summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--src/plugins/map/ip4_map_t.c23
1 files changed, 12 insertions, 11 deletions
diff --git a/src/plugins/map/ip4_map_t.c b/src/plugins/map/ip4_map_t.c
index a02b55478c2..dca32846480 100644
--- a/src/plugins/map/ip4_map_t.c
+++ b/src/plugins/map/ip4_map_t.c
@@ -575,6 +575,18 @@ ip4_map_t (vlib_main_t * vm, vlib_node_runtime_t * node, vlib_frame_t * frame)
goto exit;
}
+ bool df0 =
+ ip40->flags_and_fragment_offset &
+ clib_host_to_net_u16 (IP4_HEADER_FLAG_DONT_FRAGMENT);
+
+ if (PREDICT_FALSE
+ (df0 && !map_main.frag_ignore_df && (ip4_len0 > d0->mtu)))
+ {
+ p0->error = error_node->errors[MAP_ERROR_FRAGMENT_DROPPED];
+ next0 = IP4_MAPT_NEXT_DROP;
+ goto exit;
+ }
+
vnet_buffer (p0)->map_t.mtu = d0->mtu ? d0->mtu : ~0;
dst_port0 = -1;
@@ -601,17 +613,6 @@ ip4_map_t (vlib_main_t * vm, vlib_node_runtime_t * node, vlib_frame_t * frame)
pheader0->daddr.as_u64[1] =
map_get_sfx_net (d0, ip40->dst_address.as_u32, (u16) dst_port0);
- bool df0 =
- ip40->flags_and_fragment_offset &
- clib_host_to_net_u16 (IP4_HEADER_FLAG_DONT_FRAGMENT);
-
- if (PREDICT_TRUE (ip4_is_first_fragment (ip40) && df0))
- {
- p0->error = error_node->errors[MAP_ERROR_FRAGMENT_DROPPED];
- next0 = IP4_MAPT_NEXT_MAPT_FRAGMENTED;
- goto exit;
- }
-
if (PREDICT_TRUE
(error0 == MAP_ERROR_NONE && next0 != IP4_MAPT_NEXT_MAPT_ICMP))
{