ligang/vpp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

nat: fix unknown proto translation out2in_ed

Browse Source 
An unknown proto packet can be processed as UDP with destination port
rewriting which breaks the original packet.

With this commit, stop processing unknown proto packets after
nat44_ed_out2in_unknown_proto() execution.

Type: fix

Change-Id: Iea93faf3c282f542d5ee7120c15e1027c1e4abc9
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
This commit is contained in:
Alexander Chernavin
2020-03-19 11:17:52 -04:00
committed by Matthew Smith
parent 5cee0bca5d
commit 8c18f85d32
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/plugins/nat/out2in_ed.c
View File

@ -1026,13 +1026,13 @@ nat44_ed_out2in_slow_path_node_fn_inline (vlib_main_t * vm,
s0 = s0 =
nat44_ed_out2in_unknown_proto (sm, b0, ip0, rx_fib_index0, nat44_ed_out2in_unknown_proto (sm, b0, ip0, rx_fib_index0,
thread_index, now, vm, node); thread_index, now, vm, node);
other_packets++;
if (!sm->forwarding_enabled) if (!sm->forwarding_enabled)
{ {
if (!s0) if (!s0)
next0 = NAT_NEXT_DROP; next0 = NAT_NEXT_DROP;
goto trace0;
} }
other_packets++;
goto trace0;
} }
if (PREDICT_FALSE (proto0 == SNAT_PROTOCOL_ICMP)) if (PREDICT_FALSE (proto0 == SNAT_PROTOCOL_ICMP))