From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 09891A0562; Tue, 31 Mar 2020 18:07:42 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 493F71BFD4; Tue, 31 Mar 2020 18:07:35 +0200 (CEST) Received: from us-smtp-delivery-1.mimecast.com (us-smtp-1.mimecast.com [205.139.110.61]) by dpdk.org (Postfix) with ESMTP id 98EDD1BFC1 for ; Tue, 31 Mar 2020 18:07:33 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1585670852; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=HhtkXaIAKVIRMRLgl9jv/au+32wzVtF4coqo9/EZ80M=; b=ZgrB/mGjosD0UkpEPisF/x7gzse4nNocO1M/tOw6fVOs7Owhdjc4orCjLRZ1XGGUwdhe8I zDwAbhruu0agYdcbLAfaTMXZUHbveXbHFcYnR3drDO5iv3UR4QiSxNRWogJ/OxLMfsq3C0 PkFcjcnFnz7VS2snHqG0k45M0Nn8pLQ= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-178-OQ6N6gkgNs6pL3NQzbTDkg-1; Tue, 31 Mar 2020 12:07:29 -0400 X-MC-Unique: OQ6N6gkgNs6pL3NQzbTDkg-1 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id B5F9C8017DF; Tue, 31 Mar 2020 16:07:27 +0000 (UTC) Received: from dhcp-25.97.bos.redhat.com (ovpn-116-136.phx2.redhat.com [10.3.116.136]) by smtp.corp.redhat.com (Postfix) with ESMTP id 680FF96B96; Tue, 31 Mar 2020 16:07:24 +0000 (UTC) From: Aaron Conole To: dev@dpdk.org Cc: Konstantin Ananyev , Sunil Kumar Kori , Allain Legacy , Anatoly Burakov , Chas Williams , Piotr Azarewicz , Bruce Richardson , David Marchand Date: Tue, 31 Mar 2020 12:07:11 -0400 Message-Id: <20200331160714.697790-2-aconole@redhat.com> In-Reply-To: <20200331160714.697790-1-aconole@redhat.com> References: <20200331160714.697790-1-aconole@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Subject: [dpdk-dev] [PATCH 1/4] ip_frag: ensure minimum v4 fragmentation length X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" The IPv4 specification says that each fragment must at least the size of an IP header plus 8 octets. When attempting to run ipfrag using a smaller size, the fragment library will return successful completion, even though it is a violation of RFC791 (and updates). Signed-off-by: Aaron Conole --- lib/librte_ip_frag/rte_ipv4_fragmentation.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/lib/librte_ip_frag/rte_ipv4_fragmentation.c b/lib/librte_ip_fr= ag/rte_ipv4_fragmentation.c index 9e9f986cc5..4baaf6355c 100644 --- a/lib/librte_ip_frag/rte_ipv4_fragmentation.c +++ b/lib/librte_ip_frag/rte_ipv4_fragmentation.c @@ -76,6 +76,12 @@ rte_ipv4_fragment_packet(struct rte_mbuf *pkt_in, =09uint16_t fragment_offset, flag_offset, frag_size; =09uint16_t frag_bytes_remaining; =20 +=09/* +=09 * Ensure the IP fragmentation size is at least iphdr length + 8 octets +=09 */ +=09if (unlikely(mtu_size < (sizeof(struct rte_ipv4_hdr) + 8*sizeof(char)))= ) +=09=09return -EINVAL; + =09/* =09 * Ensure the IP payload length of all fragments is aligned to a =09 * multiple of 8 bytes as per RFC791 section 2.3. --=20 2.25.1