On (10/17/16 12:49), Alexander Duyck wrote: > >> > /* Currently only IPv4/IPv6 with TCP is supported */ > >> > switch (hdr.ipv4->version) { > >> > case IPVERSION: > >> > /* access ihl as u8 to avoid unaligned access on ia64 */ > >> > hlen = (hdr.network[0] & 0x0F) << 2; > >> > + if (skb_tail_pointer(skb) < hdr.network + hlen + > >> > + sizeof(struct tcphdr)) > >> > + return; > >> > l4_proto = hdr.ipv4->protocol; > >> > break; > >> > case 6: > >> > hlen = hdr.network - skb->data; > >> > + if (skb_tail_pointer(skb) < hdr.network + hlen + > >> > + sizeof(struct tcphdr)) > >> > + return; > >> > l4_proto = ipv6_find_hdr(skb, &hlen, IPPROTO_TCP, NULL, > >> > NULL); > >> > hlen -= hdr.network - skb->data; > >> > break; : > >> So you probably need to add a check for "skb_tail_pointer(skb) < > >> (hdr.network + hlen + 20)". > > > > But isnt that the same thing as the checks before l4_proto computation > > above? > > Sort of. The problem is IPv6 can include extension headers and that > can totally mess with us. So we need to do one more check to verify > that we have enough space for IPv6 w/ TCP which would be hdr.raw + 20 > + hlenl.
Yes, you are right. So given that I already check that I have at least 40 bytes past the network header, and ipv6_find_hdr will pull up exthdrs as needed, my checks are not needed, and the real ones should happen after we come out of that switch(). --Sowmini