ip: translate fragmented icmp to fragmented icmp6
The first translated ICMPv6 packet of a fragmented ICMP message does
not have a IPv6 fragment header. All subsequent have.
With this commit, add a IPv6 fragment header to the first translated
ICMPv6 packet.
Type: fix
Change-Id: Id89409ce7273cbeed801e2e18a09d3e7c3c4e4bc
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
diff --git a/src/plugins/map/test/test_map.py b/src/plugins/map/test/test_map.py
index 845d1d3..123fb54 100644
--- a/src/plugins/map/test/test_map.py
+++ b/src/plugins/map/test/test_map.py
@@ -12,7 +12,8 @@
from scapy.layers.l2 import Ether
from scapy.packet import Raw
from scapy.layers.inet import IP, UDP, ICMP, TCP
-from scapy.layers.inet6 import IPv6, ICMPv6TimeExceeded, IPv6ExtHdrFragment
+from scapy.layers.inet6 import IPv6, ICMPv6TimeExceeded, IPv6ExtHdrFragment, \
+ ICMPv6EchoRequest
class TestMAP(VppTestCase):
@@ -597,7 +598,7 @@
p6 = (p_ether6 / p_ip6 / payload)
self.send_and_assert_no_replies(self.pg1, p6*1)
- # Packet fragmentation
+ # UDP packet fragmentation
payload_len = 1453
payload = UDP(sport=40000, dport=4000) / self.payload(payload_len)
p4 = (p_ether / p_ip4 / payload)
@@ -613,7 +614,7 @@
self.validate_frag_payload_len(rx, UDP, payload_len)
- # Packet fragmentation send fragments
+ # UDP packet fragmentation send fragments
payload = UDP(sport=40000, dport=4000) / self.payload(payload_len)
p4 = (p_ether / p_ip4 / payload)
frags = fragment_rfc791(p4, fragsize=1000)
@@ -627,10 +628,34 @@
self.validate_frag_payload_len(rx, UDP, payload_len)
- # reass_pkt = reassemble(rx)
- # p4_reply.ttl -= 1
- # p4_reply.id = 256
- # self.validate(reass_pkt, p4_reply)
+ # ICMP packet fragmentation
+ payload = ICMP(id=6529) / self.payload(payload_len)
+ p4 = (p_ether / p_ip4 / payload)
+ self.pg_enable_capture()
+ self.pg0.add_stream(p4)
+ self.pg_start()
+ rx = self.pg1.get_capture(2)
+
+ p_ip6_translated = IPv6(src='1234:5678:90ab:cdef:ac:1001:200:0',
+ dst='2001:db8:160::c0a8:1:6')
+ for p in rx:
+ self.validate_frag(p, p_ip6_translated)
+
+ self.validate_frag_payload_len(rx, ICMPv6EchoRequest, payload_len)
+
+ # ICMP packet fragmentation send fragments
+ payload = ICMP(id=6529) / self.payload(payload_len)
+ p4 = (p_ether / p_ip4 / payload)
+ frags = fragment_rfc791(p4, fragsize=1000)
+ self.pg_enable_capture()
+ self.pg0.add_stream(frags)
+ self.pg_start()
+ rx = self.pg1.get_capture(2)
+
+ for p in rx:
+ self.validate_frag(p, p_ip6_translated)
+
+ self.validate_frag_payload_len(rx, ICMPv6EchoRequest, payload_len)
# TCP MSS clamping
self.vapi.map_param_set_tcp(1300)
diff --git a/src/vnet/ip/ip4_to_ip6.h b/src/vnet/ip/ip4_to_ip6.h
index e78985b..a6d87f1 100644
--- a/src/vnet/ip/ip4_to_ip6.h
+++ b/src/vnet/ip/ip4_to_ip6.h
@@ -226,8 +226,10 @@
icmp46_header_t *icmp;
ip_csum_t csum;
ip6_frag_hdr_t *inner_frag;
+ ip6_frag_hdr_t *outer_frag= NULL;
u32 inner_frag_id;
u32 inner_frag_offset;
+ u32 outer_frag_id;
u8 inner_frag_more;
u16 *inner_L4_checksum = 0;
int rv;
@@ -397,8 +399,20 @@
}
else
{
- vlib_buffer_advance (p, sizeof (*ip4) - sizeof (*ip6));
- ip6 = vlib_buffer_get_current (p);
+ if (PREDICT_FALSE (ip4->flags_and_fragment_offset &
+ clib_host_to_net_u16 (IP4_HEADER_FLAG_MORE_FRAGMENTS)))
+ {
+ vlib_buffer_advance (p, sizeof (*ip4) - sizeof (*ip6) -
+ sizeof (*outer_frag));
+ ip6 = vlib_buffer_get_current (p);
+ outer_frag = (ip6_frag_hdr_t *) (ip6 + 1);
+ outer_frag_id = frag_id_4to6 (ip4->fragment_id);
+ }
+ else
+ {
+ vlib_buffer_advance (p, sizeof (*ip4) - sizeof (*ip6));
+ ip6 = vlib_buffer_get_current (p);
+ }
ip6->payload_length =
clib_host_to_net_u16 (clib_net_to_host_u16 (ip4->length) -
sizeof (*ip4));
@@ -414,6 +428,17 @@
if ((rv = fn (p, ip4, ip6, ctx)) != 0)
return rv;
+ if (PREDICT_FALSE (outer_frag != NULL))
+ {
+ outer_frag->next_hdr = ip6->protocol;
+ outer_frag->identification = outer_frag_id;
+ outer_frag->rsv = 0;
+ outer_frag->fragment_offset_and_more = ip6_frag_hdr_offset_and_more (0, 1);
+ ip6->protocol = IP_PROTOCOL_IPV6_FRAGMENTATION;
+ ip6->payload_length = u16_net_add (ip6->payload_length,
+ sizeof (*outer_frag));
+ }
+
//Truncate when ICMPv6 error message exceeds the minimal IPv6 MTU
if (p->current_length > 1280 && icmp->type < 128)
{