map: fix DF[Don't fragment] ip4-map-t behaviour

author Vladimir Ratnikov <vratnikov@netgate.com>

Fri, 27 Sep 2019 07:26:49 +0000 (03:26 -0400)

committer Ole Trøan <otroan@employees.org>

Thu, 3 Oct 2019 09:51:52 +0000 (09:51 +0000)
author Vladimir Ratnikov <vratnikov@netgate.com>
Fri, 27 Sep 2019 07:26:49 +0000 (03:26 -0400)
committer Ole Trøan <otroan@employees.org>
Thu, 3 Oct 2019 09:51:52 +0000 (09:51 +0000)
diff --git a/src/plugins/map/ip4_map_t.c b/src/plugins/map/ip4_map_t.c

index 2ab1af9..621fb06 100644 (file)
--- a/src/plugins/map/ip4_map_t.c
+++ b/src/plugins/map/ip4_map_t.c
@@ -600,6 +600,17 @@ ip4_map_t (vlib_main_t * vm, vlib_node_runtime_t * node, vlib_frame_t * frame)
           pheader0->daddr.as_u64[1] =
             map_get_sfx_net (d0, ip40->dst_address.as_u32, (u16) dst_port0);
  
+         bool df0 =
+           ip40->flags_and_fragment_offset &
+           clib_host_to_net_u16 (IP4_HEADER_FLAG_DONT_FRAGMENT);
+
+         if (PREDICT_TRUE (ip4_is_first_fragment (ip40) && df0))
+           {
+             p0->error = error_node->errors[MAP_ERROR_FRAGMENT_DROPPED];
+             next0 = IP4_MAPT_NEXT_MAPT_FRAGMENTED;
+             goto exit;
+           }
+
           if (PREDICT_TRUE
               (error0 == MAP_ERROR_NONE && next0 != IP4_MAPT_NEXT_MAPT_ICMP))
             {
author	Vladimir Ratnikov <vratnikov@netgate.com>
	Fri, 27 Sep 2019 07:26:49 +0000 (03:26 -0400)
committer	Ole Trøan <otroan@employees.org>
	Thu, 3 Oct 2019 09:51:52 +0000 (09:51 +0000)