gerrit.fd Code Review - vpp.git/commit

author	Dave Barach <dave@barachs.net>
	Sat, 26 May 2018 14:48:55 +0000 (10:48 -0400)
committer	Ole Trøan <otroan@employees.org>
	Sun, 27 May 2018 04:39:56 +0000 (04:39 +0000)
commit	525c9d0f8645ef9901316f042c195adc970b4546
tree	88486d59b7c9ec37bae5e8434dbd7508a1e3c92e	tree \| snapshot
parent	fc23f12c252a9843aeeb8dae7bf60264908f084d	commit \| diff

VPP-1294: add missing feature arc constraint

the ip4-dhcp-client-detect feature MUST run prior to nat44-out2in, or
inbound dhcp broadcast packets will be dropped. Certain dhcp servers
answer lease renewal dhcp-request packets with broadcast dhcp-acks, leading
to unrecoverable lease loss.

In detail, this constraint:

VNET_FEATURE_INIT (ip4_snat_out2in, static) = {
  .arc_name = "ip4-unicast",
  .node_name = "nat44-out2in",
  .runs_after = VNET_FEATURES ("acl-plugin-in-ip4-fa"),
};

doesn't get the job done:

ip4-unicast:
  [17] nat44-out2in
  [23] ip4-dhcp-client-detect
  [26] ip4-not-enabled

Add a proper constraint:

VNET_FEATURE_INIT (ip4_snat_out2in, static) = {
  .arc_name = "ip4-unicast",
  .node_name = "nat44-out2in",
  .runs_after = VNET_FEATURES ("acl-plugin-in-ip4-fa",
                               "ip4-dhcp-client-detect"),
};

and the interface feature order is OK, at least in this regard:

ip4-unicast:
  [17] ip4-dhcp-client-detect
  [18] nat44-out2in
  [26] ip4-not-enabled

We need to carefully audit (especially) the ip4-unicast feature arc,
which has [gasp] 37 features on it!

Change-Id: I5e749ead7ab2a25d80839a331de6261e112977ad
Signed-off-by: Dave Barach <dave@barachs.net>

src/plugins/nat/nat.c		diff \| blob \| history
src/vnet/dhcp/client.c		diff \| blob \| history
src/vnet/dhcp/client.h		diff \| blob \| history
src/vnet/feature/feature.c		diff \| blob \| history
src/vnet/feature/feature.h		diff \| blob \| history
src/vnet/interface_cli.c		diff \| blob \| history