From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-pf1-f194.google.com (mail-pf1-f194.google.com [209.85.210.194]) by dpdk.org (Postfix) with ESMTP id 659081B10C for ; Tue, 15 Jan 2019 02:00:32 +0100 (CET) Received: by mail-pf1-f194.google.com with SMTP id 64so438039pfr.9 for ; Mon, 14 Jan 2019 17:00:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=networkplumber-org.20150623.gappssmtp.com; s=20150623; h=date:from:to:cc:subject:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=KAS13/aRhtCaGrmToWiFc1m+KzypjdosKGoBOvIsO50=; b=SJXtt5AulHrmwSTwKXiieU5YEhn7hu+MejXaxIqLQM4xLZXV/ovshA3sD+4cG9MwIF xdUkJbg0FweLAwVi7o4mugnWw8XBqCA6KyNMfULYcoV3q6qEsUvVd7b5vH/9Sql7mMIJ 4iMbHv02dCQSTlQDdaFw0NcgVFwXVVgaEaeT6pE/Dpn1vcMuS9W1zd/4b9e9Slneqb3E V3QxIjtqNXFSM+T1CI/2thi0N3trRNZiurWX3k7dvjFKeLvRIxp3tHVWJ4lnxcCCslRc LAAjOMDG2VbMCYEgOROgMpIUq2gRtNmRAASftGftq//Bt+ilTMhSLGvgVFA9jZhRcw5g coYA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=KAS13/aRhtCaGrmToWiFc1m+KzypjdosKGoBOvIsO50=; b=Al2W4Vd8h5Hn757IEeQnB9a+hv7f1MaMavWjKqLglQFMwwUkI4pAU5v8mLk7NkcVTm Zje3LuZHvqfmPfPeKejVtp2oqDz/7WI7O/i0CvrX1vIhczMXCu/LQTTk6ZYwew9fXfEB FZJjj9Qdigt6vQi3n51KG+M3RS6m/Qhz0PI+dnFKRdlwsf+1kSatsv+aRI0Bv0XrmbxO Hv5PZ7u251Pgn+fZAs/EKpTYBxJPqcrH2i3FXaBqRH2bHelHlZdBSX2/QCfllqzZRt6a 725Wm4vrx1MntLsbOrkWld7GhZRIHK5fmq6ZF+kHJstsRP7uqQFDaTEmx0qBue2BidFu Iz8Q== X-Gm-Message-State: AJcUukcSErAgcUeumyKKoK41GPXgi6CgSr8k5hK7kTUKBqr+6PTB9svB 4nLDZnPeiss0qGmX4SuW3FRz9Q== X-Google-Smtp-Source: ALg8bN78mJgK6xZ/5WljlNajIYMALE8x1G19mXJq7BRVpS98X8tfzX5vbkovuPiA0T/fBIUsQ9vNrw== X-Received: by 2002:a63:7d06:: with SMTP id y6mr1229618pgc.171.1547514031573; Mon, 14 Jan 2019 17:00:31 -0800 (PST) Received: from hermes.lan (204-195-22-127.wavecable.com. [204.195.22.127]) by smtp.gmail.com with ESMTPSA id d68sm2082630pfa.64.2019.01.14.17.00.31 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Mon, 14 Jan 2019 17:00:31 -0800 (PST) Date: Mon, 14 Jan 2019 17:00:28 -0800 From: Stephen Hemminger To: Jiayu Hu Cc: dev@dpdk.org, konstantin.ananyev@intel.com, thomas@monjalon.net, stable@dpdk.org Message-ID: <20190114170028.68bdd4d7@hermes.lan> In-Reply-To: <1547132768-2384-1-git-send-email-jiayu.hu@intel.com> References: <1546927725-68831-1-git-send-email-jiayu.hu@intel.com> <1547132768-2384-1-git-send-email-jiayu.hu@intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Re: [dpdk-stable] [dpdk-dev] [PATCH v2] gro: add missing invalid packet checks X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 15 Jan 2019 01:00:32 -0000 On Thu, 10 Jan 2019 23:06:08 +0800 Jiayu Hu wrote: > + > +#define ILLEGAL_ETHER_HDRLEN(len) ((len) != ETHER_HDR_LEN) > +#define ILLEGAL_ETHER_VXLAN_HDRLEN(len) \ > + ((len) != (ETHER_VXLAN_HLEN + ETHER_HDR_LEN)) > +#define ILLEGAL_IPV4_HDRLEN(len) ((len) != sizeof(struct ipv4_hdr)) > +#define ILLEGAL_TCP_HDRLEN(len) \ > + (((len) < sizeof(struct tcp_hdr)) || ((len) > TCP_MAX_HLEN)) > + Why not inline (which keeps type checking) instead of macro. Results in same code. Also, prefer "invalid" instead "ILLEGAL" . There is no government inforcing a rule on packet headers. Also, what about ipv4 options, or TCP options? And even VXLAN header check should be more rigorous. What about not allowing fragments in IP header for example. If you are going to do enforcement, be as strict as you can.