From d3b8c861a44e70c197ab721fa3ce7f38bbeab7fd Mon Sep 17 00:00:00 2001 From: Alexander Chernavin Date: Fri, 22 Nov 2019 10:10:45 -0500 Subject: [PATCH] nat: fix dhcp client on outside interface with output feature When a DHCP client is configured on a NAT outside interface with output feature enabled, DHCP packets will reach the NAT in2out-output node and will be dropped with "out of ports" reason. With this commit, allow locally originated DHCP packets to be sent from a NAT outside interface with output feature enabled. Type: fix Change-Id: I47d76b22587f2bf0c7b0b9dfda41c89f8f61d0b4 Signed-off-by: Alexander Chernavin --- src/plugins/dhcp/client.c | 1 + src/plugins/nat/in2out.c | 37 ++++++++++++++++++++++++++++++++++ src/plugins/nat/in2out_ed.c | 49 +++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 87 insertions(+) diff --git a/src/plugins/dhcp/client.c b/src/plugins/dhcp/client.c index 105c744a147..f6205b6b0a0 100644 --- a/src/plugins/dhcp/client.c +++ b/src/plugins/dhcp/client.c @@ -516,6 +516,7 @@ send_dhcp_pkt (dhcp_client_main_t * dcm, dhcp_client_t * c, ASSERT (b->current_data == 0); vnet_buffer (b)->sw_if_index[VLIB_RX] = c->sw_if_index; + b->flags |= VNET_BUFFER_F_LOCALLY_ORIGINATED; if (ADJ_INDEX_INVALID == c->ai_ucast) is_broadcast = 1; diff --git a/src/plugins/nat/in2out.c b/src/plugins/nat/in2out.c index 5cfe058c099..f3878dbbe30 100755 --- a/src/plugins/nat/in2out.c +++ b/src/plugins/nat/in2out.c @@ -24,6 +24,7 @@ #include #include #include +#include #include #include #include @@ -1032,6 +1033,18 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, thread_index, sw_if_index0))) goto trace00; + + /* + * Send DHCP packets to the ipv4 stack, or we won't + * be able to use dhcp client on the outside interface + */ + if (PREDICT_FALSE + ((b0->flags & VNET_BUFFER_F_LOCALLY_ORIGINATED) + && proto0 == SNAT_PROTOCOL_UDP + && (udp0->dst_port == + clib_host_to_net_u16 + (UDP_DST_PORT_dhcp_to_server)))) + goto trace00; } else { @@ -1228,6 +1241,18 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, thread_index, sw_if_index1))) goto trace01; + + /* + * Send DHCP packets to the ipv4 stack, or we won't + * be able to use dhcp client on the outside interface + */ + if (PREDICT_FALSE + ((b1->flags & VNET_BUFFER_F_LOCALLY_ORIGINATED) + && proto1 == SNAT_PROTOCOL_UDP + && (udp1->dst_port == + clib_host_to_net_u16 + (UDP_DST_PORT_dhcp_to_server)))) + goto trace01; } else { @@ -1458,6 +1483,18 @@ snat_in2out_node_fn_inline (vlib_main_t * vm, thread_index, sw_if_index0))) goto trace0; + + /* + * Send DHCP packets to the ipv4 stack, or we won't + * be able to use dhcp client on the outside interface + */ + if (PREDICT_FALSE + ((b0->flags & VNET_BUFFER_F_LOCALLY_ORIGINATED) + && proto0 == SNAT_PROTOCOL_UDP + && (udp0->dst_port == + clib_host_to_net_u16 + (UDP_DST_PORT_dhcp_to_server)))) + goto trace0; } else { diff --git a/src/plugins/nat/in2out_ed.c b/src/plugins/nat/in2out_ed.c index 733e4f0c0e5..2d2be5c3812 100644 --- a/src/plugins/nat/in2out_ed.c +++ b/src/plugins/nat/in2out_ed.c @@ -23,6 +23,7 @@ #include #include #include +#include #include #include #include @@ -1005,6 +1006,18 @@ nat44_ed_in2out_node_fn_inline (vlib_main_t * vm, udp0->dst_port, thread_index, sw_if_index0, vnet_buffer (b0)->sw_if_index[VLIB_TX]))) goto trace00; + + /* + * Send DHCP packets to the ipv4 stack, or we won't + * be able to use dhcp client on the outside interface + */ + if (PREDICT_FALSE + ((b0->flags & VNET_BUFFER_F_LOCALLY_ORIGINATED) + && proto0 == SNAT_PROTOCOL_UDP + && (udp0->dst_port == + clib_host_to_net_u16 + (UDP_DST_PORT_dhcp_to_server)))) + goto trace00; } else { @@ -1228,6 +1241,18 @@ nat44_ed_in2out_node_fn_inline (vlib_main_t * vm, udp1->dst_port, thread_index, sw_if_index1, vnet_buffer (b1)->sw_if_index[VLIB_TX]))) goto trace01; + + /* + * Send DHCP packets to the ipv4 stack, or we won't + * be able to use dhcp client on the outside interface + */ + if (PREDICT_FALSE + ((b1->flags & VNET_BUFFER_F_LOCALLY_ORIGINATED) + && proto1 == SNAT_PROTOCOL_UDP + && (udp1->dst_port == + clib_host_to_net_u16 + (UDP_DST_PORT_dhcp_to_server)))) + goto trace01; } else { @@ -1495,6 +1520,18 @@ nat44_ed_in2out_node_fn_inline (vlib_main_t * vm, udp0->dst_port, thread_index, sw_if_index0, vnet_buffer (b0)->sw_if_index[VLIB_TX]))) goto trace0; + + /* + * Send DHCP packets to the ipv4 stack, or we won't + * be able to use dhcp client on the outside interface + */ + if (PREDICT_FALSE + ((b0->flags & VNET_BUFFER_F_LOCALLY_ORIGINATED) + && proto0 == SNAT_PROTOCOL_UDP + && (udp0->dst_port == + clib_host_to_net_u16 + (UDP_DST_PORT_dhcp_to_server)))) + goto trace0; } else { @@ -1796,6 +1833,18 @@ nat44_ed_in2out_reass_node_fn_inline (vlib_main_t * vm, &fragments_to_loopback); goto trace0; } + + /* + * Send DHCP packets to the ipv4 stack, or we won't + * be able to use dhcp client on the outside interface + */ + if (PREDICT_FALSE + ((b0->flags & VNET_BUFFER_F_LOCALLY_ORIGINATED) + && proto0 == SNAT_PROTOCOL_UDP + && (udp0->dst_port == + clib_host_to_net_u16 + (UDP_DST_PORT_dhcp_to_server)))) + goto trace0; } else { -- 2.16.6