aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAlexander Chernavin <achernavin@netgate.com>2023-11-14 11:33:46 +0000
committerMatthew Smith <mgsmith@netgate.com>2023-11-14 22:06:53 +0000
commitbae6b6d1f2a2e6623257afab21e05da2d795323a (patch)
treec1a5c6d0c0c4432734f61cc9b8bea92accaefedb
parentdd8f8dec50a4b572a09e3168a92c2a09db42b9f3 (diff)
flowprobe: fix L3 header offset calculation for tx flows
The recent TX flows generation fix introduced "l3_hdr_offset" which represents the offset of the IP header in the buffer's data. The problem is that it is erroneously defined as a 16-bit unsigned integer. If the calculated offset is negative, "l3_hdr_offset" will get a value close to UINT16_MAX. And the code will search the IP header somewhere beyond the buffer's data. For example, this will occur in the case when an ICMP error is being sent in response to a received packet. With this fix, make "l3_hdr_offset" a signed integer. Type: fix Change-Id: I6f1283c7ba02656d0f592519b5863e68348c5583 Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
-rw-r--r--src/plugins/flowprobe/node.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/plugins/flowprobe/node.c b/src/plugins/flowprobe/node.c
index 22bb6cea80a..7645f5d71c5 100644
--- a/src/plugins/flowprobe/node.c
+++ b/src/plugins/flowprobe/node.c
@@ -388,7 +388,7 @@ add_to_flow_record_state (vlib_main_t *vm, vlib_node_runtime_t *node,
vlib_buffer_get_current (b) :
ethernet_buffer_get_header (b);
u16 ethertype = clib_net_to_host_u16 (eth->type);
- u16 l3_hdr_offset = (u8 *) eth - b->data + sizeof (ethernet_header_t);
+ i16 l3_hdr_offset = (u8 *) eth - b->data + sizeof (ethernet_header_t);
/* *INDENT-OFF* */
flowprobe_key_t k = {};
/* *INDENT-ON* */