- ICMP6: Add generic ICMP6 error node. Caller sets code/type fields.

[vpp.git] / vnet / vnet / map / ip4_map.c

diff --git a/vnet/vnet/map/ip4_map.c b/vnet/vnet/map/ip4_map.c
index 559275e..343b57d 100644 (file)
--- a/vnet/vnet/map/ip4_map.c
+++ b/vnet/vnet/map/ip4_map.c
@@ -76,7 +76,7 @@ ip4_map_get_port (ip4_header_t *ip, map_dir_e dir)
     icmp46_header_t *icmp = (void *)(ip + 1);
     if (icmp->type == ICMP4_echo_request || icmp->type == ICMP4_echo_reply) {
       return *((u16 *)(icmp + 1));
-    } else if (clib_net_to_host_u16(ip->length) >= 64) { // IP + ICMP + IP + L4 header
+    } else if (clib_net_to_host_u16(ip->length) >= 56) { // IP + ICMP + IP + L4 header
       ip4_header_t *icmp_ip = (ip4_header_t *)(icmp + 2);
       if (PREDICT_TRUE((icmp_ip->protocol == IP_PROTOCOL_TCP) ||
                       (icmp_ip->protocol == IP_PROTOCOL_UDP))) {
@@ -155,6 +155,28 @@ ip4_map_ip6_lookup_bypass (vlib_buffer_t *p0, ip4_header_t *ip)
   return (false);
 }
 
+/*
+ * ip4_map_ttl
+ */
+static inline void
+ip4_map_decrement_ttl (ip4_header_t *ip, u8 *error)
+{
+  i32 ttl = ip->ttl;
+
+  /* Input node should have reject packets with ttl 0. */
+  ASSERT (ip->ttl > 0);
+
+  u32 checksum = ip->checksum + clib_host_to_net_u16(0x0100);
+  checksum += checksum >= 0xffff;
+  ip->checksum = checksum;
+  ttl -= 1;
+  ip->ttl = ttl;
+  *error = ttl <= 0 ? IP4_ERROR_TIME_EXPIRED : *error;
+
+  /* Verify checksum. */
+  ASSERT (ip->checksum == ip4_header_checksum(ip));
+}
+
 /*
  * ip4_map
  */
@@ -176,7 +198,7 @@ ip4_map (vlib_main_t *vm,
     vlib_get_next_frame(vm, node, next_index, to_next, n_left_to_next);
 
     /* Dual loop */
-    while (n_left_from > 4 && n_left_to_next > 2) {
+    while (n_left_from >= 4 && n_left_to_next >= 2) {
       u32 pi0, pi1;
       vlib_buffer_t *p0, *p1;
       map_domain_t *d0, *d1;
@@ -234,8 +256,8 @@ ip4_map (vlib_main_t *vm,
       u64 dal61 = map_get_pfx(d1, da41, dp41);
       u64 dar60 = map_get_sfx(d0, da40, dp40);
       u64 dar61 = map_get_sfx(d1, da41, dp41);
-      if (dal60 == 0 && dar60 == 0) error0 = MAP_ERROR_UNKNOWN;
-      if (dal61 == 0 && dar61 == 0) error1 = MAP_ERROR_UNKNOWN;
+      if (dal60 == 0 && dar60 == 0) error0 = MAP_ERROR_NO_BINDING;
+      if (dal61 == 0 && dar61 == 0) error1 = MAP_ERROR_NO_BINDING;
 
       /* construct ipv6 header */
       vlib_buffer_advance(p0, - sizeof(ip6_header_t));
@@ -345,12 +367,15 @@ ip4_map (vlib_main_t *vm,
        */
       port0 = ip4_map_port_and_security_check(d0, ip40, &next0, &error0);
 
+      /* Decrement IPv4 TTL */
+      ip4_map_decrement_ttl(ip40, &error0);
+
       /* MAP calc */
       u32 da40 = clib_net_to_host_u32(ip40->dst_address.as_u32);
       u16 dp40 = clib_net_to_host_u16(port0);
       u64 dal60 = map_get_pfx(d0, da40, dp40);
       u64 dar60 = map_get_sfx(d0, da40, dp40);
-      if (dal60 == 0 && dar60 == 0 && error0 == MAP_ERROR_NONE) error0 = MAP_ERROR_UNKNOWN;
+      if (dal60 == 0 && dar60 == 0 && error0 == MAP_ERROR_NONE) error0 = MAP_ERROR_NO_BINDING;
 
       /* construct ipv6 header */
       vlib_buffer_advance(p0, - (sizeof(ip6_header_t)));