summaryrefslogtreecommitdiffstats
path: root/vnet/vnet/map/ip4_map.c
diff options
context:
space:
mode:
authorOle Troan <ot@cisco.com>2016-01-06 12:40:28 +0100
committerOle Troan <ot@cisco.com>2016-01-06 12:40:28 +0100
commit366ac6ecdea0214363f523967830c370697c8944 (patch)
treecf4d655185fca02ea56fad3feb2a9d6e7fa283cf /vnet/vnet/map/ip4_map.c
parent1bc56f7fa162eab44214e5e2fa02f8b3a5ccb021 (diff)
MAP: Decrement TTL of payload IPv4 packet.
MAP: Disable direct adjacency domain lookup for decap until IPv4 SA security check is fixed. Change-Id: If85ea73629e46cb09757fe842d79507cf54e37f3 Signed-off-by: Ole Troan <ot@cisco.com>
Diffstat (limited to 'vnet/vnet/map/ip4_map.c')
-rw-r--r--vnet/vnet/map/ip4_map.c25
1 files changed, 25 insertions, 0 deletions
diff --git a/vnet/vnet/map/ip4_map.c b/vnet/vnet/map/ip4_map.c
index 6ed176c8e60..c8ee2764f23 100644
--- a/vnet/vnet/map/ip4_map.c
+++ b/vnet/vnet/map/ip4_map.c
@@ -156,6 +156,28 @@ ip4_map_ip6_lookup_bypass (vlib_buffer_t *p0, ip4_header_t *ip)
}
/*
+ * ip4_map_ttl
+ */
+static inline void
+ip4_map_decrement_ttl (ip4_header_t *ip, u8 *error)
+{
+ i32 ttl = ip->ttl;
+
+ /* Input node should have reject packets with ttl 0. */
+ ASSERT (ip->ttl > 0);
+
+ u32 checksum = ip->checksum + clib_host_to_net_u16(0x0100);
+ checksum += checksum >= 0xffff;
+ ip->checksum = checksum;
+ ttl -= 1;
+ ip->ttl = ttl;
+ *error = ttl <= 0 ? IP4_ERROR_TIME_EXPIRED : *error;
+
+ /* Verify checksum. */
+ ASSERT (ip->checksum == ip4_header_checksum(ip));
+}
+
+/*
* ip4_map
*/
static uword
@@ -345,6 +367,9 @@ ip4_map (vlib_main_t *vm,
*/
port0 = ip4_map_port_and_security_check(d0, ip40, &next0, &error0);
+ /* Decrement IPv4 TTL */
+ ip4_map_decrement_ttl(ip40, &error0);
+
/* MAP calc */
u32 da40 = clib_net_to_host_u32(ip40->dst_address.as_u32);
u16 dp40 = clib_net_to_host_u16(port0);