Brayan,
> I checked vpp behavior when it receives packets with Time To Live (TTL) value
> of 1. I'm using vpp version of v19.08-rc0 on master branch.
>
> Based on Cisco network devices, I expected that VPP drops packets with TTL 1
> and it sends an ICMP reject message to client. Also, when client pings the
> Cisco device's interfaces with packets having TTL 1, the packets are rejected
> again and an icmp reject message is sent to the client.
>
> I see two types of different behavior between vpp and Cisco.
>
> In normal configuration, the TTL checking is done after lookup ( based on
> trace log) but I expected to see this checking before routing, nat or other
> functionality nodes. It is not optimized to do a lot of process on packets
> and then check their TTL value, Isn't it? Currently, the TTL value is checked
> in ip4-rewrite node, which is too late.
> Another difference is when a client pings vpp interfaces ip with TTL 1, VPP
> sends echo reply packet to the client while in Cisco this packets are
> rejected.
The correct behaviour is RFC8200:
Hop Limit 8-bit unsigned integer. Decremented by 1 by
each node that forwards the packet. When
forwarding, the packet is discarded if Hop
Limit was zero when received or is decremented
to zero. A node that is the destination of a
packet should not discard a packet with Hop
Limit equal to zero; it should process the
packet normally.
This also applies for IPv4.
A packet with TTL=1 that hits the host stack is valid (e.g. a ICMP echo
request); a packet for forwarding should be dropped.
The TTL check cannot be done before determining if the packet is for us or to
be forwarded.
Best regards,
Ole-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#13774): https://lists.fd.io/g/vpp-dev/message/13774
Mute This Topic: https://lists.fd.io/mt/32921392/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
