nat: Fix ICMP bypass session creation

After get_icmp_o2i_ed_key() bihash key may include
IP protocol and addresses from inner ICMP packet.

It is OK for session lookup, but we should not create
a session on ICMP error message receiving.

Type: fix

Signed-off-by: Vladimir Isaev <visaev@netgate.com>
Change-Id: Ic93272ebe90d2288a975265439f9e079eb28936a

src/plugins/nat/out2in_ed.c

@@ -452,6 +452,12 @@ create_bypass_for_fwd (snat_main_t * sm, vlib_buffer_t * b, ip4_header_t * ip,
 	pool_elt_at_index (tsm->sessions,
 			   ed_value_get_session_index (&value));
     }
+  else if (ip->protocol == IP_PROTOCOL_ICMP &&
+	   icmp_type_is_error_message
+	   (vnet_buffer (b)->ip.reass.icmp_type_or_tcp_flags))
+    {
+      return;
+    }
   else
     {
       u32 proto;