From a3df9c283193f5b528ac6c5eac0661b526ed4d63 Mon Sep 17 00:00:00 2001 From: Klement Sekera Date: Tue, 26 Nov 2024 15:42:41 +0100 Subject: ip: fix ICMP inner payload parsing Add a check so that ICMP type is verified to be an error before parsing inner payload. If it's not an error, then the inner payload is not there. Type: fix Fixes: 46d0ff3945 Change-Id: I5c7d8ddacb347ec030784f349064e66d63cd525e Signed-off-by: Klement Sekera --- src/plugins/nat/det44/det44.h | 1 - src/plugins/nat/det44/det44_in2out.c | 2 +- src/plugins/nat/det44/det44_out2in.c | 2 +- src/plugins/nat/dslite/dslite.h | 1 - src/plugins/nat/dslite/dslite_in2out.c | 1 + src/plugins/nat/dslite/dslite_out2in.c | 1 + src/plugins/nat/lib/inlines.h | 44 ----------------------------- src/plugins/nat/lib/ipfix_logging.c | 1 - src/plugins/nat/lib/nat_syslog.c | 1 - src/plugins/nat/nat44-ed/nat44_ed.h | 1 - src/plugins/nat/nat44-ed/nat44_ed_inlines.h | 1 + src/plugins/nat/nat44-ei/nat44_ei.c | 1 + src/plugins/nat/nat44-ei/nat44_ei.h | 1 - src/plugins/nat/nat44-ei/nat44_ei_in2out.c | 1 + src/plugins/nat/nat44-ei/nat44_ei_out2in.c | 1 + src/plugins/nat/nat64/nat64.c | 1 + src/plugins/nat/nat64/nat64.h | 1 - src/plugins/nat/nat64/nat64_db.c | 1 - 18 files changed, 9 insertions(+), 54 deletions(-) delete mode 100644 src/plugins/nat/lib/inlines.h (limited to 'src/plugins') diff --git a/src/plugins/nat/det44/det44.h b/src/plugins/nat/det44/det44.h index e576bfb65e8..683f554f03c 100644 --- a/src/plugins/nat/det44/det44.h +++ b/src/plugins/nat/det44/det44.h @@ -38,7 +38,6 @@ #include #include -#include #include #include diff --git a/src/plugins/nat/det44/det44_in2out.c b/src/plugins/nat/det44/det44_in2out.c index 3f5e05a064c..39a9ecabac7 100644 --- a/src/plugins/nat/det44/det44_in2out.c +++ b/src/plugins/nat/det44/det44_in2out.c @@ -21,6 +21,7 @@ #include #include #include +#include #include #include #include @@ -29,7 +30,6 @@ #include #include -#include #include typedef enum diff --git a/src/plugins/nat/det44/det44_out2in.c b/src/plugins/nat/det44/det44_out2in.c index ab6acd4f8e9..dd89606ff10 100644 --- a/src/plugins/nat/det44/det44_out2in.c +++ b/src/plugins/nat/det44/det44_out2in.c @@ -21,6 +21,7 @@ #include #include #include +#include #include #include #include @@ -29,7 +30,6 @@ #include #include -#include #include typedef enum diff --git a/src/plugins/nat/dslite/dslite.h b/src/plugins/nat/dslite/dslite.h index f05670c9bf5..979afb476b7 100644 --- a/src/plugins/nat/dslite/dslite.h +++ b/src/plugins/nat/dslite/dslite.h @@ -22,7 +22,6 @@ #include #include -#include typedef struct { diff --git a/src/plugins/nat/dslite/dslite_in2out.c b/src/plugins/nat/dslite/dslite_in2out.c index 522c3cf4123..806969f5f4d 100644 --- a/src/plugins/nat/dslite/dslite_in2out.c +++ b/src/plugins/nat/dslite/dslite_in2out.c @@ -12,6 +12,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ +#include #include #include diff --git a/src/plugins/nat/dslite/dslite_out2in.c b/src/plugins/nat/dslite/dslite_out2in.c index 531bbb468bb..9ec48d458e5 100644 --- a/src/plugins/nat/dslite/dslite_out2in.c +++ b/src/plugins/nat/dslite/dslite_out2in.c @@ -12,6 +12,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ +#include #include typedef enum diff --git a/src/plugins/nat/lib/inlines.h b/src/plugins/nat/lib/inlines.h deleted file mode 100644 index 24e3ba83a5b..00000000000 --- a/src/plugins/nat/lib/inlines.h +++ /dev/null @@ -1,44 +0,0 @@ -/* - * Copyright (c) 2020 Cisco and/or its affiliates. - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at: - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -/** - * @brief Common NAT inline functions - */ -#ifndef included_nat_inlines_h__ -#define included_nat_inlines_h__ - -#include - -static_always_inline u64 -icmp_type_is_error_message (u8 icmp_type) -{ - int bmp = 0; - bmp |= 1 << ICMP4_destination_unreachable; - bmp |= 1 << ICMP4_time_exceeded; - bmp |= 1 << ICMP4_parameter_problem; - bmp |= 1 << ICMP4_source_quench; - bmp |= 1 << ICMP4_redirect; - bmp |= 1 << ICMP4_alternate_host_address; - - return (1ULL << icmp_type) & bmp; -} - -#endif /* included_nat_inlines_h__ */ -/* - * fd.io coding-style-patch-verification: ON - * - * Local Variables: - * eval: (c-set-style "gnu") - * End: - */ diff --git a/src/plugins/nat/lib/ipfix_logging.c b/src/plugins/nat/lib/ipfix_logging.c index 593fa09f7e2..f569ccd1918 100644 --- a/src/plugins/nat/lib/ipfix_logging.c +++ b/src/plugins/nat/lib/ipfix_logging.c @@ -22,7 +22,6 @@ #include #include #include -#include vlib_node_registration_t nat_ipfix_flush_node; nat_ipfix_logging_main_t nat_ipfix_logging_main; diff --git a/src/plugins/nat/lib/nat_syslog.c b/src/plugins/nat/lib/nat_syslog.c index 98777ebf280..93756a561bc 100644 --- a/src/plugins/nat/lib/nat_syslog.c +++ b/src/plugins/nat/lib/nat_syslog.c @@ -21,7 +21,6 @@ #include #include -#include #include diff --git a/src/plugins/nat/nat44-ed/nat44_ed.h b/src/plugins/nat/nat44-ed/nat44_ed.h index 706511475cf..c3a959b0635 100644 --- a/src/plugins/nat/nat44-ed/nat44_ed.h +++ b/src/plugins/nat/nat44-ed/nat44_ed.h @@ -31,7 +31,6 @@ #include #include -#include /* default number of worker handoff frame queue elements */ #define NAT_FQ_NELTS_DEFAULT 64 diff --git a/src/plugins/nat/nat44-ed/nat44_ed_inlines.h b/src/plugins/nat/nat44-ed/nat44_ed_inlines.h index 04e5236b7f9..8cd93f263c6 100644 --- a/src/plugins/nat/nat44-ed/nat44_ed_inlines.h +++ b/src/plugins/nat/nat44-ed/nat44_ed_inlines.h @@ -27,6 +27,7 @@ #include #include #include +#include always_inline void init_ed_k (clib_bihash_kv_16_8_t *kv, u32 l_addr, u16 l_port, u32 r_addr, diff --git a/src/plugins/nat/nat44-ei/nat44_ei.c b/src/plugins/nat/nat44-ei/nat44_ei.c index e16625a2946..d1959f72ae7 100644 --- a/src/plugins/nat/nat44-ei/nat44_ei.c +++ b/src/plugins/nat/nat44-ei/nat44_ei.c @@ -21,6 +21,7 @@ #include #include #include +#include #include #include #include diff --git a/src/plugins/nat/nat44-ei/nat44_ei.h b/src/plugins/nat/nat44-ei/nat44_ei.h index b4aa0f26c0b..786fb0cfc2c 100644 --- a/src/plugins/nat/nat44-ei/nat44_ei.h +++ b/src/plugins/nat/nat44-ei/nat44_ei.h @@ -35,7 +35,6 @@ #include #include -#include #include /* default number of worker handoff frame queue elements */ diff --git a/src/plugins/nat/nat44-ei/nat44_ei_in2out.c b/src/plugins/nat/nat44-ei/nat44_ei_in2out.c index 3b981d69986..2fbf2832d5e 100644 --- a/src/plugins/nat/nat44-ei/nat44_ei_in2out.c +++ b/src/plugins/nat/nat44-ei/nat44_ei_in2out.c @@ -21,6 +21,7 @@ #include #include +#include #include #include #include diff --git a/src/plugins/nat/nat44-ei/nat44_ei_out2in.c b/src/plugins/nat/nat44-ei/nat44_ei_out2in.c index 5d91cb04f7c..805a6962868 100644 --- a/src/plugins/nat/nat44-ei/nat44_ei_out2in.c +++ b/src/plugins/nat/nat44-ei/nat44_ei_out2in.c @@ -21,6 +21,7 @@ #include #include +#include #include #include #include diff --git a/src/plugins/nat/nat64/nat64.c b/src/plugins/nat/nat64/nat64.c index 950eea60e5e..c59cfbbbd55 100644 --- a/src/plugins/nat/nat64/nat64.c +++ b/src/plugins/nat/nat64/nat64.c @@ -15,6 +15,7 @@ #include #include +#include #include #include diff --git a/src/plugins/nat/nat64/nat64.h b/src/plugins/nat/nat64/nat64.h index 9eb8d915390..2577880c7a4 100644 --- a/src/plugins/nat/nat64/nat64.h +++ b/src/plugins/nat/nat64/nat64.h @@ -30,7 +30,6 @@ #include #include -#include #include #include diff --git a/src/plugins/nat/nat64/nat64_db.c b/src/plugins/nat/nat64/nat64_db.c index e4e9febcb12..6ba77c58965 100644 --- a/src/plugins/nat/nat64/nat64_db.c +++ b/src/plugins/nat/nat64/nat64_db.c @@ -16,7 +16,6 @@ #include #include #include -#include #include int -- cgit 1.2.3-korg