aboutsummaryrefslogtreecommitdiffstats
path: root/src/plugins/map/ip6_map_t.c
AgeCommit message (Collapse)AuthorFilesLines
2020-01-30map: Prevent IPv4 prefix spoofing during IPv6 -> IPv4Jon Loeliger1-2/+14
Prevent malicious packets with spoofed embedded IPv4 addresses by limiting the IPv6 ingress packets to known MAP-T domains. Drop spoofed packets. Add several tests that ensure spoofing isn't allowed. Type: fix Fixes: fc7344f9be Change-Id: I80a5dd10d5fe7492e3a1b04de389d649a78065e2 Signed-off-by: Jon Loeliger <jdl@netgate.com>
2020-01-03nat: use SVRKlement Sekera1-14/+16
Remove NAT's implementation of shallow virtual reassembly with corresponding CLIs, APIs & tests. Replace with standalone shallow virtual reassembly provided by ipX-sv-reass* nodes. Type: refactor Change-Id: I7e6c7487a5a500d591f6871474a359e0993e59b6 Signed-off-by: Klement Sekera <ksekera@cisco.com>
2019-12-05map: fix MAP-T ip6 port checkMatthew Smith1-5/+5
Type: fix Ticket: VPP-1804 Fix a regression introduced by 640edcd90. The port set ID on received IPv6 packets for MAP-T was being checked against the destination port. It should be checked against the source port. Added a new unit test to verify that a v6 packet with a good source port is translated and forwarded and a v6 packet with a bad source port is dropped. The important part of the test which will prevent similar future regressions is that the source port and destination port are not equal. The existing unit test used the same source and destination port which is why it did not fail when the regression was introduced. Change-Id: Idc144ea509722bb9e0f80b3887d220384a04e6d6 Signed-off-by: Matthew Smith <mgsmith@netgate.com>
2019-11-11ip: functional interface to ip fragmentationOle Troan1-3/+3
This provides a functional interface to IP fragmentation. Allowing external features to fragment. Supports arbitrary encap size, for e.g. MPLS or inner fragmentation of tunnels. This also removed dual loop in MAP that was fundamentally broken. Type: fix Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: Ia89ecec8ee3cbe2416edbe87630fdb714898c2a8 Signed-off-by: Ole Troan <ot@cisco.com>
2019-10-01map: use SVR for MAP-TKlement Sekera1-83/+18
This change is part of an effort to unify reassembly code. By removing shallow virtual reassembly functionality in MAP and using the common vnet provided shallow virtual reassembly, code size and complexity is reduced. Type: refactor Change-Id: Iec8edd039f7b967b53e17bb9bca228a8b452ac0c Signed-off-by: Klement Sekera <ksekera@cisco.com>
2018-12-21MAP: Convert from DPO to input feature.Jon Loeliger1-114/+261
Change-Id: I25c86aea23dff19656449b23133db27b1f062ac0 Signed-off-by: Jon Loeliger <jdl@netgate.com> Signed-off-by: Ole Troan <ot@cisco.com>
2018-12-18MAP: Remove dual loop in MAP-T in preparation for refactor.Ole Troan1-389/+0
Change-Id: I3c77cadaa7b677073af00407f368bd48d703fdac Signed-off-by: Ole Troan <ot@cisco.com>
2018-11-22Revert "Add support for MAP-T CE (VPP-1058)"Ole Troan1-241/+106
This reverts commit 0ae15ed43aaa600a75ca4c154bc62478820c00b4. Re-add MAP CE support later. This patch polluted the code with too many if (ce) ... Change-Id: Ia0ffd6fdb452aa5d30abec57772c17fc16fb0dbd Signed-off-by: Ole Troan <ot@cisco.com>
2018-09-27IPIP and IPv6 fragmentationOle Troan1-7/+0
- Error where ICMPv6 error code doesn't reset VLIB_TX = -1 Leading to crash for ICMP generated on tunnelled packets - Missed setting VNET_BUFFER_F_LOCALLY_ORIGINATED, so IP in IPv6 packets never got fragmented. - Add support for fragmentation of buffer chains. - Remove support for inner fragmentation in frag code itself. Change-Id: If9a97301b7e35ca97ffa5c0fada2b9e7e7dbfb27 Signed-off-by: Ole Troan <ot@cisco.com>
2018-07-11avoid using thread local storage for thread indexDamjan Marion1-2/+2
It is cheaper to get thread index from vlib_main_t if available... Change-Id: I4582e160d06d9d7fccdc54271912f0635da79b50 Signed-off-by: Damjan Marion <damarion@cisco.com>
2018-06-25MAP: Move MAP-E/T to a plugin.Ole Troan1-0/+1186
Only remaining traces of MAP in the src/vnet is now in buffer.h. Awaiting a new buffer opaque API (hint, hint). Change-Id: Ie165561484731f1d7ed6e0f604b43624e06db3f0 Signed-off-by: Ole Troan <ot@cisco.com>