drop-and-count snat out2in packets with no translations

Send dhcp server-to-client packets to the ip stack, so we can acquire
snat outside interface addresses from a dhcp server

Change-Id: I7751356fa23d9f26b503c9796bd85f96275fe978
Signed-off-by: Dave Barach <dave@barachs.net>

diff --git a/src/plugins/snat/out2in.c b/src/plugins/snat/out2in.c
index 855e9ef..f08e16d 100644 (file)
--- a/src/plugins/snat/out2in.c
+++ b/src/plugins/snat/out2in.c
@@ -19,6 +19,7 @@
 #include <vnet/handoff.h>
 
 #include <vnet/ip/ip.h>
+#include <vnet/ip/udp.h>
 #include <vnet/ethernet/ethernet.h>
 #include <vnet/fib/ip4_fib.h>
 #include <snat/snat.h>
@@ -437,6 +438,14 @@ snat_out2in_node_fn (vlib_main_t * vm,
               if (snat_static_mapping_match(sm, key0, &sm0, 1))
                 {
                   b0->error = node->errors[SNAT_OUT2IN_ERROR_NO_TRANSLATION];
+                  /* 
+                   * Send DHCP packets to the ipv4 stack, or we won't
+                   * be able to use dhcp client on the outside interface
+                   */
+                  if (proto0 != SNAT_PROTOCOL_UDP 
+                      || (udp0->dst_port 
+                          != clib_host_to_net_u16(UDP_DST_PORT_dhcp_to_client)))
+                    next0 = SNAT_OUT2IN_NEXT_DROP;
                   goto trace0;
                 }
 
@@ -444,7 +453,11 @@ snat_out2in_node_fn (vlib_main_t * vm,
               s0 = create_session_for_static_mapping(sm, b0, sm0, key0, node,
                                                      cpu_index);
               if (!s0)
-                goto trace0;
+                {
+                  b0->error = node->errors[SNAT_OUT2IN_ERROR_NO_TRANSLATION];
+                  next0 = SNAT_OUT2IN_NEXT_DROP;
+                  goto trace0;
+                }
             }
           else
             s0 = pool_elt_at_index (sm->per_thread_data[cpu_index].sessions,
@@ -556,6 +569,14 @@ snat_out2in_node_fn (vlib_main_t * vm,
               if (snat_static_mapping_match(sm, key1, &sm1, 1))
                 {
                   b1->error = node->errors[SNAT_OUT2IN_ERROR_NO_TRANSLATION];
+                  /* 
+                   * Send DHCP packets to the ipv4 stack, or we won't
+                   * be able to use dhcp client on the outside interface
+                   */
+                  if (proto1 != SNAT_PROTOCOL_UDP 
+                      || (udp1->dst_port 
+                          != clib_host_to_net_u16(UDP_DST_PORT_dhcp_to_client)))
+                    next1 = SNAT_OUT2IN_NEXT_DROP;
                   goto trace1;
                 }
 
@@ -563,7 +584,11 @@ snat_out2in_node_fn (vlib_main_t * vm,
               s1 = create_session_for_static_mapping(sm, b1, sm1, key1, node,
                                                      cpu_index);
               if (!s1)
-                goto trace1;
+                {
+                  b1->error = node->errors[SNAT_OUT2IN_ERROR_NO_TRANSLATION];
+                  next1 = SNAT_OUT2IN_NEXT_DROP;
+                  goto trace1;
+                }
             }
           else
             s1 = pool_elt_at_index (sm->per_thread_data[cpu_index].sessions,
@@ -709,6 +734,15 @@ snat_out2in_node_fn (vlib_main_t * vm,
               if (snat_static_mapping_match(sm, key0, &sm0, 1))
                 {
                   b0->error = node->errors[SNAT_OUT2IN_ERROR_NO_TRANSLATION];
+                  /* 
+                   * Send DHCP packets to the ipv4 stack, or we won't
+                   * be able to use dhcp client on the outside interface
+                   */
+                  if (proto0 != SNAT_PROTOCOL_UDP 
+                      || (udp0->dst_port 
+                          != clib_host_to_net_u16(UDP_DST_PORT_dhcp_to_client)))
+
+                    next0 = SNAT_OUT2IN_NEXT_DROP;
                   goto trace00;
                 }
 
@@ -716,7 +750,11 @@ snat_out2in_node_fn (vlib_main_t * vm,
               s0 = create_session_for_static_mapping(sm, b0, sm0, key0, node,
                                                      cpu_index);
               if (!s0)
-                goto trace00;
+                {
+                  b0->error = node->errors[SNAT_OUT2IN_ERROR_NO_TRANSLATION];
+                    next0 = SNAT_OUT2IN_NEXT_DROP;
+                  goto trace00;
+                }
             }
           else
             s0 = pool_elt_at_index (sm->per_thread_data[cpu_index].sessions,