[dpdk-dev] [PATCH v3 3/4] ip_frag: ipv6 fragments must not be resubmitted to fragmentation
Aaron Conole
aconole at redhat.com
Tue Apr 7 14:40:58 CEST 2020
"Ananyev, Konstantin" <konstantin.ananyev at intel.com> writes:
>> IPv6 only allows traffic source nodes to fragment,
>
> Yes.
>
>> so submitting
>> a packet with next header of IPPROTO_FRAGMENT would be invalid.
>
> If only source is allowed to fragment packet, then this check seems
> redundant, no?
Hrrm? How so? Is there something that prevents someone from calling
the library function twice?
> I can't imagine source calling fragment() twice for the same packet, and
> I don't see any point for us to check such situations.
Should we not check any error conditions at all? I don't understand.
> Besides, strictly speaking the check below is insufficient,
> as fragmentation ext header could be not the first one.
You're right - we could probably walk next headers until we see one of
the auth header types or upper layer header as "next header". I can
respin with that if you'd like.
> Konstantin
>
>>
>> Signed-off-by: Aaron Conole <aconole at redhat.com>
>> ---
>> lib/librte_ip_frag/rte_ipv6_fragmentation.c | 4 ++++
>> 1 file changed, 4 insertions(+)
>>
>> diff --git a/lib/librte_ip_frag/rte_ipv6_fragmentation.c b/lib/librte_ip_frag/rte_ipv6_fragmentation.c
>> index 820a5dc725..aebcfa4325 100644
>> --- a/lib/librte_ip_frag/rte_ipv6_fragmentation.c
>> +++ b/lib/librte_ip_frag/rte_ipv6_fragmentation.c
>> @@ -106,6 +106,10 @@ rte_ipv6_fragment_packet(struct rte_mbuf *pkt_in,
>>
>> in_hdr = rte_pktmbuf_mtod(pkt_in, struct rte_ipv6_hdr *);
>>
>> + /* Fragmenting a fragmented packet?! */
>> + if (unlikely(in_hdr->proto == IPPROTO_FRAGMENT))
>> + return -ENOTSUP;
>> +
>> in_seg = pkt_in;
>> in_seg_data_pos = sizeof(struct rte_ipv6_hdr);
>> out_pkt_pos = 0;
>> --
>> 2.25.1
More information about the dev
mailing list