Code Review
/
vpp.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
review
|
tree
raw
|
inline
| side by side
MAP: Add check for well known ports.
[vpp.git]
/
src
/
plugins
/
map
/
ip4_map_t.c
diff --git
a/src/plugins/map/ip4_map_t.c
b/src/plugins/map/ip4_map_t.c
index
c6b0912
..
a64b767
100644
(file)
--- a/
src/plugins/map/ip4_map_t.c
+++ b/
src/plugins/map/ip4_map_t.c
@@
-736,6
+736,14
@@
ip4_map_t (vlib_main_t * vm, vlib_node_runtime_t * node, vlib_frame_t * frame)
ip4_map_t_classify (p0, d0, ip40, ip4_len0, &map_port0, &error0,
&next0);
ip4_map_t_classify (p0, d0, ip40, ip4_len0, &map_port0, &error0,
&next0);
+ /* Verify that port is not among the well-known ports */
+ if ((d0->psid_length > 0 && d0->psid_offset > 0)
+ && (clib_net_to_host_u16 (map_port0) <
+ (0x1 << (16 - d0->psid_offset))))
+ {
+ error0 = MAP_ERROR_SEC_CHECK;
+ }
+
//Add MAP-T pseudo header in front of the packet
vlib_buffer_advance (p0, -sizeof (*pheader0));
pheader0 = vlib_buffer_get_current (p0);
//Add MAP-T pseudo header in front of the packet
vlib_buffer_advance (p0, -sizeof (*pheader0));
pheader0 = vlib_buffer_get_current (p0);