X-Git-Url: https://gerrit.fd.io/r/gitweb?a=blobdiff_plain;f=src%2Fvnet%2Fip%2Ficmp6.c;h=37deb762d515d78c04284c2f5db523cc311c1c66;hb=2af0e3a;hp=6ebdef4745edd7488c5d9a922c77a34bbfa73969;hpb=da6e11b47d47c764b11304524de559dda0d0d223;p=vpp.git diff --git a/src/vnet/ip/icmp6.c b/src/vnet/ip/icmp6.c index 6ebdef4745e..37deb762d51 100644 --- a/src/vnet/ip/icmp6.c +++ b/src/vnet/ip/icmp6.c @@ -524,14 +524,24 @@ ip6_icmp_error (vlib_main_t * vm, { b = vlib_get_buffer (vm, b->next_buffer); b->current_length = 0; + // XXX: Buffer leak??? } } /* Add IP header and ICMPv6 header including a 4 byte data field */ - vlib_buffer_advance (p0, - -sizeof (ip6_header_t) - - sizeof (icmp46_header_t) - 4); + int headroom = sizeof (ip6_header_t) + sizeof (icmp46_header_t) + 4; + /* Verify that we're not falling off the edge */ + if (p0->current_data - headroom < -VLIB_BUFFER_PRE_DATA_SIZE) + { + next0 = IP6_ICMP_ERROR_NEXT_DROP; + error0 = ICMP6_ERROR_DROP; + goto error; + } + + vlib_buffer_advance (p0, -headroom); + vnet_buffer (p0)->sw_if_index[VLIB_TX] = ~0; + p0->flags |= VNET_BUFFER_F_LOCALLY_ORIGINATED; p0->current_length = p0->current_length > 1280 ? 1280 : p0->current_length; @@ -561,6 +571,7 @@ ip6_icmp_error (vlib_main_t * vm, { next0 = IP6_ICMP_ERROR_NEXT_DROP; error0 = ICMP6_ERROR_DROP; + goto error; } /* Fill icmp header fields */ @@ -573,11 +584,11 @@ ip6_icmp_error (vlib_main_t * vm, ip6_tcp_udp_icmp_compute_checksum (vm, p0, out_ip0, &bogus_length); - - /* Update error status */ if (error0 == ICMP6_ERROR_NONE) error0 = icmp6_icmp_type_to_error (icmp0->type); + + error: vlib_error_count (vm, node->node_index, error0, 1); /* Verify speculative enqueue, maybe switch current next frame */ @@ -602,7 +613,7 @@ VLIB_REGISTER_NODE (ip6_icmp_error_node) = { .n_next_nodes = IP6_ICMP_ERROR_N_NEXT, .next_nodes = { - [IP6_ICMP_ERROR_NEXT_DROP] = "ip6-drop", + [IP6_ICMP_ERROR_NEXT_DROP] = "error-drop", [IP6_ICMP_ERROR_NEXT_LOOKUP] = "ip6-lookup", }, @@ -775,24 +786,25 @@ icmp6_init (vlib_main_t * vm) foreach_icmp6_code; #undef _ - memset (cm->input_next_index_by_type, - ICMP_INPUT_NEXT_DROP, sizeof (cm->input_next_index_by_type)); - memset (cm->max_valid_code_by_type, 0, sizeof (cm->max_valid_code_by_type)); + clib_memset (cm->input_next_index_by_type, + ICMP_INPUT_NEXT_DROP, sizeof (cm->input_next_index_by_type)); + clib_memset (cm->max_valid_code_by_type, 0, + sizeof (cm->max_valid_code_by_type)); #define _(a,n,t) cm->max_valid_code_by_type[ICMP6_##a] = clib_max (cm->max_valid_code_by_type[ICMP6_##a], n); foreach_icmp6_code; #undef _ - memset (cm->min_valid_hop_limit_by_type, 0, - sizeof (cm->min_valid_hop_limit_by_type)); + clib_memset (cm->min_valid_hop_limit_by_type, 0, + sizeof (cm->min_valid_hop_limit_by_type)); cm->min_valid_hop_limit_by_type[ICMP6_router_solicitation] = 255; cm->min_valid_hop_limit_by_type[ICMP6_router_advertisement] = 255; cm->min_valid_hop_limit_by_type[ICMP6_neighbor_solicitation] = 255; cm->min_valid_hop_limit_by_type[ICMP6_neighbor_advertisement] = 255; cm->min_valid_hop_limit_by_type[ICMP6_redirect] = 255; - memset (cm->min_valid_length_by_type, sizeof (icmp46_header_t), - sizeof (cm->min_valid_length_by_type)); + clib_memset (cm->min_valid_length_by_type, sizeof (icmp46_header_t), + sizeof (cm->min_valid_length_by_type)); cm->min_valid_length_by_type[ICMP6_router_solicitation] = sizeof (icmp6_neighbor_discovery_header_t); cm->min_valid_length_by_type[ICMP6_router_advertisement] =