ligang/vpp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

vnet: fix ip4 version and IHL check

Browse Source 
Validate version and IHL regardless of present options.
Originally VPP would accept seriously damaged headers in case IHL != 5.

Type: fix
Signed-off-by: Dmitry Valter <d-valter@yandex-team.ru>
Change-Id: Ifd59622efa63dfad7f6e4858dec40ccac3274574
This commit is contained in:
Dmitry Valter
2022-09-16 12:33:25 +00:00
committed by Beno�t Ganne
parent 522a5b3332
commit d925246879
2 changed files with 11 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/vnet/ip/ip.api
View File

@ -1020,6 +1020,12 @@ counters ip4 {
units "packets"; units "packets";
description "ip4 ttl <= 1"; description "ip4 ttl <= 1";
}; };
hdr_too_short {
severity error;
type counter64;
units "packets";
description "ip4 IHL < 5";
};
/* Errors signalled by ip4-rewrite. */ /* Errors signalled by ip4-rewrite. */
mtu_exceeded { mtu_exceeded {

8
src/vnet/ip/ip4_input.h
View File

@ -60,15 +60,17 @@ check_ver_opt_csum (ip4_header_t * ip, u8 * error, int verify_checksum)
{ {
if (PREDICT_FALSE (ip->ip_version_and_header_length != 0x45)) if (PREDICT_FALSE (ip->ip_version_and_header_length != 0x45))
{ {
if ((ip->ip_version_and_header_length & 0xf) != 5) if ((ip->ip_version_and_header_length & 0xf0) != 0x40)
*error = IP4_ERROR_VERSION;
else if ((ip->ip_version_and_header_length & 0x0f) < 5)
*error = IP4_ERROR_HDR_TOO_SHORT;
else
{ {
*error = IP4_ERROR_OPTIONS; *error = IP4_ERROR_OPTIONS;
if (verify_checksum && if (verify_checksum &&
clib_ip_csum ((u8 *) ip, ip4_header_bytes (ip)) != 0) clib_ip_csum ((u8 *) ip, ip4_header_bytes (ip)) != 0)
*error = IP4_ERROR_BAD_CHECKSUM; *error = IP4_ERROR_BAD_CHECKSUM;
} }
else
*error = IP4_ERROR_VERSION;
} }
else if (PREDICT_FALSE (verify_checksum && else if (PREDICT_FALSE (verify_checksum &&
clib_ip_csum ((u8 *) ip, sizeof (ip4_header_t)) != clib_ip_csum ((u8 *) ip, sizeof (ip4_header_t)) !=