>> Signed-off-by: Raslan Darawsheh >> --- >> app/test-pmd/csumonly.c | 8 +++++--- >> 1 file changed, 5 insertions(+), 3 deletions(-) >> >> diff --git a/app/test-pmd/csumonly.c b/app/test-pmd/csumonly.c >> index 5b906eaa53..302cc4cc66 100644 >> --- a/app/test-pmd/csumonly.c >> +++ b/app/test-pmd/csumonly.c >> @@ -468,6 +468,7 @@ get_ethertype_by_ptype(struct rte_ether_hdr *eth_hdr, uint32_t ptype) >> { >> struct rte_vlan_hdr *vlan_hdr; >> uint16_t ethertype; >> + uint32_t i = 0; >> >> switch (ptype) { >> case RTE_PTYPE_L3_IPV4: >> @@ -486,10 +487,11 @@ get_ethertype_by_ptype(struct rte_ether_hdr *eth_hdr, uint32_t ptype) >> return _htons(RTE_ETHER_TYPE_IPV6); >> default: >> ethertype = eth_hdr->ether_type; >> - while (eth_hdr->ether_type == _htons(RTE_ETHER_TYPE_VLAN) || >> - eth_hdr->ether_type == _htons(RTE_ETHER_TYPE_QINQ)) { >> + while (ethertype == _htons(RTE_ETHER_TYPE_VLAN) || >> + ethertype == _htons(RTE_ETHER_TYPE_QINQ)) { >> vlan_hdr = (struct rte_vlan_hdr *) >> - ((char *)eth_hdr + sizeof(*eth_hdr)); v> + ((char *)eth_hdr + sizeof(*eth_hdr) + v> + (i * sizeof(struct rte_vlan_hdr))); >> ethertype = vlan_hdr->eth_proto; >> } >> return ethertype; >A loop like this is prone to getting attacked with a malicious packet. >You should cut it off after a few vlan headers. >Also. what if packet is truncated, shouldn't be reading past end of data. >And what if packet is fragmented, you need to use rte_pktmbuf_read() I’m trying to fix the current loop not really changing the logic, and I’m not sure we handled these cases originally. If needed, we can issue a separate patch for fixing these cases. Kindest regards Raslan Darawsheh