diff options
| author |   Dave Barach <dave@barachs.net> | 2019-09-04 12:09:32 -0400 |
|---|---|---|
| committer |   John Lo <loj@cisco.com> | 2019-09-07 03:49:39 +0000 |
| commit | 157f1cd34952759fd8c35976e68c9885537168ad (patch) | |
| tree | d62ccb0e2b59df907cc557fd25c53d33aafbd224 /src/vnet/ip | |
| parent | 623a1b7053424b539a51faf866ab839d3da3f45b (diff) | |
ip: fix udp/tcp checksum corner cases
When checksumming chained buffers with odd lengths: insert a
NULL byte, or the calculation fails.
Type: fix
Signed-off-by: Dave Barach <dave@barachs.net>
Signed-off-by: John Lo <loj@cisco.com>
Change-Id: I380f7c42897bdb28c8c29aa1c4cdaaa849cc9ecc
(cherry picked from commit c4abafd83df38051765352785b146277734701f4)
Diffstat (limited to 'src/vnet/ip')
| -rw-r--r-- | src/vnet/ip/ip4_forward.c | 18 | ||||
| -rw-r--r-- | src/vnet/ip/ip6_forward.c | 18 |
2 files changed, 31 insertions, 5 deletions
diff --git a/src/vnet/ip/ip4_forward.c b/src/vnet/ip/ip4_forward.c index 754bb21fe67..9ceb2063e11 100644 --- a/src/vnet/ip/ip4_forward.c +++ b/src/vnet/ip/ip4_forward.c @@ -1148,7 +1148,8 @@ ip4_tcp_udp_compute_checksum (vlib_main_t * vm, vlib_buffer_t * p0, u32 ip_header_length, payload_length_host_byte_order; u32 n_this_buffer, n_bytes_left, n_ip_bytes_this_buffer; u16 sum16; - void *data_this_buffer; + u8 *data_this_buffer; + u8 length_odd; /* Initialize checksum with ip header. */ ip_header_length = ip4_header_bytes (ip0); @@ -1172,7 +1173,7 @@ ip4_tcp_udp_compute_checksum (vlib_main_t * vm, vlib_buffer_t * p0, ip_csum_with_carry (sum0, clib_mem_unaligned (&ip0->src_address, u64)); n_bytes_left = n_this_buffer = payload_length_host_byte_order; - data_this_buffer = (void *) ip0 + ip_header_length; + data_this_buffer = (u8 *) ip0 + ip_header_length; n_ip_bytes_this_buffer = p0->current_length - (((u8 *) ip0 - p0->data) - p0->current_data); if (n_this_buffer + ip_header_length > n_ip_bytes_this_buffer) @@ -1180,6 +1181,7 @@ ip4_tcp_udp_compute_checksum (vlib_main_t * vm, vlib_buffer_t * p0, n_this_buffer = n_ip_bytes_this_buffer > ip_header_length ? n_ip_bytes_this_buffer - ip_header_length : 0; } + while (1) { sum0 = ip_incremental_checksum (sum0, data_this_buffer, n_this_buffer); @@ -1191,13 +1193,23 @@ ip4_tcp_udp_compute_checksum (vlib_main_t * vm, vlib_buffer_t * p0, if (!(p0->flags & VLIB_BUFFER_NEXT_PRESENT)) return 0xfefe; + length_odd = (n_this_buffer & 1); + p0 = vlib_get_buffer (vm, p0->next_buffer); data_this_buffer = vlib_buffer_get_current (p0); n_this_buffer = clib_min (p0->current_length, n_bytes_left); + + if (PREDICT_FALSE (length_odd)) + { + /* Prepend a 0 or the resulting checksum will be incorrect. */ + data_this_buffer--; + n_this_buffer++; + n_bytes_left++; + data_this_buffer[0] = 0; + } } sum16 = ~ip_csum_fold (sum0); - return sum16; } diff --git a/src/vnet/ip/ip6_forward.c b/src/vnet/ip/ip6_forward.c index b990d7c45d2..f9e3e0a0ab3 100644 --- a/src/vnet/ip/ip6_forward.c +++ b/src/vnet/ip/ip6_forward.c @@ -910,7 +910,8 @@ ip6_tcp_udp_icmp_compute_checksum (vlib_main_t * vm, vlib_buffer_t * p0, u16 sum16, payload_length_host_byte_order; u32 i, n_this_buffer, n_bytes_left; u32 headers_size = sizeof (ip0[0]); - void *data_this_buffer; + u8 *data_this_buffer; + u8 length_odd; ASSERT (bogus_lengthp); *bogus_lengthp = 0; @@ -918,7 +919,7 @@ ip6_tcp_udp_icmp_compute_checksum (vlib_main_t * vm, vlib_buffer_t * p0, /* Initialize checksum with ip header. */ sum0 = ip0->payload_length + clib_host_to_net_u16 (ip0->protocol); payload_length_host_byte_order = clib_net_to_host_u16 (ip0->payload_length); - data_this_buffer = (void *) (ip0 + 1); + data_this_buffer = (u8 *) (ip0 + 1); for (i = 0; i < ARRAY_LEN (ip0->src_address.as_uword); i++) { @@ -971,14 +972,27 @@ ip6_tcp_udp_icmp_compute_checksum (vlib_main_t * vm, vlib_buffer_t * p0, if (n_bytes_left == 0) break; + ASSERT (p0->flags & VLIB_BUFFER_NEXT_PRESENT); if (!(p0->flags & VLIB_BUFFER_NEXT_PRESENT)) { *bogus_lengthp = 1; return 0xfefe; } + + length_odd = (n_this_buffer & 1); + p0 = vlib_get_buffer (vm, p0->next_buffer); data_this_buffer = vlib_buffer_get_current (p0); n_this_buffer = clib_min (p0->current_length, n_bytes_left); + + if (PREDICT_FALSE (length_odd)) + { + /* Prepend a 0 or the resulting checksum will be incorrect. */ + data_this_buffer--; + n_this_buffer++; + n_bytes_left++; + data_this_buffer[0] = 0; + } } sum16 = ~ip_csum_fold (sum0); |