netgate.com>
Tue, 31 May 2022 21:27:02 +0000 (21:27 +0000)
Type: fix

A packet passing through nat44-ei-in2out-output,
has its ttl value validated in earlier nodes.
"ip4-input" node checks ttl for locally generated packets.
"ip4-rewrite" node validates ttl in forwarded packets.

Thus for example, the ED counterpart disables ttl checks
in its "nat44-ed-in2out-output" node.
This patch updates nat44 EI conditions for ttl checks to
those currently used in nat44 ED case, meaning no extra ttl
validation for in2out when output-feature is enabled.

Signed-off-by: Alexander Skorichenko <askorichenko@netgate.com>
Change-Id: Idd15d7c9a746b60c0a6dac5537d00ef10c257fdc

src/plugins/nat/nat44-ei/nat44_ei_in2out.c patch | blob | history

diff --git a/src/plugins/nat/nat44-ei/nat44_ei_in2out.c b/src/plugins/nat/nat44-ei/nat44_ei_in2out.c
index 7506063..01b333a 100644 (file)
--- a/src/plugins/nat/nat44-ei/nat44_ei_in2out.c
+++ b/src/plugins/nat/nat44-ei/nat44_ei_in2out.c
@@ -1345,7 +1345,7 @@ nat44_ei_in2out_node_fn_inline (vlib_main_t *vm, vlib_node_runtime_t *node,
 
       next0 = next1 = NAT44_EI_IN2OUT_NEXT_LOOKUP;
 
-      if (PREDICT_FALSE (ip0->ttl == 1))
+      if (PREDICT_FALSE (!is_output_feature && ip0->ttl == 1))
        {
          vnet_buffer (b0)->sw_if_index[VLIB_TX] = (u32) ~ 0;
          icmp4_error_set_vnet_buffer (b0, ICMP4_time_exceeded,
@@ -1564,7 +1564,7 @@ nat44_ei_in2out_node_fn_inline (vlib_main_t *vm, vlib_node_runtime_t *node,
       rx_fib_index1 =
        vec_elt (nm->ip4_main->fib_index_by_sw_if_index, rx_sw_if_index1);
 
-      if (PREDICT_FALSE (ip1->ttl == 1))
+      if (PREDICT_FALSE (!is_output_feature && ip1->ttl == 1))
        {
          vnet_buffer (b1)->sw_if_index[VLIB_TX] = (u32) ~ 0;
          icmp4_error_set_vnet_buffer (b1, ICMP4_time_exceeded,
@@ -1811,7 +1811,7 @@ nat44_ei_in2out_node_fn_inline (vlib_main_t *vm, vlib_node_runtime_t *node,
       rx_fib_index0 =
        vec_elt (nm->ip4_main->fib_index_by_sw_if_index, rx_sw_if_index0);
 
-      if (PREDICT_FALSE (ip0->ttl == 1))
+      if (PREDICT_FALSE (!is_output_feature && ip0->ttl == 1))
        {
          vnet_buffer (b0)->sw_if_index[VLIB_TX] = (u32) ~ 0;
          icmp4_error_set_vnet_buffer (b0, ICMP4_time_exceeded,
Vector Packet Processing