nat: harden ICMP handling

Verify that headers are not truncated and that checksums are valid. Correct checksum computation in translation code. Type: fix Change-Id: I6acfcec4661411f83c86b15aafac90cd4538c0b5 Signed-off-by: Klement Sekera <ksekera@cisco.com>
author: Klement Sekera <ksekera@cisco.com> 2021-06-28 13:40:40 +0200
committer: Ole Tr�an <otroan@employees.org> 2021-07-19 17:46:33 +0000
commit: 05b5a5b3b4b04823776feed6403b5a99b2e06d76 (patch)
tree: b3becc951fccb20f0785acf6f4349a0a2b16a484 /src/plugins/nat/nat44-ed/nat44_ed_out2in.c
parent: 04572bea3499ab013d92799648c38b021767ff39 (diff)
1 files changed, 12 insertions, 4 deletions
diff --git a/src/plugins/nat/nat44-ed/nat44_ed_out2in.c b/src/plugins/nat/nat44-ed/nat44_ed_out2in.c
index eaf89937e54..124b64e29f3 100644
--- a/src/plugins/nat/nat44-ed/nat44_ed_out2in.c
+++ b/src/plugins/nat/nat44-ed/nat44_ed_out2in.c
@@ -1020,6 +1020,7 @@ nat44_ed_out2in_fast_path_node_fn_inline (vlib_main_t * vm,
 		  nat_free_session_data (sm, s0, thread_index, 0);
 		  nat_ed_session_delete (sm, s0, thread_index, 1);
 		  next[0] = NAT_NEXT_DROP;
+		  b0->error = node->errors[NAT_OUT2IN_ED_ERROR_TRNSL_FAILED];
 		  goto trace0;
 		}
 	    }
@@ -1027,9 +1028,10 @@ nat44_ed_out2in_fast_path_node_fn_inline (vlib_main_t * vm,
 
       if (NAT_ED_TRNSL_ERR_SUCCESS !=
 	  (translation_error = nat_6t_flow_buf_translate_o2i (
-	     sm, b0, ip0, f, proto0, 0 /* is_output_feature */)))
+	     vm, sm, b0, ip0, f, proto0, 0 /* is_output_feature */)))
 	{
 	  next[0] = NAT_NEXT_DROP;
+	  b0->error = node->errors[NAT_OUT2IN_ED_ERROR_TRNSL_FAILED];
 	  goto trace0;
 	}
 
@@ -1183,8 +1185,11 @@ nat44_ed_out2in_slow_path_node_fn_inline (vlib_main_t * vm,
 	  if (NAT_NEXT_DROP != next[0] && s0 &&
 	      NAT_ED_TRNSL_ERR_SUCCESS !=
 		(translation_error = nat_6t_flow_buf_translate_o2i (
-		   sm, b0, ip0, &s0->o2i, proto0, 0 /* is_output_feature */)))
+		   vm, sm, b0, ip0, &s0->o2i, proto0,
+		   0 /* is_output_feature */)))
 	    {
+	      next[0] = NAT_NEXT_DROP;
+	      b0->error = node->errors[NAT_OUT2IN_ED_ERROR_TRNSL_FAILED];
 	      goto trace0;
 	    }
 
@@ -1202,8 +1207,11 @@ nat44_ed_out2in_slow_path_node_fn_inline (vlib_main_t * vm,
 	  if (NAT_NEXT_DROP != next[0] && s0 &&
 	      NAT_ED_TRNSL_ERR_SUCCESS !=
 		(translation_error = nat_6t_flow_buf_translate_o2i (
-		   sm, b0, ip0, &s0->o2i, proto0, 0 /* is_output_feature */)))
+		   vm, sm, b0, ip0, &s0->o2i, proto0,
+		   0 /* is_output_feature */)))
 	    {
+	      next[0] = NAT_NEXT_DROP;
+	      b0->error = node->errors[NAT_OUT2IN_ED_ERROR_TRNSL_FAILED];
 	      goto trace0;
 	    }
 
@@ -1312,7 +1320,7 @@ nat44_ed_out2in_slow_path_node_fn_inline (vlib_main_t * vm,
 
       if (NAT_ED_TRNSL_ERR_SUCCESS !=
 	  (translation_error = nat_6t_flow_buf_translate_o2i (
-	     sm, b0, ip0, &s0->o2i, proto0, 0 /* is_output_feature */)))
+	     vm, sm, b0, ip0, &s0->o2i, proto0, 0 /* is_output_feature */)))
 	{
 	  next[0] = NAT_NEXT_DROP;
 	  goto trace0;
author	Klement Sekera <ksekera@cisco.com>	2021-06-28 13:40:40 +0200
committer	Ole Tr�an <otroan@employees.org>	2021-07-19 17:46:33 +0000
commit	05b5a5b3b4b04823776feed6403b5a99b2e06d76 (patch)
tree	b3becc951fccb20f0785acf6f4349a0a2b16a484 /src/plugins/nat/nat44-ed/nat44_ed_out2in.c
parent	04572bea3499ab013d92799648c38b021767ff39 (diff)