From: Kumara Parameshwaran <[email protected]>
When packet is padded with extra bytes the
the validation of the payload length should be done
after the trim operation
Fixes: b8a55871d5af ("gro: trim tail padding bytes")
Cc: [email protected]
Signed-off-by: Kumara Parameshwaran <[email protected]>
---
v1:
If there is padding to the ethernet frame cases where timestamp is
disabled
the packet length should be validated with the total ip length as
packet length
is used in the GRO merging logic
v2:
Trim the packet length and then check for the protocol payload
validation
lib/gro/gro_tcp4.c | 11 ++++++-----
lib/gro/gro_udp4.c | 10 +++++-----
2 files changed, 11 insertions(+), 10 deletions(-)
diff --git a/lib/gro/gro_tcp4.c b/lib/gro/gro_tcp4.c
index 8f5e800250..0014096e63 100644
--- a/lib/gro/gro_tcp4.c
+++ b/lib/gro/gro_tcp4.c
@@ -225,6 +225,12 @@ gro_tcp4_reassemble(struct rte_mbuf *pkt,
*/
if (tcp_hdr->tcp_flags != RTE_TCP_ACK_FLAG)
return -1;
+
+ /* trim the tail padding bytes */
+ ip_tlen = rte_be_to_cpu_16(ipv4_hdr->total_length);
+ if (pkt->pkt_len > (uint32_t)(ip_tlen + pkt->l2_len))
+ rte_pktmbuf_trim(pkt, pkt->pkt_len - ip_tlen - pkt->l2_len);
+
/*
* Don't process the packet whose payload length is less than or
* equal to 0.
@@ -233,11 +239,6 @@ gro_tcp4_reassemble(struct rte_mbuf *pkt,
if (tcp_dl <= 0)
return -1;
- /* trim the tail padding bytes */
- ip_tlen = rte_be_to_cpu_16(ipv4_hdr->total_length);
- if (pkt->pkt_len > (uint32_t)(ip_tlen + pkt->l2_len))
- rte_pktmbuf_trim(pkt, pkt->pkt_len - ip_tlen - pkt->l2_len);
-
/*
* Save IPv4 ID for the packet whose DF bit is 0. For the packet
* whose DF bit is 1, IPv4 ID is ignored.
diff --git a/lib/gro/gro_udp4.c b/lib/gro/gro_udp4.c
index 839f9748b7..42596d33b6 100644
--- a/lib/gro/gro_udp4.c
+++ b/lib/gro/gro_udp4.c
@@ -220,6 +220,11 @@ gro_udp4_reassemble(struct rte_mbuf *pkt,
if (!is_ipv4_fragment(ipv4_hdr))
return -1;
+ ip_dl = rte_be_to_cpu_16(ipv4_hdr->total_length);
+ /* trim the tail padding bytes */
+ if (pkt->pkt_len > (uint32_t)(ip_dl + pkt->l2_len))
+ rte_pktmbuf_trim(pkt, pkt->pkt_len - ip_dl - pkt->l2_len);
+
/*
* Don't process the packet whose payload length is less than or
* equal to 0.
@@ -227,14 +232,9 @@ gro_udp4_reassemble(struct rte_mbuf *pkt,
if (pkt->pkt_len <= hdr_len)
return -1;
- ip_dl = rte_be_to_cpu_16(ipv4_hdr->total_length);
if (ip_dl <= pkt->l3_len)
return -1;
- /* trim the tail padding bytes */
- if (pkt->pkt_len > (uint32_t)(ip_dl + pkt->l2_len))
- rte_pktmbuf_trim(pkt, pkt->pkt_len - ip_dl - pkt->l2_len);
-
ip_dl -= pkt->l3_len;
ip_id = rte_be_to_cpu_16(ipv4_hdr->packet_id);
frag_offset = rte_be_to_cpu_16(ipv4_hdr->fragment_offset);
--
2.25.1
