[dpdk-dev] [PATCH 1/4] ip_frag: ensure minimum v4 fragmentation length

Aaron Conole aconole at redhat.com
Tue Mar 31 18:07:11 CEST 2020


The IPv4 specification says that each fragment must at least the size of
an IP header plus 8 octets.  When attempting to run ipfrag using a
smaller size, the fragment library will return successful completion,
even though it is a violation of RFC791 (and updates).

Signed-off-by: Aaron Conole <aconole at redhat.com>
---
 lib/librte_ip_frag/rte_ipv4_fragmentation.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/lib/librte_ip_frag/rte_ipv4_fragmentation.c b/lib/librte_ip_frag/rte_ipv4_fragmentation.c
index 9e9f986cc5..4baaf6355c 100644
--- a/lib/librte_ip_frag/rte_ipv4_fragmentation.c
+++ b/lib/librte_ip_frag/rte_ipv4_fragmentation.c
@@ -76,6 +76,12 @@ rte_ipv4_fragment_packet(struct rte_mbuf *pkt_in,
 	uint16_t fragment_offset, flag_offset, frag_size;
 	uint16_t frag_bytes_remaining;
 
+	/*
+	 * Ensure the IP fragmentation size is at least iphdr length + 8 octets
+	 */
+	if (unlikely(mtu_size < (sizeof(struct rte_ipv4_hdr) + 8*sizeof(char))))
+		return -EINVAL;
+
 	/*
 	 * Ensure the IP payload length of all fragments is aligned to a
 	 * multiple of 8 bytes as per RFC791 section 2.3.
-- 
2.25.1



More information about the dev mailing list