aboutsummaryrefslogtreecommitdiffstats
path: root/src/plugins
diff options
context:
space:
mode:
authorAlexander Chernavin <achernavin@netgate.com>2020-01-23 08:09:40 -0500
committerOle Trøan <otroan@employees.org>2020-01-30 11:03:31 +0000
commit56817e2c486a26167783676774b0dea9c103b200 (patch)
treeb88a51c9bdfcdb4ca0859e9b2ae4a4a9315c6f2d /src/plugins
parent78b58f65f1c94d7a5efbf191b4a6e8b6cc12ae66 (diff)
map: handle ip4 ttl=1 packets in map-t
With this commit, ICMP Time Exceeded is sent to sender when TTL expires at MAP BR. Type: fix Change-Id: I8effe163beab32596883127b819308cc355512c3 Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
Diffstat (limited to 'src/plugins')
-rw-r--r--src/plugins/map/ip4_map_t.c10
-rw-r--r--src/plugins/map/map.h3
-rw-r--r--src/plugins/map/test/test_map.py17
3 files changed, 20 insertions, 10 deletions
diff --git a/src/plugins/map/ip4_map_t.c b/src/plugins/map/ip4_map_t.c
index d243a45cd41..bb5aa451bc5 100644
--- a/src/plugins/map/ip4_map_t.c
+++ b/src/plugins/map/ip4_map_t.c
@@ -578,6 +578,16 @@ ip4_map_t (vlib_main_t * vm, vlib_node_runtime_t * node, vlib_frame_t * frame)
dst_port0 = -1;
+ if (PREDICT_FALSE (ip40->ttl == 1))
+ {
+ icmp4_error_set_vnet_buffer (p0, ICMP4_time_exceeded,
+ ICMP4_time_exceeded_ttl_exceeded_in_transit,
+ 0);
+ p0->error = error_node->errors[MAP_ERROR_TIME_EXCEEDED];
+ next0 = IP4_MAPT_NEXT_ICMP_ERROR;
+ goto trace;
+ }
+
bool df0 =
ip40->flags_and_fragment_offset &
clib_host_to_net_u16 (IP4_HEADER_FLAG_DONT_FRAGMENT);
diff --git a/src/plugins/map/map.h b/src/plugins/map/map.h
index 9581bd50fac..1f51a59aa2e 100644
--- a/src/plugins/map/map.h
+++ b/src/plugins/map/map.h
@@ -225,7 +225,8 @@ typedef struct
_(FRAGMENT_MALFORMED, "fragment has unexpected format")\
_(FRAGMENT_DROPPED, "dropped cached fragment") \
_(MALFORMED, "malformed packet") \
- _(DF_SET, "can't fragment, DF set")
+ _(DF_SET, "can't fragment, DF set") \
+ _(TIME_EXCEEDED, "time exceeded") \
typedef enum
{
diff --git a/src/plugins/map/test/test_map.py b/src/plugins/map/test/test_map.py
index 03913ce1466..845d1d34bef 100644
--- a/src/plugins/map/test/test_map.py
+++ b/src/plugins/map/test/test_map.py
@@ -543,7 +543,7 @@ class TestMAP(VppTestCase):
for p in rx:
self.validate(p[1], p4_translated)
- # IPv4 TTL
+ # IPv4 TTL=0
ip4_ttl_expired = IP(src=self.pg0.remote_ip4, dst='192.168.0.1', ttl=0)
p4 = (p_ether / ip4_ttl_expired / payload)
@@ -557,20 +557,19 @@ class TestMAP(VppTestCase):
for p in rx:
self.validate(p[1], icmp4_reply)
- '''
- This one is broken, cause it would require hairpinning...
- # IPv4 TTL TTL1
+ # IPv4 TTL=1
ip4_ttl_expired = IP(src=self.pg0.remote_ip4, dst='192.168.0.1', ttl=1)
p4 = (p_ether / ip4_ttl_expired / payload)
- icmp4_reply = IP(id=0, ttl=254, src=self.pg0.local_ip4,
- dst=self.pg0.remote_ip4) / \
- ICMP(type='time-exceeded', code='ttl-zero-during-transit' ) / \
- IP(src=self.pg0.remote_ip4, dst='192.168.0.1', ttl=0) / payload
+ icmp4_reply = (IP(id=0, ttl=254, src=self.pg0.local_ip4,
+ dst=self.pg0.remote_ip4) /
+ ICMP(type='time-exceeded',
+ code='ttl-zero-during-transit') /
+ IP(src=self.pg0.remote_ip4,
+ dst='192.168.0.1', ttl=1) / payload)
rx = self.send_and_expect(self.pg0, p4*1, self.pg0)
for p in rx:
self.validate(p[1], icmp4_reply)
- '''
# IPv6 Hop limit
ip6_hlim_expired = IPv6(hlim=0, src='2001:db8:1ab::c0a8:1:ab',