diff options
author | Klement Sekera <klement.sekera@gmail.com> | 2024-10-23 19:05:17 +0200 |
---|---|---|
committer | Matthew Smith <mgsmith@netgate.com> | 2024-10-23 20:58:15 +0000 |
commit | 602d11019bf76e8f4ad73b4b928bbf4ac3becfdc (patch) | |
tree | bc4b9313daab7f1849d93b7508d50fe838e448c0 /src | |
parent | 3d5670302755ffab3907826cd5afd31e411c1b87 (diff) |
ip: fix port extraction
Replace a hard-coded constant of 64 with 56, which is a more appropriate
value for when ICMP echo request is returned in ICMP error. Previously,
the size of such message would be smaller than 64 and parsing would not
return the correct value.
Type: fix
Change-Id: I1bdf8a2a23b1e6762b64210c71927c926f4547ad
Signed-off-by: Klement Sekera <klement.sekera@gmail.com>
Diffstat (limited to 'src')
-rw-r--r-- | src/vnet/ip/ip4_to_ip6.h | 15 |
1 files changed, 11 insertions, 4 deletions
diff --git a/src/vnet/ip/ip4_to_ip6.h b/src/vnet/ip/ip4_to_ip6.h index 57c2b6ff78b..d356fd5411c 100644 --- a/src/vnet/ip/ip4_to_ip6.h +++ b/src/vnet/ip/ip4_to_ip6.h @@ -46,10 +46,9 @@ static u8 icmp_to_icmp6_updater_pointer_table[] = * @returns Port number on success, 0 otherwise. */ always_inline u16 -ip4_get_port (ip4_header_t * ip, u8 sender) +ip4_get_port (ip4_header_t *ip, u8 sender) { - if (ip->ip_version_and_header_length != 0x45 || - ip4_get_fragment_offset (ip)) + if (ip->ip_version_and_header_length != 0x45 || ip4_get_fragment_offset (ip)) return 0; if (PREDICT_TRUE ((ip->protocol == IP_PROTOCOL_TCP) || @@ -65,7 +64,15 @@ ip4_get_port (ip4_header_t * ip, u8 sender) { return *((u16 *) (icmp + 1)); } - else if (clib_net_to_host_u16 (ip->length) >= 64) + /* + * Minimum length here consists of: + * - outer IP header length + * - outer ICMP header length (2*sizeof (icmp46_header_t)) + * - inner IP header length + * - first 8 bytes of payload of original packet in case of ICMP error + */ + else if (clib_net_to_host_u16 (ip->length) >= + 2 * sizeof (ip4_header_t) + 2 * sizeof (icmp46_header_t) + 8) { ip = (ip4_header_t *) (icmp + 2); if (PREDICT_TRUE ((ip->protocol == IP_PROTOCOL_TCP) || |