aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/plugins/nat/det44/det44.h1
-rw-r--r--src/plugins/nat/det44/det44_in2out.c2
-rw-r--r--src/plugins/nat/det44/det44_out2in.c2
-rw-r--r--src/plugins/nat/dslite/dslite.h1
-rw-r--r--src/plugins/nat/dslite/dslite_in2out.c1
-rw-r--r--src/plugins/nat/dslite/dslite_out2in.c1
-rw-r--r--src/plugins/nat/lib/inlines.h44
-rw-r--r--src/plugins/nat/lib/ipfix_logging.c1
-rw-r--r--src/plugins/nat/lib/nat_syslog.c1
-rw-r--r--src/plugins/nat/nat44-ed/nat44_ed.h1
-rw-r--r--src/plugins/nat/nat44-ed/nat44_ed_inlines.h1
-rw-r--r--src/plugins/nat/nat44-ei/nat44_ei.c1
-rw-r--r--src/plugins/nat/nat44-ei/nat44_ei.h1
-rw-r--r--src/plugins/nat/nat44-ei/nat44_ei_in2out.c1
-rw-r--r--src/plugins/nat/nat44-ei/nat44_ei_out2in.c1
-rw-r--r--src/plugins/nat/nat64/nat64.c1
-rw-r--r--src/plugins/nat/nat64/nat64.h1
-rw-r--r--src/plugins/nat/nat64/nat64_db.c1
-rw-r--r--src/plugins/unittest/session_test.c2
-rw-r--r--src/plugins/unittest/svm_fifo_test.c2
-rw-r--r--src/plugins/unittest/tcp_test.c2
-rw-r--r--src/vnet/ip/ip4_to_ip6.h21
-rw-r--r--src/vnet/ip/ip6_to_ip4.h14
23 files changed, 48 insertions, 56 deletions
diff --git a/src/plugins/nat/det44/det44.h b/src/plugins/nat/det44/det44.h
index e576bfb65e8..683f554f03c 100644
--- a/src/plugins/nat/det44/det44.h
+++ b/src/plugins/nat/det44/det44.h
@@ -38,7 +38,6 @@
#include <vnet/ip/reass/ip4_sv_reass.h>
#include <nat/lib/lib.h>
-#include <nat/lib/inlines.h>
#include <nat/lib/ipfix_logging.h>
#include <nat/lib/nat_proto.h>
diff --git a/src/plugins/nat/det44/det44_in2out.c b/src/plugins/nat/det44/det44_in2out.c
index 3f5e05a064c..39a9ecabac7 100644
--- a/src/plugins/nat/det44/det44_in2out.c
+++ b/src/plugins/nat/det44/det44_in2out.c
@@ -21,6 +21,7 @@
#include <vlib/vlib.h>
#include <vnet/vnet.h>
#include <vnet/ip/ip.h>
+#include <vnet/ip/ip4_to_ip6.h>
#include <vnet/fib/ip4_fib.h>
#include <vppinfra/error.h>
#include <vppinfra/elog.h>
@@ -29,7 +30,6 @@
#include <nat/det44/det44_inlines.h>
#include <nat/lib/lib.h>
-#include <nat/lib/inlines.h>
#include <nat/lib/nat_inlines.h>
typedef enum
diff --git a/src/plugins/nat/det44/det44_out2in.c b/src/plugins/nat/det44/det44_out2in.c
index ab6acd4f8e9..dd89606ff10 100644
--- a/src/plugins/nat/det44/det44_out2in.c
+++ b/src/plugins/nat/det44/det44_out2in.c
@@ -21,6 +21,7 @@
#include <vlib/vlib.h>
#include <vnet/vnet.h>
#include <vnet/ip/ip.h>
+#include <vnet/ip/ip4_to_ip6.h>
#include <vnet/fib/ip4_fib.h>
#include <vppinfra/error.h>
#include <vppinfra/elog.h>
@@ -29,7 +30,6 @@
#include <nat/det44/det44_inlines.h>
#include <nat/lib/lib.h>
-#include <nat/lib/inlines.h>
#include <nat/lib/nat_inlines.h>
typedef enum
diff --git a/src/plugins/nat/dslite/dslite.h b/src/plugins/nat/dslite/dslite.h
index f05670c9bf5..979afb476b7 100644
--- a/src/plugins/nat/dslite/dslite.h
+++ b/src/plugins/nat/dslite/dslite.h
@@ -22,7 +22,6 @@
#include <nat/lib/lib.h>
#include <nat/lib/alloc.h>
-#include <nat/lib/inlines.h>
typedef struct
{
diff --git a/src/plugins/nat/dslite/dslite_in2out.c b/src/plugins/nat/dslite/dslite_in2out.c
index 522c3cf4123..806969f5f4d 100644
--- a/src/plugins/nat/dslite/dslite_in2out.c
+++ b/src/plugins/nat/dslite/dslite_in2out.c
@@ -12,6 +12,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
+#include <vnet/ip/ip4_to_ip6.h>
#include <nat/dslite/dslite.h>
#include <nat/lib/nat_syslog.h>
diff --git a/src/plugins/nat/dslite/dslite_out2in.c b/src/plugins/nat/dslite/dslite_out2in.c
index 531bbb468bb..9ec48d458e5 100644
--- a/src/plugins/nat/dslite/dslite_out2in.c
+++ b/src/plugins/nat/dslite/dslite_out2in.c
@@ -12,6 +12,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
+#include <vnet/ip/ip4_to_ip6.h>
#include <nat/dslite/dslite.h>
typedef enum
diff --git a/src/plugins/nat/lib/inlines.h b/src/plugins/nat/lib/inlines.h
deleted file mode 100644
index 24e3ba83a5b..00000000000
--- a/src/plugins/nat/lib/inlines.h
+++ /dev/null
@@ -1,44 +0,0 @@
-/*
- * Copyright (c) 2020 Cisco and/or its affiliates.
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at:
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-/**
- * @brief Common NAT inline functions
- */
-#ifndef included_nat_inlines_h__
-#define included_nat_inlines_h__
-
-#include <vnet/ip/icmp46_packet.h>
-
-static_always_inline u64
-icmp_type_is_error_message (u8 icmp_type)
-{
- int bmp = 0;
- bmp |= 1 << ICMP4_destination_unreachable;
- bmp |= 1 << ICMP4_time_exceeded;
- bmp |= 1 << ICMP4_parameter_problem;
- bmp |= 1 << ICMP4_source_quench;
- bmp |= 1 << ICMP4_redirect;
- bmp |= 1 << ICMP4_alternate_host_address;
-
- return (1ULL << icmp_type) & bmp;
-}
-
-#endif /* included_nat_inlines_h__ */
-/*
- * fd.io coding-style-patch-verification: ON
- *
- * Local Variables:
- * eval: (c-set-style "gnu")
- * End:
- */
diff --git a/src/plugins/nat/lib/ipfix_logging.c b/src/plugins/nat/lib/ipfix_logging.c
index 593fa09f7e2..f569ccd1918 100644
--- a/src/plugins/nat/lib/ipfix_logging.c
+++ b/src/plugins/nat/lib/ipfix_logging.c
@@ -22,7 +22,6 @@
#include <vlibmemory/api.h>
#include <vppinfra/atomics.h>
#include <nat/lib/ipfix_logging.h>
-#include <nat/lib/inlines.h>
vlib_node_registration_t nat_ipfix_flush_node;
nat_ipfix_logging_main_t nat_ipfix_logging_main;
diff --git a/src/plugins/nat/lib/nat_syslog.c b/src/plugins/nat/lib/nat_syslog.c
index 98777ebf280..93756a561bc 100644
--- a/src/plugins/nat/lib/nat_syslog.c
+++ b/src/plugins/nat/lib/nat_syslog.c
@@ -21,7 +21,6 @@
#include <vnet/syslog/syslog.h>
#include <nat/lib/nat_syslog.h>
-#include <nat/lib/inlines.h>
#include <nat/lib/nat_syslog_constants.h>
diff --git a/src/plugins/nat/nat44-ed/nat44_ed.h b/src/plugins/nat/nat44-ed/nat44_ed.h
index 706511475cf..c3a959b0635 100644
--- a/src/plugins/nat/nat44-ed/nat44_ed.h
+++ b/src/plugins/nat/nat44-ed/nat44_ed.h
@@ -31,7 +31,6 @@
#include <vlibapi/api.h>
#include <nat/lib/lib.h>
-#include <nat/lib/inlines.h>
/* default number of worker handoff frame queue elements */
#define NAT_FQ_NELTS_DEFAULT 64
diff --git a/src/plugins/nat/nat44-ed/nat44_ed_inlines.h b/src/plugins/nat/nat44-ed/nat44_ed_inlines.h
index 04e5236b7f9..8cd93f263c6 100644
--- a/src/plugins/nat/nat44-ed/nat44_ed_inlines.h
+++ b/src/plugins/nat/nat44-ed/nat44_ed_inlines.h
@@ -27,6 +27,7 @@
#include <nat/lib/log.h>
#include <nat/lib/ipfix_logging.h>
#include <nat/nat44-ed/nat44_ed.h>
+#include <vnet/ip/ip4_to_ip6.h>
always_inline void
init_ed_k (clib_bihash_kv_16_8_t *kv, u32 l_addr, u16 l_port, u32 r_addr,
diff --git a/src/plugins/nat/nat44-ei/nat44_ei.c b/src/plugins/nat/nat44-ei/nat44_ei.c
index e16625a2946..d1959f72ae7 100644
--- a/src/plugins/nat/nat44-ei/nat44_ei.c
+++ b/src/plugins/nat/nat44-ei/nat44_ei.c
@@ -21,6 +21,7 @@
#include <vnet/vnet.h>
#include <vnet/ip/ip.h>
#include <vnet/ip/ip4.h>
+#include <vnet/ip/ip4_to_ip6.h>
#include <vnet/ip/ip_table.h>
#include <vnet/ip/reass/ip4_sv_reass.h>
#include <vnet/fib/fib_table.h>
diff --git a/src/plugins/nat/nat44-ei/nat44_ei.h b/src/plugins/nat/nat44-ei/nat44_ei.h
index b4aa0f26c0b..786fb0cfc2c 100644
--- a/src/plugins/nat/nat44-ei/nat44_ei.h
+++ b/src/plugins/nat/nat44-ei/nat44_ei.h
@@ -35,7 +35,6 @@
#include <vppinfra/hash.h>
#include <nat/lib/lib.h>
-#include <nat/lib/inlines.h>
#include <nat/lib/nat_proto.h>
/* default number of worker handoff frame queue elements */
diff --git a/src/plugins/nat/nat44-ei/nat44_ei_in2out.c b/src/plugins/nat/nat44-ei/nat44_ei_in2out.c
index 3b981d69986..2fbf2832d5e 100644
--- a/src/plugins/nat/nat44-ei/nat44_ei_in2out.c
+++ b/src/plugins/nat/nat44-ei/nat44_ei_in2out.c
@@ -21,6 +21,7 @@
#include <vnet/vnet.h>
#include <vnet/ip/ip.h>
+#include <vnet/ip/ip4_to_ip6.h>
#include <vnet/ethernet/ethernet.h>
#include <vnet/udp/udp_local.h>
#include <vnet/fib/ip4_fib.h>
diff --git a/src/plugins/nat/nat44-ei/nat44_ei_out2in.c b/src/plugins/nat/nat44-ei/nat44_ei_out2in.c
index 5d91cb04f7c..805a6962868 100644
--- a/src/plugins/nat/nat44-ei/nat44_ei_out2in.c
+++ b/src/plugins/nat/nat44-ei/nat44_ei_out2in.c
@@ -21,6 +21,7 @@
#include <vnet/vnet.h>
#include <vnet/ip/ip.h>
+#include <vnet/ip/ip4_to_ip6.h>
#include <vnet/ethernet/ethernet.h>
#include <vnet/udp/udp_local.h>
#include <vnet/fib/ip4_fib.h>
diff --git a/src/plugins/nat/nat64/nat64.c b/src/plugins/nat/nat64/nat64.c
index 950eea60e5e..c59cfbbbd55 100644
--- a/src/plugins/nat/nat64/nat64.c
+++ b/src/plugins/nat/nat64/nat64.c
@@ -15,6 +15,7 @@
#include <vppinfra/crc32.h>
#include <vnet/fib/ip4_fib.h>
+#include <vnet/ip/ip4_to_ip6.h>
#include <vnet/ip/reass/ip4_sv_reass.h>
#include <vnet/ip/reass/ip6_sv_reass.h>
diff --git a/src/plugins/nat/nat64/nat64.h b/src/plugins/nat/nat64/nat64.h
index 9eb8d915390..2577880c7a4 100644
--- a/src/plugins/nat/nat64/nat64.h
+++ b/src/plugins/nat/nat64/nat64.h
@@ -30,7 +30,6 @@
#include <vnet/ip/reass/ip4_sv_reass.h>
#include <nat/lib/lib.h>
-#include <nat/lib/inlines.h>
#include <nat/lib/nat_inlines.h>
#include <nat/nat64/nat64_db.h>
diff --git a/src/plugins/nat/nat64/nat64_db.c b/src/plugins/nat/nat64/nat64_db.c
index e4e9febcb12..6ba77c58965 100644
--- a/src/plugins/nat/nat64/nat64_db.c
+++ b/src/plugins/nat/nat64/nat64_db.c
@@ -16,7 +16,6 @@
#include <vnet/fib/fib_table.h>
#include <nat/lib/ipfix_logging.h>
#include <nat/lib/nat_syslog.h>
-#include <nat/lib/inlines.h>
#include <nat/nat64/nat64_db.h>
int
diff --git a/src/plugins/unittest/session_test.c b/src/plugins/unittest/session_test.c
index f0e5d4b4f3d..cab9de0d742 100644
--- a/src/plugins/unittest/session_test.c
+++ b/src/plugins/unittest/session_test.c
@@ -2732,6 +2732,8 @@ session_test (vlib_main_t * vm,
done:
if (res)
return clib_error_return (0, "Session unit test failed");
+
+ vlib_cli_output (vm, "SUCCESS");
return 0;
}
diff --git a/src/plugins/unittest/svm_fifo_test.c b/src/plugins/unittest/svm_fifo_test.c
index 9feb37cbc25..c6031c59987 100644
--- a/src/plugins/unittest/svm_fifo_test.c
+++ b/src/plugins/unittest/svm_fifo_test.c
@@ -2856,6 +2856,8 @@ svm_fifo_test (vlib_main_t * vm, unformat_input_t * input,
done:
if (res)
return clib_error_return (0, "svm fifo unit test failed");
+
+ vlib_cli_output (vm, "SUCCESS");
return 0;
}
diff --git a/src/plugins/unittest/tcp_test.c b/src/plugins/unittest/tcp_test.c
index 4b53bc18906..33c5387b98f 100644
--- a/src/plugins/unittest/tcp_test.c
+++ b/src/plugins/unittest/tcp_test.c
@@ -1594,6 +1594,8 @@ tcp_test (vlib_main_t * vm,
done:
if (res)
return clib_error_return (0, "TCP unit test failed");
+
+ vlib_cli_output (vm, "SUCCESS");
return 0;
}
diff --git a/src/vnet/ip/ip4_to_ip6.h b/src/vnet/ip/ip4_to_ip6.h
index d356fd5411c..3c14a59f174 100644
--- a/src/vnet/ip/ip4_to_ip6.h
+++ b/src/vnet/ip/ip4_to_ip6.h
@@ -37,6 +37,20 @@ static u8 icmp_to_icmp6_updater_pointer_table[] =
#define frag_id_4to6(id) (id)
+always_inline u64
+icmp_type_is_error_message (u8 icmp_type)
+{
+ int bmp = 0;
+ bmp |= 1 << ICMP4_destination_unreachable;
+ bmp |= 1 << ICMP4_time_exceeded;
+ bmp |= 1 << ICMP4_parameter_problem;
+ bmp |= 1 << ICMP4_source_quench;
+ bmp |= 1 << ICMP4_redirect;
+ bmp |= 1 << ICMP4_alternate_host_address;
+
+ return (1ULL << icmp_type) & bmp;
+}
+
/**
* @brief Get TCP/UDP port number or ICMP id from IPv4 packet.
*
@@ -70,9 +84,14 @@ ip4_get_port (ip4_header_t *ip, u8 sender)
* - outer ICMP header length (2*sizeof (icmp46_header_t))
* - inner IP header length
* - first 8 bytes of payload of original packet in case of ICMP error
+ *
+ * Also make sure we only attempt to parse payload as IP packet if it's
+ * an ICMP error.
*/
else if (clib_net_to_host_u16 (ip->length) >=
- 2 * sizeof (ip4_header_t) + 2 * sizeof (icmp46_header_t) + 8)
+ 2 * sizeof (ip4_header_t) + 2 * sizeof (icmp46_header_t) +
+ 8 &&
+ icmp_type_is_error_message (icmp->type))
{
ip = (ip4_header_t *) (icmp + 2);
if (PREDICT_TRUE ((ip->protocol == IP_PROTOCOL_TCP) ||
diff --git a/src/vnet/ip/ip6_to_ip4.h b/src/vnet/ip/ip6_to_ip4.h
index ebabcd0b797..931d2da0fa3 100644
--- a/src/vnet/ip/ip6_to_ip4.h
+++ b/src/vnet/ip/ip6_to_ip4.h
@@ -168,7 +168,19 @@ ip6_get_port (vlib_main_t *vm, vlib_buffer_t *b, ip6_header_t *ip6,
if (dst_port)
*dst_port = ((u16 *) (icmp))[2];
}
- else if (clib_net_to_host_u16 (ip6->payload_length) >= 64)
+ /*
+ * if there is enough data and ICMP type indicates ICMP error, then parse
+ * inner packet
+ *
+ * ICMP6 errors are:
+ * 1 - destination_unreachable
+ * 2 - packet_too_big
+ * 3 - time_exceeded
+ * 4 - parameter_problem
+ */
+ else if (clib_net_to_host_u16 (ip6->payload_length) >= 64 &&
+ icmp->type >= ICMP6_destination_unreachable &&
+ icmp->type <= ICMP6_parameter_problem)
{
u16 ip6_pay_len;
ip6_header_t *inner_ip6;