ligang/vpp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

igmp: validate ip router alert option length

Browse Source 
It's known there're one or more 32-bit increments in the ip
header. So just check ip router alert option length with minimal
performance impact, and don't care of the total options length.

Type: fix
Signed-off-by: Vladislav Grishenko <themiron@yandex-team.ru>
Signed-off-by: Dmitry Valter <d-valter@yandex-team.ru>
Change-Id: I46dd06516f793846b931a1dc8612f2735f8d24d3
This commit is contained in:
Vladislav Grishenko
2022-09-16 17:01:00 +00:00
committed by Neale Ranns
parent 755b529c11
commit a58dae61ae
2 changed files with 50 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/vnet/ip/ip4_options.c
View File

@ -77,6 +77,11 @@ VLIB_NODE_FN (ip4_options_node) (vlib_main_t * vm,
switch (options[0] & 0x7f)
{
case IP4_ROUTER_ALERT_OPTION:
/*
* check the option length
*/
if (options[1] != 4)
break;
/*
* if it's an IGMP packet, pass up the local stack
*/

60
test/test_igmp.py
View File

@ -218,7 +218,9 @@ class TestIgmp(VppTestCase):
dst="239.1.1.1",
tos=0xC0,
options=[
IPOption(copy_flag=1, optclass="control", option="router_alert")
IPOption(
copy_flag=1, optclass="control", option="router_alert", length=4
)
],
)
/ IGMPv3(type="Membership Query", mrcode=100)
@ -241,7 +243,9 @@ class TestIgmp(VppTestCase):
dst="239.1.1.1",
tos=0xC0,
options=[
IPOption(copy_flag=1, optclass="control", option="router_alert")
IPOption(
copy_flag=1, optclass="control", option="router_alert", length=4
)
],
)
/ IGMPv3(type="Membership Query", mrcode=100)
@ -264,7 +268,9 @@ class TestIgmp(VppTestCase):
dst="239.1.1.1",
tos=0xC0,
options=[
IPOption(copy_flag=1, optclass="control", option="router_alert")
IPOption(
copy_flag=1, optclass="control", option="router_alert", length=4
)
],
)
/ IGMPv3(type="Membership Query", mrcode=100)
@ -284,7 +290,9 @@ class TestIgmp(VppTestCase):
dst="239.1.1.1",
tos=0xC0,
options=[
IPOption(copy_flag=1, optclass="control", option="router_alert")
IPOption(
copy_flag=1, optclass="control", option="router_alert", length=4
)
],
)
/ IGMPv3(type="Membership Query", mrcode=100)
@ -305,7 +313,9 @@ class TestIgmp(VppTestCase):
dst="239.1.1.1",
tos=0xC0,
options=[
IPOption(copy_flag=1, optclass="control", option="router_alert")
IPOption(
copy_flag=1, optclass="control", option="router_alert", length=4
)
],
)
/ IGMPv3(type="Membership Query", mrcode=100)
@ -368,7 +378,9 @@ class TestIgmp(VppTestCase):
dst="239.1.1.1",
tos=0xC0,
options=[
IPOption(copy_flag=1, optclass="control", option="router_alert")
IPOption(
copy_flag=1, optclass="control", option="router_alert", length=4
)
],
)
/ IGMPv3(type="Membership Query", mrcode=100)
@ -581,7 +593,9 @@ class TestIgmp(VppTestCase):
tos=0xC0,
ttl=1,
options=[
IPOption(copy_flag=1, optclass="control", option="router_alert")
IPOption(
copy_flag=1, optclass="control", option="router_alert", length=4
)
],
)
/ IGMPv3(type="Version 3 Membership Report")
@ -599,7 +613,9 @@ class TestIgmp(VppTestCase):
dst="224.0.0.22",
tos=0xC0,
options=[
IPOption(copy_flag=1, optclass="control", option="router_alert")
IPOption(
copy_flag=1, optclass="control", option="router_alert", length=4
)
],
)
/ IGMPv3(type="Version 3 Membership Report")
@ -695,7 +711,9 @@ class TestIgmp(VppTestCase):
dst="224.0.0.22",
tos=0xC0,
options=[
IPOption(copy_flag=1, optclass="control", option="router_alert")
IPOption(
copy_flag=1, optclass="control", option="router_alert", length=4
)
],
)
/ IGMPv3(type="Version 3 Membership Report")
@ -769,7 +787,9 @@ class TestIgmp(VppTestCase):
tos=0xC0,
ttl=1,
options=[
IPOption(copy_flag=1, optclass="control", option="router_alert")
IPOption(
copy_flag=1, optclass="control", option="router_alert", length=4
)
],
)
/ IGMPv3(type="Version 3 Membership Report")
@ -791,7 +811,9 @@ class TestIgmp(VppTestCase):
tos=0xC0,
ttl=1,
options=[
IPOption(copy_flag=1, optclass="control", option="router_alert")
IPOption(
copy_flag=1, optclass="control", option="router_alert", length=4
)
],
)
/ IGMPv3(type="Version 3 Membership Report")
@ -817,7 +839,9 @@ class TestIgmp(VppTestCase):
tos=0xC0,
ttl=1,
options=[
IPOption(copy_flag=1, optclass="control", option="router_alert")
IPOption(
copy_flag=1, optclass="control", option="router_alert", length=4
)
],
)
/ IGMPv3(type="Version 3 Membership Report")
@ -844,7 +868,9 @@ class TestIgmp(VppTestCase):
tos=0xC0,
ttl=1,
options=[
IPOption(copy_flag=1, optclass="control", option="router_alert")
IPOption(
copy_flag=1, optclass="control", option="router_alert", length=4
)
],
)
/ IGMPv3(type="Version 3 Membership Report")
@ -865,7 +891,9 @@ class TestIgmp(VppTestCase):
tos=0xC0,
ttl=1,
options=[
IPOption(copy_flag=1, optclass="control", option="router_alert")
IPOption(
copy_flag=1, optclass="control", option="router_alert", length=4
)
],
)
/ IGMPv3(type="Version 3 Membership Report")
@ -894,7 +922,9 @@ class TestIgmp(VppTestCase):
tos=0xC0,
ttl=1,
options=[
IPOption(copy_flag=1, optclass="control", option="router_alert")
IPOption(
copy_flag=1, optclass="control", option="router_alert", length=4
)
],
)
/ IGMPv3(type="Version 3 Membership Report")