aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorKlement Sekera <klement.sekera@gmail.com>2024-10-23 19:05:17 +0200
committerMatthew Smith <mgsmith@netgate.com>2024-10-23 20:58:15 +0000
commit602d11019bf76e8f4ad73b4b928bbf4ac3becfdc (patch)
treebc4b9313daab7f1849d93b7508d50fe838e448c0 /src
parent3d5670302755ffab3907826cd5afd31e411c1b87 (diff)
ip: fix port extraction
Replace a hard-coded constant of 64 with 56, which is a more appropriate value for when ICMP echo request is returned in ICMP error. Previously, the size of such message would be smaller than 64 and parsing would not return the correct value. Type: fix Change-Id: I1bdf8a2a23b1e6762b64210c71927c926f4547ad Signed-off-by: Klement Sekera <klement.sekera@gmail.com>
Diffstat (limited to 'src')
-rw-r--r--src/vnet/ip/ip4_to_ip6.h15
1 files changed, 11 insertions, 4 deletions
diff --git a/src/vnet/ip/ip4_to_ip6.h b/src/vnet/ip/ip4_to_ip6.h
index 57c2b6ff78b..d356fd5411c 100644
--- a/src/vnet/ip/ip4_to_ip6.h
+++ b/src/vnet/ip/ip4_to_ip6.h
@@ -46,10 +46,9 @@ static u8 icmp_to_icmp6_updater_pointer_table[] =
* @returns Port number on success, 0 otherwise.
*/
always_inline u16
-ip4_get_port (ip4_header_t * ip, u8 sender)
+ip4_get_port (ip4_header_t *ip, u8 sender)
{
- if (ip->ip_version_and_header_length != 0x45 ||
- ip4_get_fragment_offset (ip))
+ if (ip->ip_version_and_header_length != 0x45 || ip4_get_fragment_offset (ip))
return 0;
if (PREDICT_TRUE ((ip->protocol == IP_PROTOCOL_TCP) ||
@@ -65,7 +64,15 @@ ip4_get_port (ip4_header_t * ip, u8 sender)
{
return *((u16 *) (icmp + 1));
}
- else if (clib_net_to_host_u16 (ip->length) >= 64)
+ /*
+ * Minimum length here consists of:
+ * - outer IP header length
+ * - outer ICMP header length (2*sizeof (icmp46_header_t))
+ * - inner IP header length
+ * - first 8 bytes of payload of original packet in case of ICMP error
+ */
+ else if (clib_net_to_host_u16 (ip->length) >=
+ 2 * sizeof (ip4_header_t) + 2 * sizeof (icmp46_header_t) + 8)
{
ip = (ip4_header_t *) (icmp + 2);
if (PREDICT_TRUE ((ip->protocol == IP_PROTOCOL_TCP) ||