From 282093f1fe783b5d36a014d4495995cd64e2e3fb Mon Sep 17 00:00:00 2001 From: Ole Troan Date: Wed, 19 Sep 2018 12:38:51 +0200 Subject: IPIP and IPv6 fragmentation - Error where ICMPv6 error code doesn't reset VLIB_TX = -1 Leading to crash for ICMP generated on tunnelled packets - Missed setting VNET_BUFFER_F_LOCALLY_ORIGINATED, so IP in IPv6 packets never got fragmented. - Add support for fragmentation of buffer chains. - Remove support for inner fragmentation in frag code itself. Change-Id: If9a97301b7e35ca97ffa5c0fada2b9e7e7dbfb27 Signed-off-by: Ole Troan --- src/vnet/ipip/ipip.c | 4 ++++ src/vnet/ipip/node.c | 8 ++++++++ 2 files changed, 12 insertions(+) (limited to 'src/vnet/ipip') diff --git a/src/vnet/ipip/ipip.c b/src/vnet/ipip/ipip.c index c49be099d9a..718463d7352 100644 --- a/src/vnet/ipip/ipip.c +++ b/src/vnet/ipip/ipip.c @@ -138,6 +138,10 @@ ipip6_fixup (vlib_main_t * vm, ip_adjacency_t * adj, vlib_buffer_t * b, ip6_header_t *ip6; const ipip_tunnel_t *t = data; + /* Must set locally originated otherwise we're not allowed to + fragment the packet later */ + b->flags |= VNET_BUFFER_F_LOCALLY_ORIGINATED; + ip6 = vlib_buffer_get_current (b); ip6->payload_length = clib_host_to_net_u16 (vlib_buffer_length_in_chain (vm, b) - diff --git a/src/vnet/ipip/node.c b/src/vnet/ipip/node.c index 60d6223d5f3..6171d3e5d71 100644 --- a/src/vnet/ipip/node.c +++ b/src/vnet/ipip/node.c @@ -99,6 +99,14 @@ ipip_input (vlib_main_t * vm, vlib_node_runtime_t * node, if (is_ipv6) { ip60 = vlib_buffer_get_current (b0); + /* Check for outer fragmentation */ + if (ip60->protocol == IP_PROTOCOL_IPV6_FRAGMENTATION) + { + next0 = IPIP_INPUT_NEXT_DROP; + b0->error = node->errors[IPIP_ERROR_FRAGMENTED_PACKET]; + goto drop; + } + vlib_buffer_advance (b0, sizeof (*ip60)); ip_set (&src0, &ip60->src_address, false); ip_set (&dst0, &ip60->dst_address, false); -- cgit 1.2.3-korg