From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dev-bounces@dpdk.org>
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 5E5C345CE8;
	Mon, 11 Nov 2024 12:24:45 +0100 (CET)
Received: from mails.dpdk.org (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id E6CA240E0C;
	Mon, 11 Nov 2024 12:24:44 +0100 (CET)
Received: from fhigh-a4-smtp.messagingengine.com
 (fhigh-a4-smtp.messagingengine.com [103.168.172.155])
 by mails.dpdk.org (Postfix) with ESMTP id 1A1364060C
 for <dev@dpdk.org>; Mon, 11 Nov 2024 12:24:43 +0100 (CET)
Received: from phl-compute-05.internal (phl-compute-05.phl.internal
 [10.202.2.45])
 by mailfhigh.phl.internal (Postfix) with ESMTP id B7C2D114010D;
 Mon, 11 Nov 2024 06:24:42 -0500 (EST)
Received: from phl-mailfrontend-02 ([10.202.2.163])
 by phl-compute-05.internal (MEProxy); Mon, 11 Nov 2024 06:24:42 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=monjalon.net; h=
 cc:cc:content-transfer-encoding:content-type:content-type:date
 :date:from:from:in-reply-to:in-reply-to:message-id:mime-version
 :references:reply-to:subject:subject:to:to; s=fm3; t=1731324282;
 x=1731410682; bh=72pKY8Bq5xIDkp75pO0SkgOJ9oZ2i/VVluBB352TeVM=; b=
 Hn4mm/nGb0yKDrvvhQnVKBH6iqBOnFtZtvT2QTqa95sVmhbqmHInfdJAFtXzbSam
 OOg+Dt/WeQxv7/MhVJQgs3pZzxdGth+wwzQzyxfcUjYoDhF66HGTG6BZmmOvYj4w
 BbkHgVBHYKlcJwcJDlIjC11VCvigl66J7M4iKGwYM7TRJIdSI1m09jV5V56KiP/3
 XhVuTyU17ZejX6jgsmDGPYrHtBHHWONsQQSnIKYHpVl1uJlIwVYYwXEoUyfaVJtj
 7CsoIxvcMS2fj78DnAPBI8hg4Fr7vjuaOuYALjg6snLWHcDfYHeurJrnEVCrYzM5
 CTvZJnAf4ixcoWxHAU8C8g==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:cc:content-transfer-encoding
 :content-type:content-type:date:date:feedback-id:feedback-id
 :from:from:in-reply-to:in-reply-to:message-id:mime-version
 :references:reply-to:subject:subject:to:to:x-me-proxy
 :x-me-sender:x-me-sender:x-sasl-enc; s=fm3; t=1731324282; x=
 1731410682; bh=72pKY8Bq5xIDkp75pO0SkgOJ9oZ2i/VVluBB352TeVM=; b=F
 trbj8NDleKEC20sHi8s67OXaXp+xa5kek75WEl3u2HkTTUjGCZVc/VRmI4v9YqX4
 YFLvx22um3y9yQ04GU8XX5OohDEUHIW3MND/5NREQCDeEqs6Pp3TBECdDraZ0WPZ
 xgTvjV9XE8paWexWOO5/Iii9GnMeGhcJ8/PG5Lug/MGxWz8LtgFnbntuPFkFNSff
 rZKJi93vi+gHF19YgF4jtC0CVEpxkvO03g7WM8l5JSP1+Sk6OXKWymuf8KgHq5X5
 Eq62GTwMBvLS7PYCtrl1hXtRA4nkEA3qSp+Fwq2vO9W3eOYfLC8WKlusiGT1Z48r
 HaoinIr0lCgM/hQPTQCFQ==
X-ME-Sender: <xms:eukxZ6kO2LNv_I-s6v9zrNu3aKmN9Z3EMhC-ybXepwDrixu2S9GQkQ>
 <xme:eukxZx0w7AnOwuB3s83VlGVP_F47w4K_ZhH-hHzzoSbanQVwV09nIPWcgwyjwwnxV
 9pBLA3qSjRdwzWG3A>
X-ME-Received: <xmr:eukxZ4ri5uSgayVE7t86LMja9G_Fi7BZii0Lu12gDtcbTup52OaOhDJqI7YSBh1fnJ1Fe9-Vb99I78kPqa-v8jMStw>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeefuddruddvgddvjecutefuodetggdotefrodftvf
 curfhrohhfihhlvgemucfhrghsthforghilhdpggftfghnshhusghstghrihgsvgdpuffr
 tefokffrpgfnqfghnecuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnth
 hsucdlqddutddtmdenucfjughrpefhvfevufffkfgjfhgggfgtsehtufertddttdejnecu
 hfhrohhmpefvhhhomhgrshcuofhonhhjrghlohhnuceothhhohhmrghssehmohhnjhgrlh
 honhdrnhgvtheqnecuggftrfgrthhtvghrnhepjeduveehieevuddutdevfffgtdegkeeu
 veejffejgedtgeegkefgvdeugfefkeejnecuvehluhhsthgvrhfuihiivgeptdenucfrrg
 hrrghmpehmrghilhhfrhhomhepthhhohhmrghssehmohhnjhgrlhhonhdrnhgvthdpnhgs
 pghrtghpthhtohepgedpmhhouggvpehsmhhtphhouhhtpdhrtghpthhtohepvhhighhnvg
 hshhdrphhurhhushhhohhthhgrmhdrshhrihhnihhvrghssegvrhhitghsshhonhdrtgho
 mhdprhgtphhtthhopeguvghvseguphgukhdrohhrghdprhgtphhtthhopehkohhnshhtrg
 hnthhinhdrvhdrrghnrghnhigvvheshigrnhguvgigrdhruhdprhgtphhtthhopehsthgv
 phhhvghnsehnvghtfihorhhkphhluhhmsggvrhdrohhrgh
X-ME-Proxy: <xmx:eukxZ-nc8a1NkTDqFM6CGShZIrvD-_mSz5Bt6H-2pz16_-4SG8B3aA>
 <xmx:eukxZ40phE0_XI_NxxmYTsGU4343LOhPQWBcMZs2OQuuKGG8SJvR8g>
 <xmx:eukxZ1v7fNMLRu07h7BZLZ1F4evbVzBTWayfXV8EkkqJZDQ2xXYENw>
 <xmx:eukxZ0VZjGrDrSVW3VGg-EtX5ASrBBJCNyQgTswNqXpA56dV0SmCMw>
 <xmx:eukxZ7Trc_5AFrZS80ky_OPGZsH0JJsxJsiQaooeR7_iCRxKx_DCGbFl>
Feedback-ID: i47234305:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Mon,
 11 Nov 2024 06:24:41 -0500 (EST)
From: Thomas Monjalon <thomas@monjalon.net>
To: vignesh.purushotham.srinivas@ericsson.com
Cc: dev@dpdk.org, konstantin.v.ananyev@yandex.ru,
 Stephen Hemminger <stephen@networkplumber.org>
Subject: Re: [RFC] ip_frag: support IPv6 reassembly with extensions
Date: Mon, 11 Nov 2024 12:24:40 +0100
Message-ID: <14465732.5MRjnR8RnV@thomas>
In-Reply-To: <20240213195107.736fb1e4@hermes.local>
References: <20240213114727.550209-1-vignesh.purushotham.srinivas@ericsson.com>
 <20240213195107.736fb1e4@hermes.local>
MIME-Version: 1.0
Content-Transfer-Encoding: 7Bit
Content-Type: text/plain; charset="utf-8"
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org

14/02/2024 04:51, Stephen Hemminger:
> On Tue, 13 Feb 2024 12:47:27 +0100
> <vignesh.purushotham.srinivas@ericsson.com> wrote:
> 
> > +/*
> > + * Function to crawl through the extension header stack.
> > + * This function breaks as soon a the fragment header is
> > + * found and returns the total length the traversed exts
> > + * and the last extension before the fragment header
> > + */
> > +static inline uint32_t
> > +ip_frag_get_last_exthdr(struct rte_ipv6_hdr *ip_hdr, uint8_t **last_ext)
> > +{
> > +	uint32_t total_len = 0;
> > +	size_t ext_len = 0;
> > +	*last_ext = (uint8_t *)(ip_hdr + 1);
> > +	int next_proto = ip_hdr->proto;
> > +
> > +	while (next_proto != IPPROTO_FRAGMENT &&
> > +		(next_proto = rte_ipv6_get_next_ext(
> > +		*last_ext, next_proto, &ext_len)) >= 0) {
> > +
> > +		total_len += ext_len;
> > +
> > +		if (next_proto == IPPROTO_FRAGMENT)
> > +			return total_len;
> > +
> > +		*last_ext += ext_len;
> > +	}
> > +
> > +	return total_len;
> > +}
> 
> Doing endless loop like this opens up DoS attacks.
> Better to use rte_next_skip_ip6_ext() or do similar limited loop.

There was no reply to this interesting comment?