* [PATCH v2] gro: bug fix in identifying 0 length tcp packets
@ 2022-04-22 10:28 Kumara Parameshwaran
0 siblings, 0 replies; 3+ messages in thread
From: Kumara Parameshwaran @ 2022-04-22 10:28 UTC (permalink / raw)
To: jiayu.hu; +Cc: dev, Kumara Parameshwaran, stable, Kumara Parameshwaran
From: Kumara Parameshwaran <kumaraparamesh92@gmail.com>
As the minimum Ethernet frame size is 64 bytes, a 0 length
tcp payload without tcp options would be 54 bytes and hence
there would be padding. So it would be incorrect to use the
packet length to determine the tcp data length.
Fixes: 1e4cf4d6d4fb ("gro: cleanup")
Cc: stable@dpdk.org
Signed-off-by: Kumara Parameshwaran <kparameshwar@vmware.com>
---
v1:
Do not use packet length to determine the tcp data length as
the packet length could have padded bytes. This would lead
to addition of 0 length tcp packets into the GRO layer when
there ethernet fram is padded.
v2:
Since using ip packet length to determine the tcp data length,
validate the ip packet length
lib/gro/gro_tcp4.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/lib/gro/gro_tcp4.c b/lib/gro/gro_tcp4.c
index 7498c66..30f5922 100644
--- a/lib/gro/gro_tcp4.c
+++ b/lib/gro/gro_tcp4.c
@@ -198,7 +198,8 @@ gro_tcp4_reassemble(struct rte_mbuf *pkt,
struct rte_tcp_hdr *tcp_hdr;
uint32_t sent_seq;
int32_t tcp_dl;
- uint16_t ip_id, hdr_len, frag_off;
+ uint16_t ip_id, frag_off;
+ uint16_t ip_len;
uint8_t is_atomic;
struct tcp4_flow_key key;
@@ -217,7 +218,6 @@ gro_tcp4_reassemble(struct rte_mbuf *pkt,
eth_hdr = rte_pktmbuf_mtod(pkt, struct rte_ether_hdr *);
ipv4_hdr = (struct rte_ipv4_hdr *)((char *)eth_hdr + pkt->l2_len);
tcp_hdr = (struct rte_tcp_hdr *)((char *)ipv4_hdr + pkt->l3_len);
- hdr_len = pkt->l2_len + pkt->l3_len + pkt->l4_len;
/*
* Don't process the packet which has FIN, SYN, RST, PSH, URG, ECE
@@ -229,8 +229,9 @@ gro_tcp4_reassemble(struct rte_mbuf *pkt,
* Don't process the packet whose payload length is less than or
* equal to 0.
*/
- tcp_dl = pkt->pkt_len - hdr_len;
- if (tcp_dl <= 0)
+ ip_len = rte_be_to_cpu_16(ipv4_hdr->total_length);
+ tcp_dl = ip_len - (pkt->l3_len + pkt->l4_len);
+ if (tcp_dl <= 0 || ip_len > pkt->pkt_len)
return -1;
/*
--
2.7.4
^ permalink raw reply [flat|nested] 3+ messages in thread
* [PATCH v2] gro: bug fix in identifying 0 length tcp packets
2022-04-03 11:50 [PATCH v1] " Kumara Parameshwaran
@ 2022-04-22 10:32 ` Kumara Parameshwaran
0 siblings, 0 replies; 3+ messages in thread
From: Kumara Parameshwaran @ 2022-04-22 10:32 UTC (permalink / raw)
To: jiayu.hu; +Cc: dev, Kumara Parameshwaran, stable, Kumara Parameshwaran
From: Kumara Parameshwaran <kumaraparamesh92@gmail.com>
As the minimum Ethernet frame size is 64 bytes, a 0 length
tcp payload without tcp options would be 54 bytes and hence
there would be padding. So it would be incorrect to use the
packet length to determine the tcp data length.
Fixes: 1e4cf4d6d4fb ("gro: cleanup")
Cc: stable@dpdk.org
Signed-off-by: Kumara Parameshwaran <kparameshwar@vmware.com>
---
v1:
Do not use packet length to determine the tcp data length as
the packet length could have padded bytes. This would lead
to addition of 0 length tcp packets into the GRO layer when
there ethernet fram is padded.
v2:
Since using ip packet length to determine the tcp data length,
validate the ip packet length
lib/gro/gro_tcp4.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/lib/gro/gro_tcp4.c b/lib/gro/gro_tcp4.c
index 7498c66..30f5922 100644
--- a/lib/gro/gro_tcp4.c
+++ b/lib/gro/gro_tcp4.c
@@ -198,7 +198,8 @@ gro_tcp4_reassemble(struct rte_mbuf *pkt,
struct rte_tcp_hdr *tcp_hdr;
uint32_t sent_seq;
int32_t tcp_dl;
- uint16_t ip_id, hdr_len, frag_off;
+ uint16_t ip_id, frag_off;
+ uint16_t ip_len;
uint8_t is_atomic;
struct tcp4_flow_key key;
@@ -217,7 +218,6 @@ gro_tcp4_reassemble(struct rte_mbuf *pkt,
eth_hdr = rte_pktmbuf_mtod(pkt, struct rte_ether_hdr *);
ipv4_hdr = (struct rte_ipv4_hdr *)((char *)eth_hdr + pkt->l2_len);
tcp_hdr = (struct rte_tcp_hdr *)((char *)ipv4_hdr + pkt->l3_len);
- hdr_len = pkt->l2_len + pkt->l3_len + pkt->l4_len;
/*
* Don't process the packet which has FIN, SYN, RST, PSH, URG, ECE
@@ -229,8 +229,9 @@ gro_tcp4_reassemble(struct rte_mbuf *pkt,
* Don't process the packet whose payload length is less than or
* equal to 0.
*/
- tcp_dl = pkt->pkt_len - hdr_len;
- if (tcp_dl <= 0)
+ ip_len = rte_be_to_cpu_16(ipv4_hdr->total_length);
+ tcp_dl = ip_len - (pkt->l3_len + pkt->l4_len);
+ if (tcp_dl <= 0 || ip_len > pkt->pkt_len)
return -1;
/*
--
2.7.4
^ permalink raw reply [flat|nested] 3+ messages in thread
* [PATCH v2] gro: bug fix in identifying 0 length tcp packets
@ 2022-04-22 10:27 Kumara Parameshwaran
0 siblings, 0 replies; 3+ messages in thread
From: Kumara Parameshwaran @ 2022-04-22 10:27 UTC (permalink / raw)
To: jiayu.hu; +Cc: dev, Kumara Parameshwaran, stable, Kumara Parameshwaran
From: Kumara Parameshwaran <kumaraparamesh92@gmail.com>
As the minimum Ethernet frame size is 64 bytes, a 0 length
tcp payload without tcp options would be 54 bytes and hence
there would be padding. So it would be incorrect to use the
packet length to determine the tcp data length.
Fixes: 1e4cf4d6d4fb ("gro: cleanup")
Cc: stable@dpdk.org
Signed-off-by: Kumara Parameshwaran <kparameshwar@vmware.com>
---
v1:
Do not use packet length to determine the tcp data length as
the packet length could have padded bytes. This would lead
to addition of 0 length tcp packets into the GRO layer when
there ethernet fram is padded.
v2:
Since using ip packet length to determine the tcp data length,
validate the ip packet length
lib/gro/gro_tcp4.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/lib/gro/gro_tcp4.c b/lib/gro/gro_tcp4.c
index 7498c66..30f5922 100644
--- a/lib/gro/gro_tcp4.c
+++ b/lib/gro/gro_tcp4.c
@@ -198,7 +198,8 @@ gro_tcp4_reassemble(struct rte_mbuf *pkt,
struct rte_tcp_hdr *tcp_hdr;
uint32_t sent_seq;
int32_t tcp_dl;
- uint16_t ip_id, hdr_len, frag_off;
+ uint16_t ip_id, frag_off;
+ uint16_t ip_len;
uint8_t is_atomic;
struct tcp4_flow_key key;
@@ -217,7 +218,6 @@ gro_tcp4_reassemble(struct rte_mbuf *pkt,
eth_hdr = rte_pktmbuf_mtod(pkt, struct rte_ether_hdr *);
ipv4_hdr = (struct rte_ipv4_hdr *)((char *)eth_hdr + pkt->l2_len);
tcp_hdr = (struct rte_tcp_hdr *)((char *)ipv4_hdr + pkt->l3_len);
- hdr_len = pkt->l2_len + pkt->l3_len + pkt->l4_len;
/*
* Don't process the packet which has FIN, SYN, RST, PSH, URG, ECE
@@ -229,8 +229,9 @@ gro_tcp4_reassemble(struct rte_mbuf *pkt,
* Don't process the packet whose payload length is less than or
* equal to 0.
*/
- tcp_dl = pkt->pkt_len - hdr_len;
- if (tcp_dl <= 0)
+ ip_len = rte_be_to_cpu_16(ipv4_hdr->total_length);
+ tcp_dl = ip_len - (pkt->l3_len + pkt->l4_len);
+ if (tcp_dl <= 0 || ip_len > pkt->pkt_len)
return -1;
/*
--
2.7.4
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-04-22 10:32 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-04-22 10:28 [PATCH v2] gro: bug fix in identifying 0 length tcp packets Kumara Parameshwaran
-- strict thread matches above, loose matches on Subject: below --
2022-04-22 10:27 Kumara Parameshwaran
2022-04-03 11:50 [PATCH v1] " Kumara Parameshwaran
2022-04-22 10:32 ` [PATCH v2] " Kumara Parameshwaran
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).