From f5641398aebec2a73ac387a6327e54b43c26d158 Mon Sep 17 00:00:00 2001 From: Dmitry Vakhrushev Date: Wed, 16 Jan 2019 09:44:03 -0500 Subject: [PATCH] NAT: Fixed issues with dropping reverse packets with output-feature. Fixed NAT issues with dropping reverse packets in case NAT worked in 'endpoint-dependent' mode and outside interface has FIB different from 0 when the output-feature is set. In this case, the out2in_ed dynamic hash key was not being created correctly. Change-Id: I6362967f4b09a375a4606eedaa8e264795b25453 Signed-off-by: Dmitry Vakhrushev --- src/plugins/nat/nat.c | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/src/plugins/nat/nat.c b/src/plugins/nat/nat.c index 0cfcbf16ceb..4f5a8a68dd2 100755 --- a/src/plugins/nat/nat.c +++ b/src/plugins/nat/nat.c @@ -1968,6 +1968,10 @@ snat_interface_add_del_output_feature (u32 sw_if_index, snat_interface_t *i; snat_address_t *ap; snat_static_mapping_t *m; + nat_outside_fib_t *outside_fib; + u32 fib_index = fib_table_get_index_for_sw_if_index (FIB_PROTOCOL_IP4, + sw_if_index); + if (sm->deterministic || (sm->static_mapping_only && !(sm->static_mapping_connection_tracking))) @@ -1981,6 +1985,34 @@ snat_interface_add_del_output_feature (u32 sw_if_index, })); /* *INDENT-ON* */ + if (!is_inside) + { + /* *INDENT-OFF* */ + vec_foreach (outside_fib, sm->outside_fibs) + { + if (outside_fib->fib_index == fib_index) + { + if (is_del) + { + outside_fib->refcount--; + if (!outside_fib->refcount) + vec_del1 (sm->outside_fibs, outside_fib - sm->outside_fibs); + } + else + outside_fib->refcount++; + goto feature_set; + } + } + /* *INDENT-ON* */ + if (!is_del) + { + vec_add2 (sm->outside_fibs, outside_fib, 1); + outside_fib->refcount = 1; + outside_fib->fib_index = fib_index; + } + } + +feature_set: if (is_inside) { if (sm->endpoint_dependent) -- 2.16.6