diff options
Diffstat (limited to 'src/plugins/snat')
-rw-r--r-- | src/plugins/snat/out2in.c | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/src/plugins/snat/out2in.c b/src/plugins/snat/out2in.c index 3c1bb8852f6..328f5ba4c5e 100644 --- a/src/plugins/snat/out2in.c +++ b/src/plugins/snat/out2in.c @@ -270,12 +270,6 @@ static inline u32 icmp_out2in_slow_path (snat_main_t *sm, if (!is_error_message) { - if (PREDICT_FALSE(icmp0->type != ICMP4_echo_reply)) - { - b0->error = node->errors[SNAT_OUT2IN_ERROR_BAD_ICMP_TYPE]; - next0 = SNAT_OUT2IN_NEXT_DROP; - goto out; - } key0.protocol = SNAT_PROTOCOL_ICMP; key0.port = echo0->identifier; } @@ -353,6 +347,13 @@ static inline u32 icmp_out2in_slow_path (snat_main_t *sm, s0 = pool_elt_at_index (sm->per_thread_data[cpu_index].sessions, value0.value); + if (PREDICT_FALSE(icmp0->type != ICMP4_echo_reply && !is_error_message)) + { + b0->error = node->errors[SNAT_OUT2IN_ERROR_BAD_ICMP_TYPE]; + next0 = SNAT_OUT2IN_NEXT_DROP; + goto out; + } + sum0 = ip_incremental_checksum (0, icmp0, ntohs(ip0->length) - ip4_header_bytes (ip0)); checksum0 = ~ip_csum_fold (sum0); |