examples/ipsec-secgw: fix over MTU packet crash
Checks
Commit Message
When sending an encrypted packet which size after encapsulation exceeds
MTU, ipsec-secgw application tries to fragment it. If --reassemble
option has not been set it results with a segmantation fault, because
fragmentation buckets have not been initialized.
Fix crashing by adding extra check: if --ressemble option has not been
set and packet exceeds MTU after encapsulation - drop it.
Fixes: b01d1cd213 ("examples/ipsec-secgw: support fragmentation and reassembly")
Cc: stable@dpdk.org
Signed-off-by: Marcin Smoczynski <marcinx.smoczynski@intel.com>
---
examples/ipsec-secgw/ipsec-secgw.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
Comments
> -----Original Message-----
> From: Smoczynski, MarcinX
> Sent: Tuesday, September 24, 2019 11:55 AM
> To: Ananyev, Konstantin <konstantin.ananyev@intel.com>; akhil.goyal@nxp.com
> Cc: dev@dpdk.org; Smoczynski, MarcinX <marcinx.smoczynski@intel.com>; stable@dpdk.org
> Subject: [PATCH] examples/ipsec-secgw: fix over MTU packet crash
>
> When sending an encrypted packet which size after encapsulation exceeds
> MTU, ipsec-secgw application tries to fragment it. If --reassemble
> option has not been set it results with a segmantation fault, because
> fragmentation buckets have not been initialized.
>
> Fix crashing by adding extra check: if --ressemble option has not been
> set and packet exceeds MTU after encapsulation - drop it.
>
> Fixes: b01d1cd213 ("examples/ipsec-secgw: support fragmentation and reassembly")
> Cc: stable@dpdk.org
>
> Signed-off-by: Marcin Smoczynski <marcinx.smoczynski@intel.com>
> ---
> examples/ipsec-secgw/ipsec-secgw.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec-secgw/ipsec-secgw.c
> index 0d1fd6af6..91c602436 100644
> --- a/examples/ipsec-secgw/ipsec-secgw.c
> +++ b/examples/ipsec-secgw/ipsec-secgw.c
> @@ -548,8 +548,10 @@ send_single_packet(struct rte_mbuf *m, uint16_t port, uint8_t proto)
> len++;
>
> /* need to fragment the packet */
> - } else
> + } else if (frag_tbl_sz > 0)
> len = send_fragment_packet(qconf, m, port, proto);
> + else
> + rte_pktmbuf_free(m);
>
> /* enough pkts to be sent */
> if (unlikely(len == MAX_PKT_BURST)) {
> --
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
> 2.17.1
> >
> > When sending an encrypted packet which size after encapsulation exceeds
> > MTU, ipsec-secgw application tries to fragment it. If --reassemble
> > option has not been set it results with a segmantation fault, because
> > fragmentation buckets have not been initialized.
> >
> > Fix crashing by adding extra check: if --ressemble option has not been
> > set and packet exceeds MTU after encapsulation - drop it.
> >
> > Fixes: b01d1cd213 ("examples/ipsec-secgw: support fragmentation and
> reassembly")
> > Cc: stable@dpdk.org
> >
> > Signed-off-by: Marcin Smoczynski <marcinx.smoczynski@intel.com>
> Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Applied to dpdk-next-crypto
Thanks.
@@ -548,8 +548,10 @@ send_single_packet(struct rte_mbuf *m, uint16_t port, uint8_t proto)
len++;
/* need to fragment the packet */
- } else
+ } else if (frag_tbl_sz > 0)
len = send_fragment_packet(qconf, m, port, proto);
+ else
+ rte_pktmbuf_free(m);
/* enough pkts to be sent */
if (unlikely(len == MAX_PKT_BURST)) {