From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id C2C90A057B; Wed, 1 Apr 2020 15:19:10 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 71BE51BE99; Wed, 1 Apr 2020 15:19:03 +0200 (CEST) Received: from us-smtp-delivery-1.mimecast.com (us-smtp-2.mimecast.com [205.139.110.61]) by dpdk.org (Postfix) with ESMTP id 4FF70F12 for ; Wed, 1 Apr 2020 15:19:01 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1585747140; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=HhtkXaIAKVIRMRLgl9jv/au+32wzVtF4coqo9/EZ80M=; b=MAz+pvGvQm8FoiBkyJm91ilnR7CjyBavXc4uLpLukJKRI/rTS8BYIszG38pK6WpZ3hkWsT ykuTCWPcZWY5ljJr6HFcxs8zyxW7C2m+83c9/nBmZVsYy9VcBf8oVHEutqR4MsoUYfb+hC KoKF2nLC+TrcxylimOyCYPnDut8rEYs= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-454-7N39NNd-MZacQJ4yEA3gnQ-1; Wed, 01 Apr 2020 09:18:59 -0400 X-MC-Unique: 7N39NNd-MZacQJ4yEA3gnQ-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id D2CF68017FD; Wed, 1 Apr 2020 13:18:57 +0000 (UTC) Received: from dhcp-25.97.bos.redhat.com (ovpn-116-136.phx2.redhat.com [10.3.116.136]) by smtp.corp.redhat.com (Postfix) with ESMTP id 7A5ED1001B07; Wed, 1 Apr 2020 13:18:56 +0000 (UTC) From: Aaron Conole To: dev@dpdk.org Cc: Konstantin Ananyev , Sunil Kumar Kori , Allain Legacy , Anatoly Burakov , Chas Williams , Piotr Azarewicz , Bruce Richardson , David Marchand Date: Wed, 1 Apr 2020 09:18:46 -0400 Message-Id: <20200401131849.2209336-2-aconole@redhat.com> In-Reply-To: <20200401131849.2209336-1-aconole@redhat.com> References: <20200331160714.697790-1-aconole@redhat.com> <20200401131849.2209336-1-aconole@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Subject: [dpdk-dev] [PATCH v2 1/4] ip_frag: ensure minimum v4 fragmentation length X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" The IPv4 specification says that each fragment must at least the size of an IP header plus 8 octets. When attempting to run ipfrag using a smaller size, the fragment library will return successful completion, even though it is a violation of RFC791 (and updates). Signed-off-by: Aaron Conole --- lib/librte_ip_frag/rte_ipv4_fragmentation.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/lib/librte_ip_frag/rte_ipv4_fragmentation.c b/lib/librte_ip_fr= ag/rte_ipv4_fragmentation.c index 9e9f986cc5..4baaf6355c 100644 --- a/lib/librte_ip_frag/rte_ipv4_fragmentation.c +++ b/lib/librte_ip_frag/rte_ipv4_fragmentation.c @@ -76,6 +76,12 @@ rte_ipv4_fragment_packet(struct rte_mbuf *pkt_in, =09uint16_t fragment_offset, flag_offset, frag_size; =09uint16_t frag_bytes_remaining; =20 +=09/* +=09 * Ensure the IP fragmentation size is at least iphdr length + 8 octets +=09 */ +=09if (unlikely(mtu_size < (sizeof(struct rte_ipv4_hdr) + 8*sizeof(char)))= ) +=09=09return -EINVAL; + =09/* =09 * Ensure the IP payload length of all fragments is aligned to a =09 * multiple of 8 bytes as per RFC791 section 2.3. --=20 2.25.1