From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dev-bounces@dpdk.org>
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id AD64AA0A02;
	Thu, 25 Mar 2021 12:12:13 +0100 (CET)
Received: from [217.70.189.124] (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id 325AE4067B;
	Thu, 25 Mar 2021 12:12:13 +0100 (CET)
Received: from qq.com (out162-62-57-252.mail.qq.com [162.62.57.252])
 by mails.dpdk.org (Postfix) with ESMTP id BD47540147
 for <dev@dpdk.org>; Thu, 25 Mar 2021 12:12:10 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=qq.com; s=s201512;
 t=1616670728; bh=ID8WDCKJn48ofK1HZxfx/WY7Cq3zTpFqitxkyQA7zNI=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References;
 b=G2FcXOY8Yoptl/Q/4UGRrZGcAFFDEiRZe2t03fTAioSV6LKKTIw8UPCH0IBLcmskR
 +3BKFd+BY5Pd9QpfgbqtDyvsSP1hEemJbq9s5bjiexsUe6fn58M+K+hpAM/4KDTISL
 heU6MF5GV+V2cVWGIcBN6TVE0xbVmETxhzLqSilE=
Received: from localhost.localdomain
 ([2409:8a20:202e:ae80:1976:bbc3:2885:f49c])
 by newxmesmtplogicsvrsza8.qq.com (NewEsmtp) with SMTP
 id 30434ED5; Thu, 25 Mar 2021 19:12:04 +0800
X-QQ-mid: xmsmtpt1616670724t1jvk87pw
Message-ID: <tencent_8FA596830F4F89E9E2169503B40DF0FF0307@qq.com>
X-QQ-XMAILINFO: No4GWyI4cWt6BOHkEOKJnzCPJ5DhN9mfj/ISJmLNZgpZ7L2m7B5M3Ug13toCvp
 dvr7whCNGq0M6MEB9/FO2byPBn3Ol9AOOJvibm/0JKH77jCVOT1lxHJky789CvP1k8PvjkqaiGrx
 GPZCfIau3hguH306CSaMDGoLChLTQk93Uq6GWroZi7x7S1+K7fiaZLfFWbVN6IiWPIzmrRIf9Tr+
 vaz+EnyBBBTmGxSeFw0rI5VvmSdVlwGceJu+egw1HSreEUCo0a/ulHHX72puuYmG4TO5Sop2iOUw
 cQRD/gtKtzX5q0hMFtOWmpuv4LUg7OMYK70vfFHgnUVBryuUsFVNgOxejtWNQQ9al9MIE26b0ZZv
 qWf3QdsuNp/amhRSpVbu8E3msBSpSfpwDWtIYJcHGMnyAmaJqIBHeMEmz/JLGuTi6DrjixQGY9ts
 c0dIm0IGHpXxgTkgs/s3ihZADoHTaugGOjuHMzZ/wqB06c0cQ4pENuJ2T0+woIX0szj/g1qk2X0p
 CIc/Kmf0JniLcCkAEqODpW+L0XZH5ynxVSkR4XhJM8QPEhMBh3uHfXdCQAfGOHa02uLRmMZFMEW3
 2cIf/YPbtrGa422gmC9JAnO5jzGOyoEJ1KbNMVGjRci3hAACwT0pzjcCez8ZsYzRg1FufFRw5wPt
 BbPPJEdsU+goewMXuoFizPDWFfnhd/UsRnnnJzpaqHMiq9GZlU6AyjzSYB3n5YaX4sGCYHtrPquP
 KQeYfTuFC+uNs5FyXG3yMKOqBnASUeJOrzxKT+epBJfrfv3O4PStoFe+ymAik0KKP7KZmtp1yZV+
 XxVPeklTmGxdKQChbwyfUji0A9JBDz1eX5v/IZiGcJIApM0adOHrdNScPyK0s9TnM=
From: 583493798@qq.com
To: dev@dpdk.org
Cc: thomas@monjalon.net, Pu Xu <583493798@qq.com>,
 Konstantin Ananyev <konstantin.ananyev@intel.com>,
 Anatoly Burakov <anatoly.burakov@intel.com>,
 Thomas Monjalon <thomas.monjalon@6wind.com>
Date: Thu, 25 Mar 2021 19:11:30 +0800
X-OQ-MSGID: <20210325111130.95065-1-583493798@qq.com>
X-Mailer: git-send-email 2.17.0
In-Reply-To: <20200501161603.33907-1-583493798@qq.com>
References: <20200501161603.33907-1-583493798@qq.com>
Subject: [dpdk-dev] [PATCH v2] ip_frag: fix fragmenting ipv4 packet with
 header option
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

From: Pu Xu <583493798@qq.com>

When fragmenting ipv4 packet, the data offset should be calculated through
the ihl field in ip header rather than using sizeof(struct rte_ipv4_hdr).

Fixes: 4c38e5532a07 ("ip_frag: refactor IPv4 fragmentation into a proper library")

Signed-off-by: Pu Xu <583493798@qq.com>
---
 lib/librte_ip_frag/rte_ipv4_fragmentation.c | 34 +++++++++++++--------
 1 file changed, 21 insertions(+), 13 deletions(-)

diff --git a/lib/librte_ip_frag/rte_ipv4_fragmentation.c b/lib/librte_ip_frag/rte_ipv4_fragmentation.c
index e9de335ae..2e7739d02 100644
--- a/lib/librte_ip_frag/rte_ipv4_fragmentation.c
+++ b/lib/librte_ip_frag/rte_ipv4_fragmentation.c
@@ -23,10 +23,10 @@
 #define	IPV4_HDR_FO_ALIGN			(1 << RTE_IPV4_HDR_FO_SHIFT)
 
 static inline void __fill_ipv4hdr_frag(struct rte_ipv4_hdr *dst,
-		const struct rte_ipv4_hdr *src, uint16_t len, uint16_t fofs,
-		uint16_t dofs, uint32_t mf)
+		const struct rte_ipv4_hdr *src, uint16_t header_len,
+		uint16_t len, uint16_t fofs, uint16_t dofs, uint32_t mf)
 {
-	rte_memcpy(dst, src, sizeof(*dst));
+	rte_memcpy(dst, src, header_len);
 	fofs = (uint16_t)(fofs + (dofs >> RTE_IPV4_HDR_FO_SHIFT));
 	fofs = (uint16_t)(fofs | mf << RTE_IPV4_HDR_MF_SHIFT);
 	dst->fragment_offset = rte_cpu_to_be_16(fofs);
@@ -74,7 +74,7 @@ rte_ipv4_fragment_packet(struct rte_mbuf *pkt_in,
 	struct rte_ipv4_hdr *in_hdr;
 	uint32_t out_pkt_pos, in_seg_data_pos;
 	uint32_t more_in_segs;
-	uint16_t fragment_offset, flag_offset, frag_size;
+	uint16_t fragment_offset, flag_offset, frag_size, header_len;
 	uint16_t frag_bytes_remaining;
 
 	/*
@@ -86,14 +86,22 @@ rte_ipv4_fragment_packet(struct rte_mbuf *pkt_in,
 	    unlikely(mtu_size < RTE_ETHER_MIN_MTU))
 		return -EINVAL;
 
+	in_hdr = rte_pktmbuf_mtod(pkt_in, struct rte_ipv4_hdr *);
+	header_len = (in_hdr->version_ihl & RTE_IPV4_HDR_IHL_MASK) *
+	    RTE_IPV4_IHL_MULTIPLIER;
+
+	/* Check IP header length */
+	if (unlikely(pkt_in->data_len < header_len) ||
+	    unlikely(mtu_size < header_len))
+		return -EINVAL;
+
 	/*
 	 * Ensure the IP payload length of all fragments is aligned to a
 	 * multiple of 8 bytes as per RFC791 section 2.3.
 	 */
-	frag_size = RTE_ALIGN_FLOOR((mtu_size - sizeof(struct rte_ipv4_hdr)),
+	frag_size = RTE_ALIGN_FLOOR((mtu_size - header_len),
 				    IPV4_HDR_FO_ALIGN);
 
-	in_hdr = rte_pktmbuf_mtod(pkt_in, struct rte_ipv4_hdr *);
 	flag_offset = rte_cpu_to_be_16(in_hdr->fragment_offset);
 
 	/* If Don't Fragment flag is set */
@@ -102,11 +110,11 @@ rte_ipv4_fragment_packet(struct rte_mbuf *pkt_in,
 
 	/* Check that pkts_out is big enough to hold all fragments */
 	if (unlikely(frag_size * nb_pkts_out <
-	    (uint16_t)(pkt_in->pkt_len - sizeof(struct rte_ipv4_hdr))))
+	    (uint16_t)(pkt_in->pkt_len - header_len)))
 		return -EINVAL;
 
 	in_seg = pkt_in;
-	in_seg_data_pos = sizeof(struct rte_ipv4_hdr);
+	in_seg_data_pos = header_len;
 	out_pkt_pos = 0;
 	fragment_offset = 0;
 
@@ -124,8 +132,8 @@ rte_ipv4_fragment_packet(struct rte_mbuf *pkt_in,
 		}
 
 		/* Reserve space for the IP header that will be built later */
-		out_pkt->data_len = sizeof(struct rte_ipv4_hdr);
-		out_pkt->pkt_len = sizeof(struct rte_ipv4_hdr);
+		out_pkt->data_len = header_len;
+		out_pkt->pkt_len = header_len;
 		frag_bytes_remaining = frag_size;
 
 		out_seg_prev = out_pkt;
@@ -176,14 +184,14 @@ rte_ipv4_fragment_packet(struct rte_mbuf *pkt_in,
 
 		out_hdr = rte_pktmbuf_mtod(out_pkt, struct rte_ipv4_hdr *);
 
-		__fill_ipv4hdr_frag(out_hdr, in_hdr,
+		__fill_ipv4hdr_frag(out_hdr, in_hdr, header_len,
 		    (uint16_t)out_pkt->pkt_len,
 		    flag_offset, fragment_offset, more_in_segs);
 
 		fragment_offset = (uint16_t)(fragment_offset +
-		    out_pkt->pkt_len - sizeof(struct rte_ipv4_hdr));
+		    out_pkt->pkt_len - header_len);
 
-		out_pkt->l3_len = sizeof(struct rte_ipv4_hdr);
+		out_pkt->l3_len = header_len;
 
 		/* Write the fragment to the output list */
 		pkts_out[out_pkt_pos] = out_pkt;
-- 
2.17.0