From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-pg1-f194.google.com (mail-pg1-f194.google.com [209.85.215.194]) by dpdk.org (Postfix) with ESMTP id BEA061B3B4 for ; Tue, 8 Jan 2019 07:19:26 +0100 (CET) Received: by mail-pg1-f194.google.com with SMTP id y4so1239119pgc.12 for ; Mon, 07 Jan 2019 22:19:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=networkplumber-org.20150623.gappssmtp.com; s=20150623; h=date:from:to:cc:subject:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=Gfbl4hbJHuMEGqxWRcMCxdRr5wuZPnw8FlaChkoIDoA=; b=w+s4apsUX7B7Fy6eJWy61ZMs/+91qRh+dXpfBFzQvpjwED1oJ61VNabZZ44ZD/rndK yp6CRA26JOY/rYsi7ZahYxnvXpjN68tqxRndyPwE/YpMBXhge1Iss60HF0JGpILIq5VL Xy7mcFwjdVE2Ml0AuGqvsoSHOFrZo3AXj8Rv/Q/2XfyyYSEcxid9gXFzF1CGIfxs7JAO xqgQWlCgueF9Oo0IRzVl5jL7HGEbeLYOHksFbvSs96Ap6B6GGcW71UUKPTgrq8zB9tHv bqS0GbvBAMhQPF/k9e4hO89a9DCjuG418m/jNOeKl5FoPhHHGJjNgVxWTSQc/e+2ysf/ CN9g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Gfbl4hbJHuMEGqxWRcMCxdRr5wuZPnw8FlaChkoIDoA=; b=VsLwPnImRWmW/v4XGY3jYt/3ddmAxgqkilt4sBUB3pEQwy3AfsV1Z5oZp4cqrh0qgZ G/8vUVbdkxDysuPgfJxAQycy2cFbKMwLIsSLVARplnFzlQ2P32QaVYG8Uyb+HsgvwyMw ZfucDf1A6Omzofp5SpqEZ9edAHqZmNGu7YuWuLClb65aeWcwwj+kJG4FwMRLo811qeDf ELTZOqbXSNX0Z9pd49h8tF7KVhroE9o/Os0JX6AYj80HsyMGrhfgFm3SR+mt40mNiZS6 TZ9w7VnG76U8khZ0pXpZCo8BnCyo4cqS4LxIS6REsBZq9MSlqPjepkau/fgiifQbFmx/ xDeQ== X-Gm-Message-State: AJcUukeGfVWVJWfpj3+QVaEPpNnDxr+l8DfoKLZw/rSSLFARIe9ey4dQ PHiIrkAcQnLdDZeUMzG6STGPLA== X-Google-Smtp-Source: ALg8bN497wMITYit2g/N6BPKHbYxUGQ61QPqWEcVfPQml+tYb5bgFxQ3hzFjY51oHsmvulmuAMh+wA== X-Received: by 2002:a63:1d1d:: with SMTP id d29mr437016pgd.49.1546928365866; Mon, 07 Jan 2019 22:19:25 -0800 (PST) Received: from hermes.lan (204-195-22-127.wavecable.com. [204.195.22.127]) by smtp.gmail.com with ESMTPSA id u126sm142468280pgb.2.2019.01.07.22.19.25 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Mon, 07 Jan 2019 22:19:25 -0800 (PST) Date: Mon, 7 Jan 2019 22:19:18 -0800 From: Stephen Hemminger To: "Hu, Jiayu" Cc: "Richardson, Bruce" , "dev@dpdk.org" , "Bie, Tiwei" , "stable@dpdk.org" Message-ID: <20190107221918.1db62f1b@hermes.lan> In-Reply-To: References: <1546567036-29444-1-git-send-email-jiayu.hu@intel.com> <20190107142955.GC14912@bricha3-MOBL.ger.corp.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Re: [dpdk-dev] [PATCH] gro: fix overflow of TCP Options length calculation X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Jan 2019 06:19:27 -0000 On Tue, 8 Jan 2019 01:22:18 +0000 "Hu, Jiayu" wrote: > > -----Original Message----- > > From: Richardson, Bruce > > Sent: Monday, January 7, 2019 10:30 PM > > To: Hu, Jiayu > > Cc: dev@dpdk.org; Bie, Tiwei ; stable@dpdk.org > > Subject: Re: [dpdk-dev] [PATCH] gro: fix overflow of TCP Options length > > calculation > > > > On Fri, Jan 04, 2019 at 09:57:16AM +0800, Jiayu Hu wrote: > > > If we receive a packet with an invalid TCP header, whose > > > TCP header length is less than 20 bytes (the minimal TCP > > > header length), the calculated TCP Options length will > > > overflow and result in incorrect reassembly behaviors. > > > > Please explain how changing the "len" type fixes this behaviour. > > Originally, 'uint16_t len = RTE_MAX(tcp_hl, tcp_hl_orig) - sizeof(struct tcp_hdr)'. > When the TCP header length of an input packet is less than 20, which is the value of > sizeof(struct tcp_hdr), the value of len will overflow. For example, if TCP header lengths > of input packets are 14, the value of 'len' will be 65529 (65535-6). After then, we will > compare TCP options via memcmp(tcp_hdr+1,..., len), which would cause segment fault. For future safety, GRO should check header lengths for IP and TCP before looking at packet. It is basic structure hygiene