[PATCH v1] gro: bug fix in identifying 0 length tcp packets
Morten Brørup
mb at smartsharesystems.com
Mon Apr 4 08:22:31 CEST 2022
> From: Kumara Parameshwaran [mailto:kumaraparamesh92 at gmail.com]
> Sent: Sunday, 3 April 2022 13.51
>
> As the minimum Ethernet frame size is 64 bytes, a 0 length
> tcp payload without tcp options would be 54 bytes and hence
> there would be padding. So it would be incorrect to use the
> packet length to determine the tcp data length.
>
> Fixes: 1e4cf4d6d4fb ("gro: cleanup")
> Cc: stable at dpdk.org
>
> Signed-off-by: Kumara Parameshwaran <kparameshwar at vmware.com>
> ---
> v1:
> Do not use packet length to determine the tcp data length as
> the packet length could have padded bytes. This would lead
> to addition of 0 length tcp packets into the GRO layer when
> there ethernet fram is padded.
> lib/gro/gro_tcp4.c | 5 ++---
> 1 file changed, 2 insertions(+), 3 deletions(-)
>
> diff --git a/lib/gro/gro_tcp4.c b/lib/gro/gro_tcp4.c
> index 7498c66..45e3f48 100644
> --- a/lib/gro/gro_tcp4.c
> +++ b/lib/gro/gro_tcp4.c
> @@ -198,7 +198,7 @@ gro_tcp4_reassemble(struct rte_mbuf *pkt,
> struct rte_tcp_hdr *tcp_hdr;
> uint32_t sent_seq;
> int32_t tcp_dl;
> - uint16_t ip_id, hdr_len, frag_off;
> + uint16_t ip_id, frag_off;
> uint8_t is_atomic;
>
> struct tcp4_flow_key key;
> @@ -217,7 +217,6 @@ gro_tcp4_reassemble(struct rte_mbuf *pkt,
> eth_hdr = rte_pktmbuf_mtod(pkt, struct rte_ether_hdr *);
> ipv4_hdr = (struct rte_ipv4_hdr *)((char *)eth_hdr + pkt-
> >l2_len);
> tcp_hdr = (struct rte_tcp_hdr *)((char *)ipv4_hdr + pkt->l3_len);
> - hdr_len = pkt->l2_len + pkt->l3_len + pkt->l4_len;
>
> /*
> * Don't process the packet which has FIN, SYN, RST, PSH, URG,
> ECE
> @@ -229,7 +228,7 @@ gro_tcp4_reassemble(struct rte_mbuf *pkt,
> * Don't process the packet whose payload length is less than or
> * equal to 0.
> */
> - tcp_dl = pkt->pkt_len - hdr_len;
> + tcp_dl = rte_be_to_cpu_16(ipv4_hdr->total_length) - (pkt->l3_len
> + pkt->l4_len);
> if (tcp_dl <= 0)
> return -1;
>
> --
> 2.7.4
>
Please confirm that this does not introduce a buffer overrun regarding malformed packets, e.g. a small packet with ipv4_hdr->total_length set to 65000.
I haven't looked at the patch in context, so my concern may be irrelevant.
-Morten
More information about the stable
mailing list