diff options
Diffstat (limited to 'src/vnet/ipip')
-rw-r--r-- | src/vnet/ipip/ipip.c | 4 | ||||
-rw-r--r-- | src/vnet/ipip/node.c | 8 |
2 files changed, 12 insertions, 0 deletions
diff --git a/src/vnet/ipip/ipip.c b/src/vnet/ipip/ipip.c index c49be099d9a..718463d7352 100644 --- a/src/vnet/ipip/ipip.c +++ b/src/vnet/ipip/ipip.c @@ -138,6 +138,10 @@ ipip6_fixup (vlib_main_t * vm, ip_adjacency_t * adj, vlib_buffer_t * b, ip6_header_t *ip6; const ipip_tunnel_t *t = data; + /* Must set locally originated otherwise we're not allowed to + fragment the packet later */ + b->flags |= VNET_BUFFER_F_LOCALLY_ORIGINATED; + ip6 = vlib_buffer_get_current (b); ip6->payload_length = clib_host_to_net_u16 (vlib_buffer_length_in_chain (vm, b) - diff --git a/src/vnet/ipip/node.c b/src/vnet/ipip/node.c index 60d6223d5f3..6171d3e5d71 100644 --- a/src/vnet/ipip/node.c +++ b/src/vnet/ipip/node.c @@ -99,6 +99,14 @@ ipip_input (vlib_main_t * vm, vlib_node_runtime_t * node, if (is_ipv6) { ip60 = vlib_buffer_get_current (b0); + /* Check for outer fragmentation */ + if (ip60->protocol == IP_PROTOCOL_IPV6_FRAGMENTATION) + { + next0 = IPIP_INPUT_NEXT_DROP; + b0->error = node->errors[IPIP_ERROR_FRAGMENTED_PACKET]; + goto drop; + } + vlib_buffer_advance (b0, sizeof (*ip60)); ip_set (&src0, &ip60->src_address, false); ip_set (&dst0, &ip60->dst_address, false); |