diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/vnet/gre/gre.c | 4 | ||||
-rw-r--r-- | src/vnet/ip/icmp6.c | 6 | ||||
-rw-r--r-- | src/vnet/ip/ip6_forward.c | 42 |
3 files changed, 32 insertions, 20 deletions
diff --git a/src/vnet/gre/gre.c b/src/vnet/gre/gre.c index 0b8d2cc8df7..e82befe7918 100644 --- a/src/vnet/gre/gre.c +++ b/src/vnet/gre/gre.c @@ -292,8 +292,8 @@ gre6_fixup (vlib_main_t * vm, /* Fixup the payload length field in the GRE tunnel encap that was applied * at the midchain node */ ip0->payload_length = - clib_host_to_net_u16 (vlib_buffer_length_in_chain (vm, b0)) - - sizeof (*ip0); + clib_host_to_net_u16 (vlib_buffer_length_in_chain (vm, b0) - + sizeof (*ip0)); } void diff --git a/src/vnet/ip/icmp6.c b/src/vnet/ip/icmp6.c index fd5d0ecba38..6ebdef4745e 100644 --- a/src/vnet/ip/icmp6.c +++ b/src/vnet/ip/icmp6.c @@ -526,13 +526,15 @@ ip6_icmp_error (vlib_main_t * vm, b->current_length = 0; } } - p0->current_length = - p0->current_length > 1280 ? 1280 : p0->current_length; /* Add IP header and ICMPv6 header including a 4 byte data field */ vlib_buffer_advance (p0, -sizeof (ip6_header_t) - sizeof (icmp46_header_t) - 4); + + p0->current_length = + p0->current_length > 1280 ? 1280 : p0->current_length; + out_ip0 = vlib_buffer_get_current (p0); icmp0 = (icmp46_header_t *) & out_ip0[1]; diff --git a/src/vnet/ip/ip6_forward.c b/src/vnet/ip/ip6_forward.c index c45b65fd22d..f4c51e22bfc 100644 --- a/src/vnet/ip/ip6_forward.c +++ b/src/vnet/ip/ip6_forward.c @@ -1561,6 +1561,19 @@ typedef enum */ #define IP6_MCAST_ADDR_MASK 0xffffffff +always_inline void +ip6_mtu_check (vlib_buffer_t * b, u16 packet_bytes, + u16 adj_packet_bytes, u32 * next, u32 * error) +{ + if (adj_packet_bytes >= 1280 && packet_bytes > adj_packet_bytes) + { + *error = IP6_ERROR_MTU_EXCEEDED; + icmp6_error_set_vnet_buffer (b, ICMP6_packet_too_big, 0, + adj_packet_bytes); + *next = IP6_REWRITE_NEXT_ICMP_ERROR; + } +} + always_inline uword ip6_rewrite_inline (vlib_main_t * vm, vlib_node_runtime_t * node, @@ -1706,16 +1719,14 @@ ip6_rewrite_inline (vlib_main_t * vm, } /* Check MTU of outgoing interface. */ - error0 = - (vlib_buffer_length_in_chain (vm, p0) > - adj0[0]. - rewrite_header.max_l3_packet_bytes ? IP6_ERROR_MTU_EXCEEDED : - error0); - error1 = - (vlib_buffer_length_in_chain (vm, p1) > - adj1[0]. - rewrite_header.max_l3_packet_bytes ? IP6_ERROR_MTU_EXCEEDED : - error1); + ip6_mtu_check (p0, clib_net_to_host_u16 (ip0->payload_length) + + sizeof (ip6_header_t), + adj0[0].rewrite_header.max_l3_packet_bytes, + &next0, &error0); + ip6_mtu_check (p1, clib_net_to_host_u16 (ip1->payload_length) + + sizeof (ip6_header_t), + adj1[0].rewrite_header.max_l3_packet_bytes, + &next1, &error1); /* Don't adjust the buffer for hop count issue; icmp-error node * wants to see the IP headerr */ @@ -1849,14 +1860,13 @@ ip6_rewrite_inline (vlib_main_t * vm, } /* Check MTU of outgoing interface. */ - error0 = - (vlib_buffer_length_in_chain (vm, p0) > - adj0[0]. - rewrite_header.max_l3_packet_bytes ? IP6_ERROR_MTU_EXCEEDED : - error0); + ip6_mtu_check (p0, clib_net_to_host_u16 (ip0->payload_length) + + sizeof (ip6_header_t), + adj0[0].rewrite_header.max_l3_packet_bytes, + &next0, &error0); /* Don't adjust the buffer for hop count issue; icmp-error node - * wants to see the IP headerr */ + * wants to see the IP header */ if (PREDICT_TRUE (error0 == IP6_ERROR_NONE)) { p0->current_data -= rw_len0; |