diff options
author | Mauro Sardara <msardara@cisco.com> | 2022-03-22 17:53:46 +0000 |
---|---|---|
committer | Neale Ranns <neale@graphiant.com> | 2022-03-30 17:51:33 +0000 |
commit | 9539647b895c456ca53892a9259e3127c6b92d35 (patch) | |
tree | f4c0a345a2dc27eb5aff092e3b6cdc1be2d66dfe /src/vnet/udp/udp_encap_node.c | |
parent | 591efc2f573baed38d79a0b9937ca4ff50732c1b (diff) |
udp: fix inner packet checksum calculation in udp-encap
When computing the inner packet checksum, the code wrongly
assumes that the IP version of the inner packet is the
same of the outer one. On the contrary, it is perfectly
possible to encapsulate v6 packets into v4 and viceversa,
so we need to check the IP format of the inner header before
calling vnet_calc_checksums_inline.
Ticket: VPP-2020
Type: fix
Signed-off-by: Mauro Sardara <msardara@cisco.com>
Change-Id: Ia4515563c164f6dd5096832c831a48cb0a29b3ad
Signed-off-by: Mauro Sardara <msardara@cisco.com>
Diffstat (limited to 'src/vnet/udp/udp_encap_node.c')
-rw-r--r-- | src/vnet/udp/udp_encap_node.c | 101 |
1 files changed, 76 insertions, 25 deletions
diff --git a/src/vnet/udp/udp_encap_node.c b/src/vnet/udp/udp_encap_node.c index 5b9fc0bf34b..1ebe79532f4 100644 --- a/src/vnet/udp/udp_encap_node.c +++ b/src/vnet/udp/udp_encap_node.c @@ -61,9 +61,9 @@ format_udp6_encap_trace (u8 * s, va_list * args) } always_inline uword -udp_encap_inline (vlib_main_t * vm, - vlib_node_runtime_t * node, - vlib_frame_t * frame, int is_encap_v6) +udp_encap_inline (vlib_main_t *vm, vlib_node_runtime_t *node, + vlib_frame_t *frame, ip_address_family_t encap_family, + ip_address_family_t payload_family) { vlib_combined_counter_main_t *cm = &udp_encap_counters; u32 *from = vlib_frame_vector_args (frame); @@ -121,12 +121,13 @@ udp_encap_inline (vlib_main_t * vm, ue1 = udp_encap_get (uei1); /* Paint */ - if (is_encap_v6) + if (encap_family == AF_IP6) { const u8 n_bytes = sizeof (udp_header_t) + sizeof (ip6_header_t); - ip_udp_encap_two (vm, b0, b1, (u8 *) & ue0->ue_hdrs, - (u8 *) & ue1->ue_hdrs, n_bytes, 0); + ip_udp_encap_two (vm, b0, b1, (u8 *) &ue0->ue_hdrs, + (u8 *) &ue1->ue_hdrs, n_bytes, encap_family, + payload_family); if (PREDICT_FALSE (b0->flags & VLIB_BUFFER_IS_TRACED)) { udp6_encap_trace_t *tr = @@ -147,9 +148,9 @@ udp_encap_inline (vlib_main_t * vm, const u8 n_bytes = sizeof (udp_header_t) + sizeof (ip4_header_t); - ip_udp_encap_two (vm, b0, b1, - (u8 *) & ue0->ue_hdrs, - (u8 *) & ue1->ue_hdrs, n_bytes, 1); + ip_udp_encap_two (vm, b0, b1, (u8 *) &ue0->ue_hdrs, + (u8 *) &ue1->ue_hdrs, n_bytes, encap_family, + payload_family); if (PREDICT_FALSE (b0->flags & VLIB_BUFFER_IS_TRACED)) { @@ -202,12 +203,12 @@ udp_encap_inline (vlib_main_t * vm, b0)); /* Paint */ - if (is_encap_v6) + if (encap_family == AF_IP6) { const u8 n_bytes = sizeof (udp_header_t) + sizeof (ip6_header_t); - ip_udp_encap_one (vm, b0, (u8 *) & ue0->ue_hdrs.ip6, n_bytes, - 0); + ip_udp_encap_one (vm, b0, (u8 *) &ue0->ue_hdrs.ip6, n_bytes, + encap_family, payload_family); if (PREDICT_FALSE (b0->flags & VLIB_BUFFER_IS_TRACED)) { @@ -222,8 +223,8 @@ udp_encap_inline (vlib_main_t * vm, const u8 n_bytes = sizeof (udp_header_t) + sizeof (ip4_header_t); - ip_udp_encap_one (vm, b0, (u8 *) & ue0->ue_hdrs.ip4, n_bytes, - 1); + ip_udp_encap_one (vm, b0, (u8 *) &ue0->ue_hdrs.ip4, n_bytes, + encap_family, payload_family); if (PREDICT_FALSE (b0->flags & VLIB_BUFFER_IS_TRACED)) { @@ -248,37 +249,87 @@ udp_encap_inline (vlib_main_t * vm, return frame->n_vectors; } -VLIB_NODE_FN (udp4_encap_node) (vlib_main_t * vm, - vlib_node_runtime_t * node, - vlib_frame_t * frame) +VLIB_NODE_FN (udp4o4_encap_node) +(vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame) { - return udp_encap_inline (vm, node, frame, 0); + return udp_encap_inline (vm, node, frame, AF_IP4, AF_IP4); } -VLIB_NODE_FN (udp6_encap_node) (vlib_main_t * vm, - vlib_node_runtime_t * node, - vlib_frame_t * frame) +VLIB_NODE_FN (udp6o4_encap_node) +(vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame) { - return udp_encap_inline (vm, node, frame, 1); + return udp_encap_inline (vm, node, frame, AF_IP4, AF_IP6); +} + +VLIB_NODE_FN (udp4_encap_node) +(vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame) +{ + return udp_encap_inline (vm, node, frame, AF_IP4, N_AF); +} + +VLIB_NODE_FN (udp6o6_encap_node) +(vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame) +{ + return udp_encap_inline (vm, node, frame, AF_IP6, AF_IP6); +} + +VLIB_NODE_FN (udp4o6_encap_node) +(vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame) +{ + return udp_encap_inline (vm, node, frame, AF_IP6, AF_IP4); +} + +VLIB_NODE_FN (udp6_encap_node) +(vlib_main_t *vm, vlib_node_runtime_t *node, vlib_frame_t *frame) +{ + return udp_encap_inline (vm, node, frame, AF_IP6, N_AF); } /* *INDENT-OFF* */ +VLIB_REGISTER_NODE (udp4o4_encap_node) = { + .name = "udp4o4-encap", + .vector_size = sizeof (u32), + .format_trace = format_udp4_encap_trace, + .n_next_nodes = 0, +}; + +VLIB_REGISTER_NODE (udp6o4_encap_node) = { + .name = "udp6o4-encap", + .vector_size = sizeof (u32), + .format_trace = format_udp6_encap_trace, + .n_next_nodes = 0, + .sibling_of = "udp4o4-encap", +}; + VLIB_REGISTER_NODE (udp4_encap_node) = { .name = "udp4-encap", .vector_size = sizeof (u32), - .format_trace = format_udp4_encap_trace, + .n_next_nodes = 0, + .sibling_of = "udp4o4-encap", +}; +VLIB_REGISTER_NODE (udp6o6_encap_node) = { + .name = "udp6o6-encap", + .vector_size = sizeof (u32), + .format_trace = format_udp6_encap_trace, + .n_next_nodes = 0, +}; + +VLIB_REGISTER_NODE (udp4o6_encap_node) = { + .name = "udp4o6-encap", + .vector_size = sizeof (u32), + .format_trace = format_udp4_encap_trace, .n_next_nodes = 0, + .sibling_of = "udp6o6-encap", }; VLIB_REGISTER_NODE (udp6_encap_node) = { .name = "udp6-encap", .vector_size = sizeof (u32), - .format_trace = format_udp6_encap_trace, - .n_next_nodes = 0, + .sibling_of = "udp6o6-encap", }; /* *INDENT-ON* */ |