summaryrefslogtreecommitdiffstats
path: root/src/plugins/nat/nat44-ed/nat44_ed_in2out.c
diff options
context:
space:
mode:
authorKlement Sekera <ksekera@cisco.com>2021-06-28 13:40:40 +0200
committerOle Tr�an <otroan@employees.org>2021-07-19 17:46:33 +0000
commit05b5a5b3b4b04823776feed6403b5a99b2e06d76 (patch)
treeb3becc951fccb20f0785acf6f4349a0a2b16a484 /src/plugins/nat/nat44-ed/nat44_ed_in2out.c
parent04572bea3499ab013d92799648c38b021767ff39 (diff)
nat: harden ICMP handling
Verify that headers are not truncated and that checksums are valid. Correct checksum computation in translation code. Type: fix Change-Id: I6acfcec4661411f83c86b15aafac90cd4538c0b5 Signed-off-by: Klement Sekera <ksekera@cisco.com>
Diffstat (limited to 'src/plugins/nat/nat44-ed/nat44_ed_in2out.c')
-rw-r--r--src/plugins/nat/nat44-ed/nat44_ed_in2out.c21
1 files changed, 16 insertions, 5 deletions
diff --git a/src/plugins/nat/nat44-ed/nat44_ed_in2out.c b/src/plugins/nat/nat44-ed/nat44_ed_in2out.c
index bfabdbd71d0..ead5685c6f7 100644
--- a/src/plugins/nat/nat44-ed/nat44_ed_in2out.c
+++ b/src/plugins/nat/nat44-ed/nat44_ed_in2out.c
@@ -1177,16 +1177,18 @@ nat44_ed_in2out_fast_path_node_fn_inline (vlib_main_t *vm,
nat_free_session_data (sm, s0, thread_index, 0);
nat_ed_session_delete (sm, s0, thread_index, 1);
next[0] = NAT_NEXT_DROP;
+ b0->error = node->errors[NAT_IN2OUT_ED_ERROR_TRNSL_FAILED];
goto trace0;
}
if (NAT_ED_TRNSL_ERR_SUCCESS !=
(translation_error = nat_6t_flow_buf_translate_i2o (
- sm, b0, ip0, f, proto0, is_output_feature)))
+ vm, sm, b0, ip0, f, proto0, is_output_feature)))
{
nat_free_session_data (sm, s0, thread_index, 0);
nat_ed_session_delete (sm, s0, thread_index, 1);
next[0] = NAT_NEXT_DROP;
+ b0->error = node->errors[NAT_IN2OUT_ED_ERROR_TRNSL_FAILED];
goto trace0;
}
@@ -1330,8 +1332,12 @@ nat44_ed_in2out_slow_path_node_fn_inline (vlib_main_t *vm,
if (NAT_NEXT_DROP != next[0] && s0 &&
NAT_ED_TRNSL_ERR_SUCCESS !=
(translation_error = nat_6t_flow_buf_translate_i2o (
- sm, b0, ip0, &s0->i2o, proto0, is_output_feature)))
+ vm, sm, b0, ip0, &s0->i2o, proto0, is_output_feature)))
{
+ nat_free_session_data (sm, s0, thread_index, 0);
+ nat_ed_session_delete (sm, s0, thread_index, 1);
+ next[0] = NAT_NEXT_DROP;
+ b0->error = node->errors[NAT_IN2OUT_ED_ERROR_TRNSL_FAILED];
goto trace0;
}
@@ -1348,8 +1354,12 @@ nat44_ed_in2out_slow_path_node_fn_inline (vlib_main_t *vm,
if (NAT_NEXT_DROP != next[0] && s0 &&
NAT_ED_TRNSL_ERR_SUCCESS !=
(translation_error = nat_6t_flow_buf_translate_i2o (
- sm, b0, ip0, &s0->i2o, proto0, is_output_feature)))
+ vm, sm, b0, ip0, &s0->i2o, proto0, is_output_feature)))
{
+ nat_free_session_data (sm, s0, thread_index, 0);
+ nat_ed_session_delete (sm, s0, thread_index, 1);
+ next[0] = NAT_NEXT_DROP;
+ b0->error = node->errors[NAT_IN2OUT_ED_ERROR_TRNSL_FAILED];
goto trace0;
}
@@ -1425,11 +1435,12 @@ nat44_ed_in2out_slow_path_node_fn_inline (vlib_main_t *vm,
if (NAT_ED_TRNSL_ERR_SUCCESS !=
(translation_error = nat_6t_flow_buf_translate_i2o (
- sm, b0, ip0, &s0->i2o, proto0, is_output_feature)))
+ vm, sm, b0, ip0, &s0->i2o, proto0, is_output_feature)))
{
nat_free_session_data (sm, s0, thread_index, 0);
nat_ed_session_delete (sm, s0, thread_index, 1);
- s0 = NULL;
+ next[0] = NAT_NEXT_DROP;
+ b0->error = node->errors[NAT_IN2OUT_ED_ERROR_TRNSL_FAILED];
goto trace0;
}