Code Review / vpp.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
nat: harden ICMP handling
[vpp.git] / src / plugins / nat / nat44-ed / nat44_ed_out2in.c
diff --git a/src/plugins/nat/nat44-ed/nat44_ed_out2in.c b/src/plugins/nat/nat44-ed/nat44_ed_out2in.c
index eaf8993..124b64e 100644 (file)
--- a/src/plugins/nat/nat44-ed/nat44_ed_out2in.c
+++ b/src/plugins/nat/nat44-ed/nat44_ed_out2in.c
@@ -1020,6 +1020,7 @@ nat44_ed_out2in_fast_path_node_fn_inline (vlib_main_t * vm,
                  nat_free_session_data (sm, s0, thread_index, 0);
                  nat_ed_session_delete (sm, s0, thread_index, 1);
                  next[0] = NAT_NEXT_DROP;
+                 b0->error = node->errors[NAT_OUT2IN_ED_ERROR_TRNSL_FAILED];
                  goto trace0;
                }
            }
@@ -1027,9 +1028,10 @@ nat44_ed_out2in_fast_path_node_fn_inline (vlib_main_t * vm,
 
       if (NAT_ED_TRNSL_ERR_SUCCESS !=
          (translation_error = nat_6t_flow_buf_translate_o2i (
-            sm, b0, ip0, f, proto0, 0 /* is_output_feature */)))
+            vm, sm, b0, ip0, f, proto0, 0 /* is_output_feature */)))
        {
          next[0] = NAT_NEXT_DROP;
+         b0->error = node->errors[NAT_OUT2IN_ED_ERROR_TRNSL_FAILED];
          goto trace0;
        }
 
@@ -1183,8 +1185,11 @@ nat44_ed_out2in_slow_path_node_fn_inline (vlib_main_t * vm,
          if (NAT_NEXT_DROP != next[0] && s0 &&
              NAT_ED_TRNSL_ERR_SUCCESS !=
                (translation_error = nat_6t_flow_buf_translate_o2i (
-                  sm, b0, ip0, &s0->o2i, proto0, 0 /* is_output_feature */)))
+                  vm, sm, b0, ip0, &s0->o2i, proto0,
+                  0 /* is_output_feature */)))
            {
+             next[0] = NAT_NEXT_DROP;
+             b0->error = node->errors[NAT_OUT2IN_ED_ERROR_TRNSL_FAILED];
              goto trace0;
            }
 
@@ -1202,8 +1207,11 @@ nat44_ed_out2in_slow_path_node_fn_inline (vlib_main_t * vm,
          if (NAT_NEXT_DROP != next[0] && s0 &&
              NAT_ED_TRNSL_ERR_SUCCESS !=
                (translation_error = nat_6t_flow_buf_translate_o2i (
-                  sm, b0, ip0, &s0->o2i, proto0, 0 /* is_output_feature */)))
+                  vm, sm, b0, ip0, &s0->o2i, proto0,
+                  0 /* is_output_feature */)))
            {
+             next[0] = NAT_NEXT_DROP;
+             b0->error = node->errors[NAT_OUT2IN_ED_ERROR_TRNSL_FAILED];
              goto trace0;
            }
 
@@ -1312,7 +1320,7 @@ nat44_ed_out2in_slow_path_node_fn_inline (vlib_main_t * vm,
 
       if (NAT_ED_TRNSL_ERR_SUCCESS !=
          (translation_error = nat_6t_flow_buf_translate_o2i (
-            sm, b0, ip0, &s0->o2i, proto0, 0 /* is_output_feature */)))
+            vm, sm, b0, ip0, &s0->o2i, proto0, 0 /* is_output_feature */)))
        {
          next[0] = NAT_NEXT_DROP;
          goto trace0;
Vector Packet Processing