summaryrefslogtreecommitdiffstats
path: root/src/plugins
diff options
context:
space:
mode:
authorVladimir Ratnikov <vratnikov@netgate.com>2019-09-27 03:26:49 -0400
committerOle Trøan <otroan@employees.org>2019-10-03 09:51:52 +0000
commitd6d50cebde647f9a5ee7251a7fef977506f315d7 (patch)
tree294498e724d372ffce046edc67c4fd813f48adac /src/plugins
parentcfca8451f461f65532c75a498bf1bf1056c3af2a (diff)
map: fix DF[Don't fragment] ip4-map-t behaviour
This patch allows ip4-map-t plugin to drop packets if DF flag is set and packet size is bigger than MTU Type: fix Signed-off-by: Vladimir Ratnikov <vratnikov@netgate.com> Change-Id: I0c1531a1f876d9efc8e7e2bff9804f298becdb68
Diffstat (limited to 'src/plugins')
-rw-r--r--src/plugins/map/ip4_map_t.c11
1 files changed, 11 insertions, 0 deletions
diff --git a/src/plugins/map/ip4_map_t.c b/src/plugins/map/ip4_map_t.c
index 2ab1af95922..621fb0615dc 100644
--- a/src/plugins/map/ip4_map_t.c
+++ b/src/plugins/map/ip4_map_t.c
@@ -600,6 +600,17 @@ ip4_map_t (vlib_main_t * vm, vlib_node_runtime_t * node, vlib_frame_t * frame)
pheader0->daddr.as_u64[1] =
map_get_sfx_net (d0, ip40->dst_address.as_u32, (u16) dst_port0);
+ bool df0 =
+ ip40->flags_and_fragment_offset &
+ clib_host_to_net_u16 (IP4_HEADER_FLAG_DONT_FRAGMENT);
+
+ if (PREDICT_TRUE (ip4_is_first_fragment (ip40) && df0))
+ {
+ p0->error = error_node->errors[MAP_ERROR_FRAGMENT_DROPPED];
+ next0 = IP4_MAPT_NEXT_MAPT_FRAGMENTED;
+ goto exit;
+ }
+
if (PREDICT_TRUE
(error0 == MAP_ERROR_NONE && next0 != IP4_MAPT_NEXT_MAPT_ICMP))
{