summaryrefslogtreecommitdiffstats
path: root/src/vnet/ipip
diff options
context:
space:
mode:
Diffstat (limited to 'src/vnet/ipip')
-rw-r--r--src/vnet/ipip/ipip.h11
-rw-r--r--src/vnet/ipip/node.c8
2 files changed, 14 insertions, 5 deletions
diff --git a/src/vnet/ipip/ipip.h b/src/vnet/ipip/ipip.h
index 6afb188f8ee..28833df9755 100644
--- a/src/vnet/ipip/ipip.h
+++ b/src/vnet/ipip/ipip.h
@@ -26,11 +26,12 @@
extern vnet_hw_interface_class_t ipip_hw_interface_class;
-#define foreach_ipip_error \
- /* Must be first. */ \
- _(DECAP_PKTS, "packets decapsulated") \
- _(BAD_PROTOCOL, "bad protocol") \
- _(NO_TUNNEL, "no tunnel")
+#define foreach_ipip_error \
+ /* Must be first. */ \
+ _(DECAP_PKTS, "packets decapsulated") \
+ _(BAD_PROTOCOL, "bad protocol") \
+ _(NO_TUNNEL, "no tunnel") \
+ _(FRAGMENTED_PACKET, "fragmented outer packet")
typedef enum
{
diff --git a/src/vnet/ipip/node.c b/src/vnet/ipip/node.c
index d55b91a0b93..60d6223d5f3 100644
--- a/src/vnet/ipip/node.c
+++ b/src/vnet/ipip/node.c
@@ -108,6 +108,14 @@ ipip_input (vlib_main_t * vm, vlib_node_runtime_t * node,
else
{
ip40 = vlib_buffer_get_current (b0);
+ /* Check for outer fragmentation */
+ if (ip40->flags_and_fragment_offset &
+ clib_host_to_net_u16 (IP4_HEADER_FLAG_MORE_FRAGMENTS))
+ {
+ next0 = IPIP_INPUT_NEXT_DROP;
+ b0->error = node->errors[IPIP_ERROR_FRAGMENTED_PACKET];
+ goto drop;
+ }
vlib_buffer_advance (b0, sizeof (*ip40));
ip_set (&src0, &ip40->src_address, true);
ip_set (&dst0, &ip40->dst_address, true);