From acc665a9de9ed545cfa0c5b442287fa7ce5c7e9f Mon Sep 17 00:00:00 2001
From: Klement Sekera <ksekera@cisco.com>
Date: Thu, 1 Apr 2021 13:10:25 +0200
Subject: [PATCH] nat: fix ordering of feature nodes

Fix ordering of feature nodes so that ACL runs after NAT in in2out
direction so it can properly track stuff like ports after NAT rewrite.

Type: fix
Change-Id: I2c689b64765628e9bc77108914f74c6c801d8ce2
Signed-off-by: Klement Sekera <ksekera@cisco.com>
---
 src/plugins/nat/nat44-ed/nat44_ed.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/plugins/nat/nat44-ed/nat44_ed.c b/src/plugins/nat/nat44-ed/nat44_ed.c
index 6a0b962de6e..99029bb83b8 100644
--- a/src/plugins/nat/nat44-ed/nat44_ed.c
+++ b/src/plugins/nat/nat44-ed/nat44_ed.c
@@ -147,12 +147,14 @@ VNET_FEATURE_INIT (ip4_snat_out2in_fast, static) = {
 VNET_FEATURE_INIT (ip4_snat_in2out_output, static) = {
   .arc_name = "ip4-output",
   .node_name = "nat44-in2out-output",
-  .runs_after = VNET_FEATURES ("acl-plugin-out-ip4-fa","ip4-sv-reassembly-output-feature"),
+  .runs_after = VNET_FEATURES ("ip4-sv-reassembly-output-feature"),
+  .runs_before = VNET_FEATURES ("acl-plugin-out-ip4-fa"),
 };
 VNET_FEATURE_INIT (ip4_snat_in2out_output_worker_handoff, static) = {
   .arc_name = "ip4-output",
   .node_name = "nat44-in2out-output-worker-handoff",
-  .runs_after = VNET_FEATURES ("acl-plugin-out-ip4-fa","ip4-sv-reassembly-output-feature"),
+  .runs_after = VNET_FEATURES ("ip4-sv-reassembly-output-feature"),
+  .runs_before = VNET_FEATURES ("acl-plugin-out-ip4-fa"),
 };
 VNET_FEATURE_INIT (nat_pre_in2out_output, static) = {
   .arc_name = "ip4-output",
-- 
2.16.6