When NAT44 forwarding is disabled, if a DHCP server-to-
client packet arrives on an outside interface, it is
handled correctly by setting the next node to the next
feature on the ip4-unicast feature arc, where it can be
processed.
When NAT44 forwarding is enabled, if a DHCP server-to-
client packet arrives, it is not handled any differently
than other packets and ends up going to ip4-lookup
which results in the packet being dropped.
Move the check for DHCP server-to-client packets outside
of the block that is executed if forwarding is disabled so
DHCP replies will be processed in either case.
Change-Id: Ia795cce3fd459f3252c2c17d53bb88ceaeaafca4
Signed-off-by: Matthew Smith <mgsmith@netgate.com>
destination address and port in packet */
if (snat_static_mapping_match(sm, key0, &sm0, 1, 0, 0, 0))
{
destination address and port in packet */
if (snat_static_mapping_match(sm, key0, &sm0, 1, 0, 0, 0))
{
+ /*
+ * Send DHCP packets to the ipv4 stack, or we won't
+ * be able to use dhcp client on the outside interface
+ */
+ if (PREDICT_FALSE (proto0 == SNAT_PROTOCOL_UDP
+ && (udp0->dst_port ==
+ clib_host_to_net_u16(UDP_DST_PORT_dhcp_to_client))))
+ {
+ vnet_feature_next
+ (vnet_buffer (b0)->sw_if_index[VLIB_RX], &next0, b0);
+ goto trace0;
+ }
+
if (!sm->forwarding_enabled)
{
b0->error = node->errors[SNAT_OUT2IN_ERROR_NO_TRANSLATION];
if (!sm->forwarding_enabled)
{
b0->error = node->errors[SNAT_OUT2IN_ERROR_NO_TRANSLATION];
- /*
- * Send DHCP packets to the ipv4 stack, or we won't
- * be able to use dhcp client on the outside interface
- */
- if (PREDICT_TRUE (proto0 != SNAT_PROTOCOL_UDP
- || (udp0->dst_port
- != clib_host_to_net_u16(UDP_DST_PORT_dhcp_to_client))))
- next0 = SNAT_OUT2IN_NEXT_DROP;
- else
- vnet_feature_next
- (vnet_buffer (b0)->sw_if_index[VLIB_RX],
- &next0, b0);
+ next0 = SNAT_OUT2IN_NEXT_DROP;
destination address and port in packet */
if (snat_static_mapping_match(sm, key1, &sm1, 1, 0, 0, 0))
{
destination address and port in packet */
if (snat_static_mapping_match(sm, key1, &sm1, 1, 0, 0, 0))
{
+ /*
+ * Send DHCP packets to the ipv4 stack, or we won't
+ * be able to use dhcp client on the outside interface
+ */
+ if (PREDICT_FALSE (proto1 == SNAT_PROTOCOL_UDP
+ && (udp1->dst_port ==
+ clib_host_to_net_u16(UDP_DST_PORT_dhcp_to_client))))
+ {
+ vnet_feature_next
+ (vnet_buffer (b1)->sw_if_index[VLIB_RX], &next1, b1);
+ goto trace1;
+ }
+
if (!sm->forwarding_enabled)
{
b1->error = node->errors[SNAT_OUT2IN_ERROR_NO_TRANSLATION];
if (!sm->forwarding_enabled)
{
b1->error = node->errors[SNAT_OUT2IN_ERROR_NO_TRANSLATION];
- /*
- * Send DHCP packets to the ipv4 stack, or we won't
- * be able to use dhcp client on the outside interface
- */
- if (PREDICT_TRUE (proto1 != SNAT_PROTOCOL_UDP
- || (udp1->dst_port
- != clib_host_to_net_u16(UDP_DST_PORT_dhcp_to_client))))
- next1 = SNAT_OUT2IN_NEXT_DROP;
- else
- vnet_feature_next
- (vnet_buffer (b1)->sw_if_index[VLIB_RX],
- &next1, b1);
+ next1 = SNAT_OUT2IN_NEXT_DROP;
destination address and port in packet */
if (snat_static_mapping_match(sm, key0, &sm0, 1, 0, 0, 0))
{
destination address and port in packet */
if (snat_static_mapping_match(sm, key0, &sm0, 1, 0, 0, 0))
{
+ /*
+ * Send DHCP packets to the ipv4 stack, or we won't
+ * be able to use dhcp client on the outside interface
+ */
+ if (PREDICT_FALSE (proto0 == SNAT_PROTOCOL_UDP
+ && (udp0->dst_port ==
+ clib_host_to_net_u16(UDP_DST_PORT_dhcp_to_client))))
+ {
+ vnet_feature_next
+ (vnet_buffer (b0)->sw_if_index[VLIB_RX], &next0, b0);
+ goto trace00;
+ }
+
if (!sm->forwarding_enabled)
{
b0->error = node->errors[SNAT_OUT2IN_ERROR_NO_TRANSLATION];
if (!sm->forwarding_enabled)
{
b0->error = node->errors[SNAT_OUT2IN_ERROR_NO_TRANSLATION];
- /*
- * Send DHCP packets to the ipv4 stack, or we won't
- * be able to use dhcp client on the outside interface
- */
- if (PREDICT_TRUE (proto0 != SNAT_PROTOCOL_UDP
- || (udp0->dst_port
- != clib_host_to_net_u16(UDP_DST_PORT_dhcp_to_client))))
- next0 = SNAT_OUT2IN_NEXT_DROP;
- else
- vnet_feature_next
- (vnet_buffer (b0)->sw_if_index[VLIB_RX],
- &next0, b0);
+ next0 = SNAT_OUT2IN_NEXT_DROP;
destination address and port in packet */
if (snat_static_mapping_match(sm, key0, &sm0, 1, 0, 0, 0))
{
destination address and port in packet */
if (snat_static_mapping_match(sm, key0, &sm0, 1, 0, 0, 0))
{
+ /*
+ * Send DHCP packets to the ipv4 stack, or we won't
+ * be able to use dhcp client on the outside interface
+ */
+ if (PREDICT_FALSE (proto0 == SNAT_PROTOCOL_UDP
+ && (udp0->dst_port
+ == clib_host_to_net_u16(UDP_DST_PORT_dhcp_to_client))))
+ {
+ vnet_feature_next
+ (vnet_buffer (b0)->sw_if_index[VLIB_RX],
+ &next0, b0);
+ goto trace0;
+ }
+
if (!sm->forwarding_enabled)
{
b0->error = node->errors[SNAT_OUT2IN_ERROR_NO_TRANSLATION];
if (!sm->forwarding_enabled)
{
b0->error = node->errors[SNAT_OUT2IN_ERROR_NO_TRANSLATION];
- /*
- * Send DHCP packets to the ipv4 stack, or we won't
- * be able to use dhcp client on the outside interface
- */
- if (PREDICT_TRUE (proto0 != SNAT_PROTOCOL_UDP
- || (udp0->dst_port
- != clib_host_to_net_u16(UDP_DST_PORT_dhcp_to_client))))
- next0 = SNAT_OUT2IN_NEXT_DROP;
- else
- vnet_feature_next
- (vnet_buffer (b0)->sw_if_index[VLIB_RX],
- &next0, b0);
+ next0 = SNAT_OUT2IN_NEXT_DROP;