diff options
| author |   Vladimir Ratnikov <vratnikov@netgate.com> | 2019-09-27 03:26:49 -0400 |
|---|---|---|
| committer |   Ole Trøan <otroan@employees.org> | 2019-10-03 09:51:52 +0000 |
| commit | d6d50cebde647f9a5ee7251a7fef977506f315d7 (patch) | |
| tree | 294498e724d372ffce046edc67c4fd813f48adac | |
| parent | cfca8451f461f65532c75a498bf1bf1056c3af2a (diff) | |
map: fix DF[Don't fragment] ip4-map-t behaviour
This patch allows ip4-map-t plugin to drop
packets if DF flag is set and packet size
is bigger than MTU
Type: fix
Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com>
Change-Id: I0c1531a1f876d9efc8e7e2bff9804f298becdb68
| -rw-r--r-- | src/plugins/map/ip4_map_t.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/src/plugins/map/ip4_map_t.c b/src/plugins/map/ip4_map_t.c index 2ab1af95922..621fb0615dc 100644 --- a/src/plugins/map/ip4_map_t.c +++ b/src/plugins/map/ip4_map_t.c @@ -600,6 +600,17 @@ ip4_map_t (vlib_main_t * vm, vlib_node_runtime_t * node, vlib_frame_t * frame) pheader0->daddr.as_u64[1] = map_get_sfx_net (d0, ip40->dst_address.as_u32, (u16) dst_port0); + bool df0 = + ip40->flags_and_fragment_offset & + clib_host_to_net_u16 (IP4_HEADER_FLAG_DONT_FRAGMENT); + + if (PREDICT_TRUE (ip4_is_first_fragment (ip40) && df0)) + { + p0->error = error_node->errors[MAP_ERROR_FRAGMENT_DROPPED]; + next0 = IP4_MAPT_NEXT_MAPT_FRAGMENTED; + goto exit; + } + if (PREDICT_TRUE (error0 == MAP_ERROR_NONE && next0 != IP4_MAPT_NEXT_MAPT_ICMP)) { |