nat: fix dhcp client on outside interface with output feature

There was an attempt to fix this problem in the commit:
d3b8c861a44e70c197ab721fa3ce7f38bbeab7fd

But checking the LOCALLY_ORIGINATED flag didn't work because this flag
gets reset before it can reach the NAT nodes.

With this commit, replace the check for the LOCALLY_ORIGINATED flag
with a check to see if the packet is a DHCP broadcast.

Type: fix

Change-Id: I069c08a785b5988b10192f528e4f9c4c7cc2f8a3
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>

diff --git a/src/plugins/nat/in2out.c b/src/plugins/nat/in2out.c
index 8d6f124..7b71252 100755 (executable)
--- a/src/plugins/nat/in2out.c
+++ b/src/plugins/nat/in2out.c
@@ -1043,11 +1043,11 @@ snat_in2out_node_fn_inline (vlib_main_t * vm,
                       * be able to use dhcp client on the outside interface
                       */
                      if (PREDICT_FALSE
-                         ((b0->flags & VNET_BUFFER_F_LOCALLY_ORIGINATED)
-                          && proto0 == SNAT_PROTOCOL_UDP
+                         (proto0 == SNAT_PROTOCOL_UDP
                           && (vnet_buffer (b0)->ip.reass.l4_dst_port ==
                               clib_host_to_net_u16
-                              (UDP_DST_PORT_dhcp_to_server))))
+                              (UDP_DST_PORT_dhcp_to_server))
+                          && ip0->dst_address.as_u32 == 0xffffffff))
                        goto trace00;
                    }
                  else
@@ -1251,11 +1251,11 @@ snat_in2out_node_fn_inline (vlib_main_t * vm,
                       * be able to use dhcp client on the outside interface
                       */
                      if (PREDICT_FALSE
-                         ((b1->flags & VNET_BUFFER_F_LOCALLY_ORIGINATED)
-                          && proto1 == SNAT_PROTOCOL_UDP
+                         (proto1 == SNAT_PROTOCOL_UDP
                           && (vnet_buffer (b1)->ip.reass.l4_dst_port ==
                               clib_host_to_net_u16
-                              (UDP_DST_PORT_dhcp_to_server))))
+                              (UDP_DST_PORT_dhcp_to_server))
+                          && ip1->dst_address.as_u32 == 0xffffffff))
                        goto trace01;
                    }
                  else
@@ -1492,11 +1492,11 @@ snat_in2out_node_fn_inline (vlib_main_t * vm,
                       * be able to use dhcp client on the outside interface
                       */
                      if (PREDICT_FALSE
-                         ((b0->flags & VNET_BUFFER_F_LOCALLY_ORIGINATED)
-                          && proto0 == SNAT_PROTOCOL_UDP
+                         (proto0 == SNAT_PROTOCOL_UDP
                           && (vnet_buffer (b0)->ip.reass.l4_dst_port ==
                               clib_host_to_net_u16
-                              (UDP_DST_PORT_dhcp_to_server))))
+                              (UDP_DST_PORT_dhcp_to_server))
+                          && ip0->dst_address.as_u32 == 0xffffffff))
                        goto trace0;
                    }
                  else

diff --git a/src/plugins/nat/in2out_ed.c b/src/plugins/nat/in2out_ed.c
index ebcd298..e524110 100644 (file)
--- a/src/plugins/nat/in2out_ed.c
+++ b/src/plugins/nat/in2out_ed.c
@@ -1001,11 +1001,11 @@ nat44_ed_in2out_node_fn_inline (vlib_main_t * vm,
                       * be able to use dhcp client on the outside interface
                       */
                      if (PREDICT_FALSE
-                         ((b0->flags & VNET_BUFFER_F_LOCALLY_ORIGINATED)
-                          && proto0 == SNAT_PROTOCOL_UDP
+                         (proto0 == SNAT_PROTOCOL_UDP
                           && (vnet_buffer (b0)->ip.reass.l4_dst_port ==
                               clib_host_to_net_u16
-                              (UDP_DST_PORT_dhcp_to_server))))
+                              (UDP_DST_PORT_dhcp_to_server))
+                          && ip0->dst_address.as_u32 == 0xffffffff))
                        goto trace00;
                    }
                  else
@@ -1245,11 +1245,11 @@ nat44_ed_in2out_node_fn_inline (vlib_main_t * vm,
                       * be able to use dhcp client on the outside interface
                       */
                      if (PREDICT_FALSE
-                         ((b1->flags & VNET_BUFFER_F_LOCALLY_ORIGINATED)
-                          && proto1 == SNAT_PROTOCOL_UDP
+                         (proto1 == SNAT_PROTOCOL_UDP
                           && (vnet_buffer (b1)->ip.reass.l4_dst_port ==
                               clib_host_to_net_u16
-                              (UDP_DST_PORT_dhcp_to_server))))
+                              (UDP_DST_PORT_dhcp_to_server))
+                          && ip1->dst_address.as_u32 == 0xffffffff))
                        goto trace01;
                    }
                  else
@@ -1538,11 +1538,11 @@ nat44_ed_in2out_node_fn_inline (vlib_main_t * vm,
                       * be able to use dhcp client on the outside interface
                       */
                      if (PREDICT_FALSE
-                         ((b0->flags & VNET_BUFFER_F_LOCALLY_ORIGINATED)
-                          && proto0 == SNAT_PROTOCOL_UDP
+                         (proto0 == SNAT_PROTOCOL_UDP
                           && (vnet_buffer (b0)->ip.reass.l4_dst_port ==
                               clib_host_to_net_u16
-                              (UDP_DST_PORT_dhcp_to_server))))
+                              (UDP_DST_PORT_dhcp_to_server))
+                          && ip0->dst_address.as_u32 == 0xffffffff))
                        goto trace0;
                    }
                  else