From a7f8b228ff505acc052a77101b12e714ead26536 Mon Sep 17 00:00:00 2001 From: Matus Fabian Date: Wed, 5 Sep 2018 06:01:55 -0700 Subject: NAT: fix maximum out of order fragments (VPP-1399) All fragments should be dropped when max_frag is 1 and 2 non-initial fragments are received before first fragment. Change-Id: Id0c968f45629698e347e8226c5926f27b48b82d6 Signed-off-by: Matus Fabian --- src/plugins/nat/nat64_in2out.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'src/plugins/nat/nat64_in2out.c') diff --git a/src/plugins/nat/nat64_in2out.c b/src/plugins/nat/nat64_in2out.c index 718c69d7bdf..ddbf5850c7c 100644 --- a/src/plugins/nat/nat64_in2out.c +++ b/src/plugins/nat/nat64_in2out.c @@ -1424,7 +1424,8 @@ nat64_in2out_reass_node_fn (vlib_main_t * vm, ctx0.first_frag = 0; if (PREDICT_FALSE (reass0->sess_index == (u32) ~ 0)) { - if (nat_ip6_reass_add_fragment (reass0, bi0)) + if (nat_ip6_reass_add_fragment + (reass0, bi0, &fragments_to_drop)) { b0->error = node->errors[NAT64_IN2OUT_ERROR_MAX_FRAG]; next0 = NAT64_IN2OUT_NEXT_DROP; -- cgit 1.2.3-korg