aboutsummaryrefslogtreecommitdiffstats
path: root/src/vnet
diff options
context:
space:
mode:
authorOle Troan <ot@cisco.com>2018-09-28 14:27:24 +0200
committerOle Troan <ot@cisco.com>2018-09-28 14:27:24 +0200
commitbf4d126b811c6ad00068fd04af652c982dc289c1 (patch)
tree94271cc146eb6ec85ffb53b4e15c64dac6c52d69 /src/vnet
parentf94c63ea392a79b509a7b8263f5a9372a58786f9 (diff)
IP ttl check in ip4-input missing for single packet path.
Change-Id: Idc17b2f8794d37cd3242a97395ab56bd633ca575 Signed-off-by: Ole Troan <ot@cisco.com>
Diffstat (limited to 'src/vnet')
-rw-r--r--src/vnet/ip/ip4_input.h3
1 files changed, 3 insertions, 0 deletions
diff --git a/src/vnet/ip/ip4_input.h b/src/vnet/ip/ip4_input.h
index 880896e6430..5df2154b2c3 100644
--- a/src/vnet/ip/ip4_input.h
+++ b/src/vnet/ip/ip4_input.h
@@ -290,6 +290,9 @@ ip4_input_check_x1 (vlib_main_t * vm,
check_ver_opt_csum (ip0, &error0, verify_checksum);
+ if (PREDICT_FALSE (ip0->ttl < 1))
+ error0 = IP4_ERROR_TIME_EXPIRED;
+
/* Drop fragmentation offset 1 packets. */
error0 = ip4_get_fragment_offset (ip0) == 1 ?
IP4_ERROR_FRAGMENT_OFFSET_ONE : error0;