nat: fix unknown proto translation out2in_ed

An unknown proto packet can be processed as UDP with destination port
rewriting which breaks the original packet.

With this commit, stop processing unknown proto packets after
nat44_ed_out2in_unknown_proto() execution.

Type: fix

Change-Id: Iea93faf3c282f542d5ee7120c15e1027c1e4abc9
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>

diff --git a/src/plugins/nat/out2in_ed.c b/src/plugins/nat/out2in_ed.c
index 6943614..adf0ec4 100644 (file)
--- a/src/plugins/nat/out2in_ed.c
+++ b/src/plugins/nat/out2in_ed.c
@@ -1026,13 +1026,13 @@ nat44_ed_out2in_slow_path_node_fn_inline (vlib_main_t * vm,
              s0 =
                nat44_ed_out2in_unknown_proto (sm, b0, ip0, rx_fib_index0,
                                               thread_index, now, vm, node);
-             other_packets++;
              if (!sm->forwarding_enabled)
                {
                  if (!s0)
                    next0 = NAT_NEXT_DROP;
-                 goto trace0;
                }
+             other_packets++;
+             goto trace0;
            }
 
          if (PREDICT_FALSE (proto0 == SNAT_PROTOCOL_ICMP))