icmp46_header_t *icmp = (void *)(ip + 1);
if (icmp->type == ICMP4_echo_request || icmp->type == ICMP4_echo_reply) {
return *((u16 *)(icmp + 1));
- } else if (clib_net_to_host_u16(ip->length) >= 64) { // IP + ICMP + IP + L4 header
+ } else if (clib_net_to_host_u16(ip->length) >= 56) { // IP + ICMP + IP + L4 header
ip4_header_t *icmp_ip = (ip4_header_t *)(icmp + 2);
if (PREDICT_TRUE((icmp_ip->protocol == IP_PROTOCOL_TCP) ||
(icmp_ip->protocol == IP_PROTOCOL_UDP))) {
return (false);
}
+/*
+ * ip4_map_ttl
+ */
+static inline void
+ip4_map_decrement_ttl (ip4_header_t *ip, u8 *error)
+{
+ i32 ttl = ip->ttl;
+
+ /* Input node should have reject packets with ttl 0. */
+ ASSERT (ip->ttl > 0);
+
+ u32 checksum = ip->checksum + clib_host_to_net_u16(0x0100);
+ checksum += checksum >= 0xffff;
+ ip->checksum = checksum;
+ ttl -= 1;
+ ip->ttl = ttl;
+ *error = ttl <= 0 ? IP4_ERROR_TIME_EXPIRED : *error;
+
+ /* Verify checksum. */
+ ASSERT (ip->checksum == ip4_header_checksum(ip));
+}
+
/*
* ip4_map
*/
vlib_get_next_frame(vm, node, next_index, to_next, n_left_to_next);
/* Dual loop */
- while (n_left_from > 4 && n_left_to_next > 2) {
+ while (n_left_from >= 4 && n_left_to_next >= 2) {
u32 pi0, pi1;
vlib_buffer_t *p0, *p1;
map_domain_t *d0, *d1;
u64 dal61 = map_get_pfx(d1, da41, dp41);
u64 dar60 = map_get_sfx(d0, da40, dp40);
u64 dar61 = map_get_sfx(d1, da41, dp41);
- if (dal60 == 0 && dar60 == 0) error0 = MAP_ERROR_UNKNOWN;
- if (dal61 == 0 && dar61 == 0) error1 = MAP_ERROR_UNKNOWN;
+ if (dal60 == 0 && dar60 == 0) error0 = MAP_ERROR_NO_BINDING;
+ if (dal61 == 0 && dar61 == 0) error1 = MAP_ERROR_NO_BINDING;
/* construct ipv6 header */
vlib_buffer_advance(p0, - sizeof(ip6_header_t));
*/
port0 = ip4_map_port_and_security_check(d0, ip40, &next0, &error0);
+ /* Decrement IPv4 TTL */
+ ip4_map_decrement_ttl(ip40, &error0);
+
/* MAP calc */
u32 da40 = clib_net_to_host_u32(ip40->dst_address.as_u32);
u16 dp40 = clib_net_to_host_u16(port0);
u64 dal60 = map_get_pfx(d0, da40, dp40);
u64 dar60 = map_get_sfx(d0, da40, dp40);
- if (dal60 == 0 && dar60 == 0 && error0 == MAP_ERROR_NONE) error0 = MAP_ERROR_UNKNOWN;
+ if (dal60 == 0 && dar60 == 0 && error0 == MAP_ERROR_NONE) error0 = MAP_ERROR_NO_BINDING;
/* construct ipv6 header */
vlib_buffer_advance(p0, - (sizeof(ip6_header_t)));