map: handle ip4 ttl=1 packets in map-t

With this commit, ICMP Time Exceeded is sent to sender when TTL expires at MAP BR. Type: fix Change-Id: I8effe163beab32596883127b819308cc355512c3 Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
2020-01-23 08:09:40 -05:00
parent 78b58f65f1
commit 56817e2c48
3 changed files with 20 additions and 10 deletions
--- a/src/plugins/map/ip4_map_t.c
+++ b/src/plugins/map/ip4_map_t.c
@ -578,6 +578,16 @@ ip4_map_t (vlib_main_t * vm, vlib_node_runtime_t * node, vlib_frame_t * frame)

 	  dst_port0 = -1;

+	  if (PREDICT_FALSE (ip40->ttl == 1))
+	    {
+	      icmp4_error_set_vnet_buffer (p0, ICMP4_time_exceeded,
+					   ICMP4_time_exceeded_ttl_exceeded_in_transit,
+					   0);
+	      p0->error = error_node->errors[MAP_ERROR_TIME_EXCEEDED];
+	      next0 = IP4_MAPT_NEXT_ICMP_ERROR;
+	      goto trace;
+	    }
+
 	  bool df0 =
 	    ip40->flags_and_fragment_offset &
 	    clib_host_to_net_u16 (IP4_HEADER_FLAG_DONT_FRAGMENT);
--- a/src/plugins/map/map.h
+++ b/src/plugins/map/map.h
@ -225,7 +225,8 @@ typedef struct
 _(FRAGMENT_MALFORMED, "fragment has unexpected format")\
 _(FRAGMENT_DROPPED, "dropped cached fragment")         \
 _(MALFORMED, "malformed packet")			\
- _(DF_SET, "can't fragment, DF set")
+ _(DF_SET, "can't fragment, DF set")			\
+ _(TIME_EXCEEDED, "time exceeded")			\

 typedef enum
 {
--- a/src/plugins/map/test/test_map.py
+++ b/src/plugins/map/test/test_map.py
@ -543,7 +543,7 @@ class TestMAP(VppTestCase):
        for p in rx:
            self.validate(p[1], p4_translated)

-        # IPv4 TTL
+        # IPv4 TTL=0
        ip4_ttl_expired = IP(src=self.pg0.remote_ip4, dst='192.168.0.1', ttl=0)
        p4 = (p_ether / ip4_ttl_expired / payload)

@ -557,20 +557,19 @@ class TestMAP(VppTestCase):
        for p in rx:
            self.validate(p[1], icmp4_reply)

-        '''
-        This one is broken, cause it would require hairpinning...
-        # IPv4 TTL TTL1
+        # IPv4 TTL=1
        ip4_ttl_expired = IP(src=self.pg0.remote_ip4, dst='192.168.0.1', ttl=1)
        p4 = (p_ether / ip4_ttl_expired / payload)

-        icmp4_reply = IP(id=0, ttl=254, src=self.pg0.local_ip4,
-        dst=self.pg0.remote_ip4) / \
-        ICMP(type='time-exceeded', code='ttl-zero-during-transit' ) / \
-        IP(src=self.pg0.remote_ip4, dst='192.168.0.1', ttl=0) / payload
+        icmp4_reply = (IP(id=0, ttl=254, src=self.pg0.local_ip4,
+                          dst=self.pg0.remote_ip4) /
+                       ICMP(type='time-exceeded',
+                            code='ttl-zero-during-transit') /
+                       IP(src=self.pg0.remote_ip4,
+                          dst='192.168.0.1', ttl=1) / payload)
        rx = self.send_and_expect(self.pg0, p4*1, self.pg0)
        for p in rx:
            self.validate(p[1], icmp4_reply)
-        '''

        # IPv6 Hop limit
        ip6_hlim_expired = IPv6(hlim=0, src='2001:db8:1ab::c0a8:1:ab',