From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 616D745CE9; Mon, 11 Nov 2024 14:10:17 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 11D5741101; Mon, 11 Nov 2024 14:10:17 +0100 (CET) Received: from fout-a1-smtp.messagingengine.com (fout-a1-smtp.messagingengine.com [103.168.172.144]) by mails.dpdk.org (Postfix) with ESMTP id 06D4240E0C for ; Mon, 11 Nov 2024 14:10:15 +0100 (CET) Received: from phl-compute-10.internal (phl-compute-10.phl.internal [10.202.2.50]) by mailfout.phl.internal (Postfix) with ESMTP id 7FCBD1380636; Mon, 11 Nov 2024 08:10:14 -0500 (EST) Received: from phl-mailfrontend-01 ([10.202.2.162]) by phl-compute-10.internal (MEProxy); Mon, 11 Nov 2024 08:10:14 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=monjalon.net; h= cc:cc:content-transfer-encoding:content-type:content-type:date :date:from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to; s=fm3; t=1731330614; x=1731417014; bh=GymnxuA/ViiL3TdlbSjjM/dCF+5EbnvgPLDrTmNITIM=; b= NNtkRkbGGRMrUatPm10ny/fRP307v6+OSXpYCwzMJw0OjPC5Z0uojhJZmUdTdeeB PfOrsimecLkHDx/pl1NmkqMusGq1Sn1dSE6k1uDqSZSO4lb5yPP79xP9AI3Au3nd 3gHpv/8KDW8Iwm22CyqPEhbG74lO2tactwtV10zdnlK5sK/Is5vxIpsom5dFV9y9 8AkMy3cQtKN26hyieD4Rm1u8vw0RxYSt8nQDv+dGod17MNCkEXfrUnO/gCz/2AgH q5WGjywzSl5IGtmjQMhl99Ib7sMccuavttT5b97mdBOquftB+rjxHhllTR+FEmXq +7ds4QiZxJObaYLlV35XiQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm3; t=1731330614; x= 1731417014; bh=GymnxuA/ViiL3TdlbSjjM/dCF+5EbnvgPLDrTmNITIM=; b=a xa3DBTr3DkAX7RF4FGRgIrZzQBtsJIGwLllbu2IFwv/+7Pq193Uke2nIvbRoqn9D 8tIcXojziLp3TOwUP28wOGazURkE3WYVss64NcqWRVsZ1yCyRXyMMZrtZAxhfPzo DIr+QLQBXmEHLHkN23bBUr+aZ+XhZ2hMqlN26UltRhpWy7jOtlMbaJyTDvkZCryi EkmliaBvXz9cAQAcbrmKv7ubsDQ9gnrpJaab3Rua7X2UFOKMYwI542oCkdPSuIHn l6UGU6eA+c5SOZ1tziH8F2ryz0qFx4huGnyWE6GzwjAO6XYfqLU+zIpXnQwFSgG1 hsVteGzoE5JtEBfxliPLw== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeefuddruddvgdegkecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpggftfghnshhusghstghrihgsvgdpuffr tefokffrpgfnqfghnecuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnth hsucdlqddutddtmdenucfjughrpefhvfevufffkfgjfhgggfgtsehtufertddttdejnecu hfhrohhmpefvhhhomhgrshcuofhonhhjrghlohhnuceothhhohhmrghssehmohhnjhgrlh honhdrnhgvtheqnecuggftrfgrthhtvghrnhepkeefheeftdegtdejheeuuedtgfelfeei veekieekleekffelgfdtveeiheehffdunecuffhomhgrihhnpeguphgukhdrohhrghenuc evlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehthhhomhgr shesmhhonhhjrghlohhnrdhnvghtpdhnsggprhgtphhtthhopeehpdhmohguvgepshhmth hpohhuthdprhgtphhtthhopehvihhgnhgvshhhrdhpuhhruhhshhhothhhrghmrdhsrhhi nhhivhgrshesvghrihgtshhsohhnrdgtohhmpdhrtghpthhtohepkhhonhhsthgrnhhtih hnrdgrnhgrnhihvghvsehhuhgrfigvihdrtghomhdprhgtphhtthhopeguvghvseguphgu khdrohhrghdprhgtphhtthhopehkohhnshhtrghnthhinhdrvhdrrghnrghnhigvvheshi grnhguvgigrdhruhdprhgtphhtthhopehsthgvphhhvghnsehnvghtfihorhhkphhluhhm sggvrhdrohhrgh X-ME-Proxy: Feedback-ID: i47234305:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Mon, 11 Nov 2024 08:10:13 -0500 (EST) From: Thomas Monjalon To: "vignesh.purushotham.srinivas@ericsson.com" , Konstantin Ananyev Cc: "dev@dpdk.org" , "konstantin.v.ananyev@yandex.ru" , Stephen Hemminger Subject: Re: [RFC] ip_frag: support IPv6 reassembly with extensions Date: Mon, 11 Nov 2024 14:10:11 +0100 Message-ID: <5544379.ZfL8zNpBrT@thomas> In-Reply-To: <00f28b5cdb5b46c285fe33ffbae0ca1a@huawei.com> References: <20240213114727.550209-1-vignesh.purushotham.srinivas@ericsson.com> <14465732.5MRjnR8RnV@thomas> <00f28b5cdb5b46c285fe33ffbae0ca1a@huawei.com> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="utf-8" X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org 11/11/2024 13:59, Konstantin Ananyev: > > > 14/02/2024 04:51, Stephen Hemminger: > > > On Tue, 13 Feb 2024 12:47:27 +0100 > > > wrote: > > > > > > > +/* > > > > + * Function to crawl through the extension header stack. > > > > + * This function breaks as soon a the fragment header is > > > > + * found and returns the total length the traversed exts > > > > + * and the last extension before the fragment header > > > > + */ > > > > +static inline uint32_t > > > > +ip_frag_get_last_exthdr(struct rte_ipv6_hdr *ip_hdr, uint8_t **last_ext) > > > > +{ > > > > + uint32_t total_len = 0; > > > > + size_t ext_len = 0; > > > > + *last_ext = (uint8_t *)(ip_hdr + 1); > > > > + int next_proto = ip_hdr->proto; > > > > + > > > > + while (next_proto != IPPROTO_FRAGMENT && > > > > + (next_proto = rte_ipv6_get_next_ext( > > > > + *last_ext, next_proto, &ext_len)) >= 0) { > > > > + > > > > + total_len += ext_len; > > > > + > > > > + if (next_proto == IPPROTO_FRAGMENT) > > > > + return total_len; > > > > + > > > > + *last_ext += ext_len; > > > > + } > > > > + > > > > + return total_len; > > > > +} > > > > > > Doing endless loop like this opens up DoS attacks. > > > Better to use rte_next_skip_ip6_ext() or do similar limited loop. > > > > There was no reply to this interesting comment? > > I think there is a limit is the latest version for that patch: > https://patchwork.dpdk.org/project/dpdk/patch/20241015082133.3910533-1-vignesh.purushotham.srinivas@ericsson.com/ Even if there is a new version, we should reply to comments. > It is also has an ACK from me... > Though looking at it once again - we'd better have an extra check here to > make sure that total_len would not exceed mbuf->data_len. I suppose it can wait 25.03.