Code Review / vpp.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
nat: harden ICMP handling
[vpp.git] / src / plugins / nat / nat44-ed / nat44_ed_in2out.c
diff --git a/src/plugins/nat/nat44-ed/nat44_ed_in2out.c b/src/plugins/nat/nat44-ed/nat44_ed_in2out.c
index bfabdbd..ead5685 100644 (file)
--- a/src/plugins/nat/nat44-ed/nat44_ed_in2out.c
+++ b/src/plugins/nat/nat44-ed/nat44_ed_in2out.c
@@ -1177,16 +1177,18 @@ nat44_ed_in2out_fast_path_node_fn_inline (vlib_main_t *vm,
          nat_free_session_data (sm, s0, thread_index, 0);
          nat_ed_session_delete (sm, s0, thread_index, 1);
          next[0] = NAT_NEXT_DROP;
+         b0->error = node->errors[NAT_IN2OUT_ED_ERROR_TRNSL_FAILED];
          goto trace0;
        }
 
       if (NAT_ED_TRNSL_ERR_SUCCESS !=
          (translation_error = nat_6t_flow_buf_translate_i2o (
-            sm, b0, ip0, f, proto0, is_output_feature)))
+            vm, sm, b0, ip0, f, proto0, is_output_feature)))
        {
          nat_free_session_data (sm, s0, thread_index, 0);
          nat_ed_session_delete (sm, s0, thread_index, 1);
          next[0] = NAT_NEXT_DROP;
+         b0->error = node->errors[NAT_IN2OUT_ED_ERROR_TRNSL_FAILED];
          goto trace0;
        }
 
@@ -1330,8 +1332,12 @@ nat44_ed_in2out_slow_path_node_fn_inline (vlib_main_t *vm,
          if (NAT_NEXT_DROP != next[0] && s0 &&
              NAT_ED_TRNSL_ERR_SUCCESS !=
                (translation_error = nat_6t_flow_buf_translate_i2o (
-                  sm, b0, ip0, &s0->i2o, proto0, is_output_feature)))
+                  vm, sm, b0, ip0, &s0->i2o, proto0, is_output_feature)))
            {
+             nat_free_session_data (sm, s0, thread_index, 0);
+             nat_ed_session_delete (sm, s0, thread_index, 1);
+             next[0] = NAT_NEXT_DROP;
+             b0->error = node->errors[NAT_IN2OUT_ED_ERROR_TRNSL_FAILED];
              goto trace0;
            }
 
@@ -1348,8 +1354,12 @@ nat44_ed_in2out_slow_path_node_fn_inline (vlib_main_t *vm,
          if (NAT_NEXT_DROP != next[0] && s0 &&
              NAT_ED_TRNSL_ERR_SUCCESS !=
                (translation_error = nat_6t_flow_buf_translate_i2o (
-                  sm, b0, ip0, &s0->i2o, proto0, is_output_feature)))
+                  vm, sm, b0, ip0, &s0->i2o, proto0, is_output_feature)))
            {
+             nat_free_session_data (sm, s0, thread_index, 0);
+             nat_ed_session_delete (sm, s0, thread_index, 1);
+             next[0] = NAT_NEXT_DROP;
+             b0->error = node->errors[NAT_IN2OUT_ED_ERROR_TRNSL_FAILED];
              goto trace0;
            }
 
@@ -1425,11 +1435,12 @@ nat44_ed_in2out_slow_path_node_fn_inline (vlib_main_t *vm,
 
       if (NAT_ED_TRNSL_ERR_SUCCESS !=
          (translation_error = nat_6t_flow_buf_translate_i2o (
-            sm, b0, ip0, &s0->i2o, proto0, is_output_feature)))
+            vm, sm, b0, ip0, &s0->i2o, proto0, is_output_feature)))
        {
          nat_free_session_data (sm, s0, thread_index, 0);
          nat_ed_session_delete (sm, s0, thread_index, 1);
-         s0 = NULL;
+         next[0] = NAT_NEXT_DROP;
+         b0->error = node->errors[NAT_IN2OUT_ED_ERROR_TRNSL_FAILED];
          goto trace0;
        }
 
Vector Packet Processing