ip: extension header parsing fails for fragment header

Refactor and improve boundary checking on IPv6 extension header handling. Limit parsing of IPv6 extension headers to a maximum of 4 headers and a depth of 256 bytes. Type: fix Signed-off-by: Ole Troan <ot@cisco.com> Change-Id: Ide40aaa2b482ceef7e92f02fa0caeadb3b8f7556 Signed-off-by: Ole Troan <ot@cisco.com>
author: Ole Troan <ot@cisco.com> 2021-11-23 15:55:39 +0100
committer: Damjan Marion <dmarion@me.com> 2021-12-03 09:35:30 +0000
commit: 03092c1982468ff6ffe260b0215f910d4c486b04 (patch)
tree: 0d58999070b677d38e2aa2f5da4341383beedbb3 /src/vnet/ip/ip6_format.c
parent: 2008912b56abbf3167faf9b787df76605684d9e1 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/src/vnet/ip/ip6_format.c b/src/vnet/ip/ip6_format.c
index 1b8ff1e0ab0..1a1bef26aa6 100644
--- a/src/vnet/ip/ip6_format.c
+++ b/src/vnet/ip/ip6_format.c
@@ -288,7 +288,7 @@ format_ip6_header (u8 * s, va_list * args)
 	    "\n%Utos 0x%02x, flow label 0x%x, hop limit %d, payload length %d",
 	    format_white_space, indent, traffic_class, flow_label,
 	    ip->hop_limit, clib_net_to_host_u16 (ip->payload_length));
-
+#if 0
   /* Recurse into next protocol layer. */
   if (max_header_bytes != 0 && sizeof (ip[0]) < max_header_bytes)
     {
@@ -301,7 +301,7 @@ format_ip6_header (u8 * s, va_list * args)
 		    /* next protocol header */ (void *) (ip + 1),
 		    max_header_bytes - sizeof (ip[0]));
     }
-
+#endif
   return s;
 }
author	Ole Troan <ot@cisco.com>	2021-11-23 15:55:39 +0100
committer	Damjan Marion <dmarion@me.com>	2021-12-03 09:35:30 +0000
commit	03092c1982468ff6ffe260b0215f910d4c486b04 (patch)
tree	0d58999070b677d38e2aa2f5da4341383beedbb3 /src/vnet/ip/ip6_format.c
parent	2008912b56abbf3167faf9b787df76605684d9e1 (diff)