#15 : decrease packet lifetime and drop expired packet

ulb.c

@@ -128,6 +128,7 @@ int xdp_prog(struct xdp_md *ctx) {
                 return XDP_PASS;
             case INVALID_IP_SIZE :
             case TOO_SMALL_IP_HEADER:
+            case LIFETIME_EXPIRED:
                 log(WARNING, ctx, res, &logEvent);
                 return XDP_DROP;
             default :
@@ -202,7 +203,7 @@ int xdp_prog(struct xdp_md *ctx) {
             copy_ip_addr(&new_addr, rsIp);
             copy_ip_addr(daddr, rsIp); // use real server IP address as destination
 
-            // TODO #15 we should probably decrement ttl too
+            decrease_packet_lifetime(eth);
         }
     } else {
         // Is it egress traffic ? source ip == a real server IP
@@ -251,7 +252,7 @@ int xdp_prog(struct xdp_md *ctx) {
                 copy_ip_addr(&new_addr,vsIp);
                 copy_ip_addr(saddr,vsIp); // use virtual server IP address as source
 
-                // TODO #15 we should probably decrement ttl too
+                decrease_packet_lifetime(eth);
             }
         } else {
             // neither ingress(destIP=VirtualServerIP) nor egress(sourceIP=RealServerIP) traffic

ulb.py

@@ -190,7 +190,8 @@ class LogCode(Enum):
     INVALID_UDP_SIZE            = "{} <─> {} Invalid size for UDP packet", Direction.UNKNOWN, Kind.UNCHANGED
     NO_VIRTUAL_SERVER           = "{} <─> {} No virtual server configured", Direction.UNKNOWN, Kind.UNCHANGED
     UNHANDLED_TRAFFIC           = "{} <─> {} Unhandled traffic", Direction.UNKNOWN, Kind.UNCHANGED
-
+    LIFETIME_EXPIRED            = "{} <-> {} TTL or hoplimit expired", Direction.UNKNOWN, Kind.UNCHANGED
+
     INGRESS_NOT_HANDLED_PORT    = "{} ──> {} Unhandled port", Direction.INGRESS, Kind.UNCHANGED
     INGRESS_CANNOT_CREATE_ASSO  = "{} ──> {} Unable to create association", Direction.INGRESS, Kind.UNCHANGED
     INGRESS_CANNOT_CREATE_ASSO2 = "{} ──> {} Unable to create association (MUST not happened", Direction.INGRESS, Kind.UNCHANGED

ulb_ipv4.c

@@ -57,7 +57,11 @@ static inline int parse_ip_header(struct ethhdr * eth, void * data_end, struct u
     if (iph->frag_off & IP_FRAGMENTED) {
         return FRAGMENTED_IP_PACKET;
     }
-    // TODO #15 we should drop packet with ttl = 0 for ipv4
+
+    // handle packet lifetime : https://tools.ietf.org/html/rfc791
+    if (iph->ttl <= 0)
+    	return LIFETIME_EXPIRED;
+    // TODO #15 we should maybe send an ICMP packet
 
     // https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/include/uapi/linux/udp.h
     // Extract UDP header
@@ -80,3 +84,15 @@ static inline int update_udp_checksum(__u64 cs, ip_addr old_addr, ip_addr new_ad
     return cs;
 }
 
+__attribute__((__always_inline__))
+static inline void decrease_packet_lifetime(struct ethhdr * eth){
+    struct iphdr *iph;
+    iph = (struct iphdr *) (eth + 1);
+
+    // from include/net/ip.h
+    u32 check = (__force u32)iph->check;
+    check += (__force u32)htons(0x0100);
+    iph->check = (__force __sum16)(check + (check >= 0xFFFF));
+
+    --iph->ttl;
+}

ulb_ipv6.c

@@ -39,7 +39,10 @@ static inline int parse_ip_header(struct ethhdr * eth, void * data_end, struct u
         return NOT_UDP;
     }
 
-    // TODO #15 we should drop packet with hoplimit = 0 for ipv6
+    // handle packet lifetime : https://tools.ietf.org/html/rfc8200#section-3
+    if (iph->hop_limit <= 0)
+       	return LIFETIME_EXPIRED;
+    // TODO #15 we should maybe send an ICMP packet
 
     // https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/tree/include/uapi/linux/udp.h
     // Extract UDP header
@@ -59,3 +62,9 @@ static inline int update_udp_checksum(__u64 cs, ip_addr old_addr, ip_addr new_ad
     return cs;
 }
 
+__attribute__((__always_inline__))
+static inline void decrease_packet_lifetime(struct ethhdr * eth) {
+    struct ipv6hdr *iph;
+    iph = (struct ipv6hdr *) (eth + 1);
+    --iph->hop_limit;
+}