aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDmitry Valter <d-valter@yandex-team.ru>2022-09-16 12:33:25 +0000
committerBeno�t Ganne <bganne@cisco.com>2022-09-27 14:25:05 +0000
commitd9252468792d52373b7cab1b66eda5fe279f7cb5 (patch)
treec82492e6fbe2bf4aee0a528e5e21d9eab974c614
parent522a5b33321ea198fe73f3180a692c316c63575f (diff)
vnet: fix ip4 version and IHL check
Validate version and IHL regardless of present options. Originally VPP would accept seriously damaged headers in case IHL != 5. Type: fix Signed-off-by: Dmitry Valter <d-valter@yandex-team.ru> Change-Id: Ifd59622efa63dfad7f6e4858dec40ccac3274574
-rw-r--r--src/vnet/ip/ip.api6
-rw-r--r--src/vnet/ip/ip4_input.h8
2 files changed, 11 insertions, 3 deletions
diff --git a/src/vnet/ip/ip.api b/src/vnet/ip/ip.api
index 23e094b48a0..8a6ecc8da2f 100644
--- a/src/vnet/ip/ip.api
+++ b/src/vnet/ip/ip.api
@@ -1020,6 +1020,12 @@ counters ip4 {
units "packets";
description "ip4 ttl <= 1";
};
+ hdr_too_short {
+ severity error;
+ type counter64;
+ units "packets";
+ description "ip4 IHL < 5";
+ };
/* Errors signalled by ip4-rewrite. */
mtu_exceeded {
diff --git a/src/vnet/ip/ip4_input.h b/src/vnet/ip/ip4_input.h
index 57aef0bf77a..d2ed13fa35f 100644
--- a/src/vnet/ip/ip4_input.h
+++ b/src/vnet/ip/ip4_input.h
@@ -60,15 +60,17 @@ check_ver_opt_csum (ip4_header_t * ip, u8 * error, int verify_checksum)
{
if (PREDICT_FALSE (ip->ip_version_and_header_length != 0x45))
{
- if ((ip->ip_version_and_header_length & 0xf) != 5)
+ if ((ip->ip_version_and_header_length & 0xf0) != 0x40)
+ *error = IP4_ERROR_VERSION;
+ else if ((ip->ip_version_and_header_length & 0x0f) < 5)
+ *error = IP4_ERROR_HDR_TOO_SHORT;
+ else
{
*error = IP4_ERROR_OPTIONS;
if (verify_checksum &&
clib_ip_csum ((u8 *) ip, ip4_header_bytes (ip)) != 0)
*error = IP4_ERROR_BAD_CHECKSUM;
}
- else
- *error = IP4_ERROR_VERSION;
}
else if (PREDICT_FALSE (verify_checksum &&
clib_ip_csum ((u8 *) ip, sizeof (ip4_header_t)) !=