From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id C5DD243B3C; Wed, 14 Feb 2024 18:45:51 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 65AD44325E; Wed, 14 Feb 2024 18:45:51 +0100 (CET) Received: from mail-pf1-f182.google.com (mail-pf1-f182.google.com [209.85.210.182]) by mails.dpdk.org (Postfix) with ESMTP id 0A2D8400D5 for ; Wed, 14 Feb 2024 18:45:49 +0100 (CET) Received: by mail-pf1-f182.google.com with SMTP id d2e1a72fcca58-6de3141f041so56394b3a.0 for ; Wed, 14 Feb 2024 09:45:49 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=networkplumber-org.20230601.gappssmtp.com; s=20230601; t=1707932749; x=1708537549; darn=dpdk.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:from:date:from:to:cc:subject:date :message-id:reply-to; bh=NtrYf7v+uUqj9iNf69xVtRq23lyeiRpRPxlJZ/Lqink=; b=dTIDCzc0jOH/7f6gdLbjhhTKcTHOtPbShfDzp4ZQgm5q7l36ppXkYj0j+2f62VBW7j gol7cR+gRdMzhWtY1SX0vlIv4PaKF1kVH98kYVwukdWPU7s6mDi1VnyYwuPxFVIh2beF gJAdhxwAZebwJH011Lg8nOaKoFqRdHPn940363pqBsyE+iCMd/Y1IsSHGBZPGNCZJw/2 nNv9dMUmWtGNQ2uL7JZqSUWz6ltTtea8HIPN0eJDFTogYMQ/GDE7NotqSyRPmnoqYCFg S+Ya0K0DV853u4hOJNrk8/Exrc4061kA+k9RoKcae33HyfE2hFti7OUtOsGNR1JNfszw 5bbQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1707932749; x=1708537549; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:from:date:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=NtrYf7v+uUqj9iNf69xVtRq23lyeiRpRPxlJZ/Lqink=; b=KAWPxkjoQOEVpQ8b77Z5CTQP6fFXtTQK9aEyAh8VGGuOIV7ioF4cxuRyrhJu/E8zw8 FBA2kV9zjYB1iKxeg9ul6ybezwP1HOCjJ3jLWHJ/5Q6DsSVV+cyd708k+kgL90TFFYL1 9qn8Ka1+2Ka7u8Pjb+jXKZPgGKiBLDAFqxfD4IJ7JbIqeQ9rVWvLuujKXiekzuhlNAT0 FqoCEw5ViXCeAq2sk6fs2Lf0u7SKoqEGxoR1XpW5GUtBlbQEPU7BKZqFjtEiiuGL2WLy C828tI45aHZE+IOsH5w3pShG02jarsomPGccNd+IDmfafLYe8KthopfyO7HVryYKGaMs SGvg== X-Forwarded-Encrypted: i=1; AJvYcCXds4fAgMissabfJl2EeSPh5XP1dG6Z0EQBMTKCk9mrtaaPvr8XK1zsVaFnNMlcD1WBLOr725o71+wZtxo= X-Gm-Message-State: AOJu0YzdMMjJVSLJziV80A2y88VmYNsBZSu+u+6Hn7n/w+scJYJRian+ rAuZrd2V+3TIVRKMMiV2Fh7DYmwwaQKKoatqj7G+dSqLgB5v6ryEv9A9n4ngGgE= X-Google-Smtp-Source: AGHT+IG3vZ2d+UUu+1ZAq4suxxLl7gTa914qpiAdd2zqKJ00dX8KVug0GsC5cteCi5LOHwVK5+kruA== X-Received: by 2002:a05:6a00:1387:b0:6e1:7e8:7a4a with SMTP id t7-20020a056a00138700b006e107e87a4amr3506935pfg.31.1707932748908; Wed, 14 Feb 2024 09:45:48 -0800 (PST) X-Forwarded-Encrypted: i=1; AJvYcCUV86QJwATkuMlNrKG/KpfBnp/oYitaZDPy7t+tITZajH+7jd4lvcEhNuo4joK+F+kMm+rXkydIKHrBeA0= Received: from hermes.local (204-195-123-141.wavecable.com. [204.195.123.141]) by smtp.gmail.com with ESMTPSA id r3-20020a62e403000000b006e02f4bb4e4sm9803877pfh.18.2024.02.14.09.45.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 14 Feb 2024 09:45:48 -0800 (PST) Date: Tue, 13 Feb 2024 19:51:13 -0800 From: Stephen Hemminger To: Cc: , Subject: Re: [RFC] ip_frag: support IPv6 reassembly with extensions Message-ID: <20240213195107.736fb1e4@hermes.local> In-Reply-To: <20240213114727.550209-1-vignesh.purushotham.srinivas@ericsson.com> References: <20240213114727.550209-1-vignesh.purushotham.srinivas@ericsson.com> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org On Tue, 13 Feb 2024 12:47:27 +0100 wrote: > +/* > + * Function to crawl through the extension header stack. > + * This function breaks as soon a the fragment header is > + * found and returns the total length the traversed exts > + * and the last extension before the fragment header > + */ > +static inline uint32_t > +ip_frag_get_last_exthdr(struct rte_ipv6_hdr *ip_hdr, uint8_t **last_ext) > +{ > + uint32_t total_len = 0; > + size_t ext_len = 0; > + *last_ext = (uint8_t *)(ip_hdr + 1); > + int next_proto = ip_hdr->proto; > + > + while (next_proto != IPPROTO_FRAGMENT && > + (next_proto = rte_ipv6_get_next_ext( > + *last_ext, next_proto, &ext_len)) >= 0) { > + > + total_len += ext_len; > + > + if (next_proto == IPPROTO_FRAGMENT) > + return total_len; > + > + *last_ext += ext_len; > + } > + > + return total_len; > +} Doing endless loop like this opens up DoS attacks. Better to use rte_next_skip_ip6_ext() or do similar limited loop.