Code Review
/
vpp.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
review
|
tree
raw
|
inline
| side by side
nat: harden ICMP handling
[vpp.git]
/
src
/
plugins
/
nat
/
nat44-ed
/
nat44_ed_out2in.c
diff --git
a/src/plugins/nat/nat44-ed/nat44_ed_out2in.c
b/src/plugins/nat/nat44-ed/nat44_ed_out2in.c
index
eaf8993
..
124b64e
100644
(file)
--- a/
src/plugins/nat/nat44-ed/nat44_ed_out2in.c
+++ b/
src/plugins/nat/nat44-ed/nat44_ed_out2in.c
@@
-1020,6
+1020,7
@@
nat44_ed_out2in_fast_path_node_fn_inline (vlib_main_t * vm,
nat_free_session_data (sm, s0, thread_index, 0);
nat_ed_session_delete (sm, s0, thread_index, 1);
next[0] = NAT_NEXT_DROP;
nat_free_session_data (sm, s0, thread_index, 0);
nat_ed_session_delete (sm, s0, thread_index, 1);
next[0] = NAT_NEXT_DROP;
+ b0->error = node->errors[NAT_OUT2IN_ED_ERROR_TRNSL_FAILED];
goto trace0;
}
}
goto trace0;
}
}
@@
-1027,9
+1028,10
@@
nat44_ed_out2in_fast_path_node_fn_inline (vlib_main_t * vm,
if (NAT_ED_TRNSL_ERR_SUCCESS !=
(translation_error = nat_6t_flow_buf_translate_o2i (
if (NAT_ED_TRNSL_ERR_SUCCESS !=
(translation_error = nat_6t_flow_buf_translate_o2i (
- sm, b0, ip0, f, proto0, 0 /* is_output_feature */)))
+
vm,
sm, b0, ip0, f, proto0, 0 /* is_output_feature */)))
{
next[0] = NAT_NEXT_DROP;
{
next[0] = NAT_NEXT_DROP;
+ b0->error = node->errors[NAT_OUT2IN_ED_ERROR_TRNSL_FAILED];
goto trace0;
}
goto trace0;
}
@@
-1183,8
+1185,11
@@
nat44_ed_out2in_slow_path_node_fn_inline (vlib_main_t * vm,
if (NAT_NEXT_DROP != next[0] && s0 &&
NAT_ED_TRNSL_ERR_SUCCESS !=
(translation_error = nat_6t_flow_buf_translate_o2i (
if (NAT_NEXT_DROP != next[0] && s0 &&
NAT_ED_TRNSL_ERR_SUCCESS !=
(translation_error = nat_6t_flow_buf_translate_o2i (
- sm, b0, ip0, &s0->o2i, proto0, 0 /* is_output_feature */)))
+ vm, sm, b0, ip0, &s0->o2i, proto0,
+ 0 /* is_output_feature */)))
{
{
+ next[0] = NAT_NEXT_DROP;
+ b0->error = node->errors[NAT_OUT2IN_ED_ERROR_TRNSL_FAILED];
goto trace0;
}
goto trace0;
}
@@
-1202,8
+1207,11
@@
nat44_ed_out2in_slow_path_node_fn_inline (vlib_main_t * vm,
if (NAT_NEXT_DROP != next[0] && s0 &&
NAT_ED_TRNSL_ERR_SUCCESS !=
(translation_error = nat_6t_flow_buf_translate_o2i (
if (NAT_NEXT_DROP != next[0] && s0 &&
NAT_ED_TRNSL_ERR_SUCCESS !=
(translation_error = nat_6t_flow_buf_translate_o2i (
- sm, b0, ip0, &s0->o2i, proto0, 0 /* is_output_feature */)))
+ vm, sm, b0, ip0, &s0->o2i, proto0,
+ 0 /* is_output_feature */)))
{
{
+ next[0] = NAT_NEXT_DROP;
+ b0->error = node->errors[NAT_OUT2IN_ED_ERROR_TRNSL_FAILED];
goto trace0;
}
goto trace0;
}
@@
-1312,7
+1320,7
@@
nat44_ed_out2in_slow_path_node_fn_inline (vlib_main_t * vm,
if (NAT_ED_TRNSL_ERR_SUCCESS !=
(translation_error = nat_6t_flow_buf_translate_o2i (
if (NAT_ED_TRNSL_ERR_SUCCESS !=
(translation_error = nat_6t_flow_buf_translate_o2i (
- sm, b0, ip0, &s0->o2i, proto0, 0 /* is_output_feature */)))
+
vm,
sm, b0, ip0, &s0->o2i, proto0, 0 /* is_output_feature */)))
{
next[0] = NAT_NEXT_DROP;
goto trace0;
{
next[0] = NAT_NEXT_DROP;
goto trace0;