IP ttl check in ip4-input missing for single packet path.

author Ole Troan <ot@cisco.com>

Fri, 28 Sep 2018 12:27:24 +0000 (14:27 +0200)

committer Ole Troan <ot@cisco.com>

Fri, 28 Sep 2018 12:27:24 +0000 (14:27 +0200)
author Ole Troan <ot@cisco.com>
Fri, 28 Sep 2018 12:27:24 +0000 (14:27 +0200)
committer Ole Troan <ot@cisco.com>
Fri, 28 Sep 2018 12:27:24 +0000 (14:27 +0200)
diff --git a/src/vnet/ip/ip4_input.h b/src/vnet/ip/ip4_input.h

index 880896e..5df2154 100644 (file)
--- a/src/vnet/ip/ip4_input.h
+++ b/src/vnet/ip/ip4_input.h
@@ -290,6 +290,9 @@ ip4_input_check_x1 (vlib_main_t * vm,
  
    check_ver_opt_csum (ip0, &error0, verify_checksum);
  
+  if (PREDICT_FALSE (ip0->ttl < 1))
+    error0 = IP4_ERROR_TIME_EXPIRED;
+
    /* Drop fragmentation offset 1 packets. */
    error0 = ip4_get_fragment_offset (ip0) == 1 ?
      IP4_ERROR_FRAGMENT_OFFSET_ONE : error0;
author	Ole Troan <ot@cisco.com>
	Fri, 28 Sep 2018 12:27:24 +0000 (14:27 +0200)
committer	Ole Troan <ot@cisco.com>
	Fri, 28 Sep 2018 12:27:24 +0000 (14:27 +0200)