From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-pf1-f193.google.com (mail-pf1-f193.google.com [209.85.210.193]) by dpdk.org (Postfix) with ESMTP id 7CFB91B10D for ; Tue, 15 Jan 2019 02:00:32 +0100 (CET) Received: by mail-pf1-f193.google.com with SMTP id z9so461493pfi.2 for ; Mon, 14 Jan 2019 17:00:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=networkplumber-org.20150623.gappssmtp.com; s=20150623; h=date:from:to:cc:subject:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=KAS13/aRhtCaGrmToWiFc1m+KzypjdosKGoBOvIsO50=; b=SJXtt5AulHrmwSTwKXiieU5YEhn7hu+MejXaxIqLQM4xLZXV/ovshA3sD+4cG9MwIF xdUkJbg0FweLAwVi7o4mugnWw8XBqCA6KyNMfULYcoV3q6qEsUvVd7b5vH/9Sql7mMIJ 4iMbHv02dCQSTlQDdaFw0NcgVFwXVVgaEaeT6pE/Dpn1vcMuS9W1zd/4b9e9Slneqb3E V3QxIjtqNXFSM+T1CI/2thi0N3trRNZiurWX3k7dvjFKeLvRIxp3tHVWJ4lnxcCCslRc LAAjOMDG2VbMCYEgOROgMpIUq2gRtNmRAASftGftq//Bt+ilTMhSLGvgVFA9jZhRcw5g coYA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=KAS13/aRhtCaGrmToWiFc1m+KzypjdosKGoBOvIsO50=; b=kW9R/4AczvPwscFVmF8+BMTFpMnT4xFZ+z+xcMCIp9EsDTV7wX2BDxJ58sY+OG6MzM l0Z9BtoOwFV6AwBWprqQ9JcdMlw50qAv3H1AI1SwJinIRC/nzDZRypLDv0XkYXONE0O3 BuKESiWqJvK0npV9tcxRPOoICq4RFXAO8pjkvUh+K0PkP7S6PTOSR/ATLiWDRdBJjuvv s+i+Ej15uCMtDhGj6Nl3Nl7RBczC5W4WJ64SgXsZV6samx0SklB8Dk6J6vol7Xx1B9KZ wll8L0e75BCbA0Mw+r0UL2VTZAbZyCKhikMD6bPbxd5YZk/0dWA3qmghOvBKpeYHIy4Y A8Yw== X-Gm-Message-State: AJcUukckUG46rR08vJ8e2ma7KNzWUHEDypi5PTndE+4fXqeOi3azmEsF 7Xg55dLH4cytu0OI8dfmZKsrHA== X-Google-Smtp-Source: ALg8bN78mJgK6xZ/5WljlNajIYMALE8x1G19mXJq7BRVpS98X8tfzX5vbkovuPiA0T/fBIUsQ9vNrw== X-Received: by 2002:a63:7d06:: with SMTP id y6mr1229618pgc.171.1547514031573; Mon, 14 Jan 2019 17:00:31 -0800 (PST) Received: from hermes.lan (204-195-22-127.wavecable.com. [204.195.22.127]) by smtp.gmail.com with ESMTPSA id d68sm2082630pfa.64.2019.01.14.17.00.31 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Mon, 14 Jan 2019 17:00:31 -0800 (PST) Date: Mon, 14 Jan 2019 17:00:28 -0800 From: Stephen Hemminger To: Jiayu Hu Cc: dev@dpdk.org, konstantin.ananyev@intel.com, thomas@monjalon.net, stable@dpdk.org Message-ID: <20190114170028.68bdd4d7@hermes.lan> In-Reply-To: <1547132768-2384-1-git-send-email-jiayu.hu@intel.com> References: <1546927725-68831-1-git-send-email-jiayu.hu@intel.com> <1547132768-2384-1-git-send-email-jiayu.hu@intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Re: [dpdk-dev] [PATCH v2] gro: add missing invalid packet checks X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Jan 2019 01:00:32 -0000 On Thu, 10 Jan 2019 23:06:08 +0800 Jiayu Hu wrote: > + > +#define ILLEGAL_ETHER_HDRLEN(len) ((len) != ETHER_HDR_LEN) > +#define ILLEGAL_ETHER_VXLAN_HDRLEN(len) \ > + ((len) != (ETHER_VXLAN_HLEN + ETHER_HDR_LEN)) > +#define ILLEGAL_IPV4_HDRLEN(len) ((len) != sizeof(struct ipv4_hdr)) > +#define ILLEGAL_TCP_HDRLEN(len) \ > + (((len) < sizeof(struct tcp_hdr)) || ((len) > TCP_MAX_HLEN)) > + Why not inline (which keeps type checking) instead of macro. Results in same code. Also, prefer "invalid" instead "ILLEGAL" . There is no government inforcing a rule on packet headers. Also, what about ipv4 options, or TCP options? And even VXLAN header check should be more rigorous. What about not allowing fragments in IP header for example. If you are going to do enforcement, be as strict as you can.