diff options
author | Dmitry Valter <d-valter@yandex-team.ru> | 2022-09-16 12:33:25 +0000 |
---|---|---|
committer | Beno�t Ganne <bganne@cisco.com> | 2022-09-27 14:25:05 +0000 |
commit | d9252468792d52373b7cab1b66eda5fe279f7cb5 (patch) | |
tree | c82492e6fbe2bf4aee0a528e5e21d9eab974c614 | |
parent | 522a5b33321ea198fe73f3180a692c316c63575f (diff) |
vnet: fix ip4 version and IHL check
Validate version and IHL regardless of present options.
Originally VPP would accept seriously damaged headers in case IHL != 5.
Type: fix
Signed-off-by: Dmitry Valter <d-valter@yandex-team.ru>
Change-Id: Ifd59622efa63dfad7f6e4858dec40ccac3274574
-rw-r--r-- | src/vnet/ip/ip.api | 6 | ||||
-rw-r--r-- | src/vnet/ip/ip4_input.h | 8 |
2 files changed, 11 insertions, 3 deletions
diff --git a/src/vnet/ip/ip.api b/src/vnet/ip/ip.api index 23e094b48a0..8a6ecc8da2f 100644 --- a/src/vnet/ip/ip.api +++ b/src/vnet/ip/ip.api @@ -1020,6 +1020,12 @@ counters ip4 { units "packets"; description "ip4 ttl <= 1"; }; + hdr_too_short { + severity error; + type counter64; + units "packets"; + description "ip4 IHL < 5"; + }; /* Errors signalled by ip4-rewrite. */ mtu_exceeded { diff --git a/src/vnet/ip/ip4_input.h b/src/vnet/ip/ip4_input.h index 57aef0bf77a..d2ed13fa35f 100644 --- a/src/vnet/ip/ip4_input.h +++ b/src/vnet/ip/ip4_input.h @@ -60,15 +60,17 @@ check_ver_opt_csum (ip4_header_t * ip, u8 * error, int verify_checksum) { if (PREDICT_FALSE (ip->ip_version_and_header_length != 0x45)) { - if ((ip->ip_version_and_header_length & 0xf) != 5) + if ((ip->ip_version_and_header_length & 0xf0) != 0x40) + *error = IP4_ERROR_VERSION; + else if ((ip->ip_version_and_header_length & 0x0f) < 5) + *error = IP4_ERROR_HDR_TOO_SHORT; + else { *error = IP4_ERROR_OPTIONS; if (verify_checksum && clib_ip_csum ((u8 *) ip, ip4_header_bytes (ip)) != 0) *error = IP4_ERROR_BAD_CHECKSUM; } - else - *error = IP4_ERROR_VERSION; } else if (PREDICT_FALSE (verify_checksum && clib_ip_csum ((u8 *) ip, sizeof (ip4_header_t)) != |