diff options
author | Chaoyu Jin <chjin@cisco.com> | 2018-02-28 10:15:53 -0800 |
---|---|---|
committer | Chaoyu Jin <chjin@cisco.com> | 2018-02-28 10:15:53 -0800 |
commit | a608b60641a5a2d482de5c2fbf2cb89e8c96d6d0 (patch) | |
tree | e9b30b8a26a741bfcf9a5ce53416618975090251 /src/vnet | |
parent | 3f8562eaab8a6a495debd8480f6ea31c6173d5d9 (diff) |
at af_packet input, drop partial packets to prevent l4 checksum deadloop at ouptut
Change-Id: I6f75b7328fd0aa71d00a701e36c8b4ad06bff3c4
Signed-off-by: Chaoyu Jin <chjin@cisco.com>
Diffstat (limited to 'src/vnet')
-rw-r--r-- | src/vnet/devices/af_packet/node.c | 21 |
1 files changed, 17 insertions, 4 deletions
diff --git a/src/vnet/devices/af_packet/node.c b/src/vnet/devices/af_packet/node.c index b627cfcb036..d74e56fd0e9 100644 --- a/src/vnet/devices/af_packet/node.c +++ b/src/vnet/devices/af_packet/node.c @@ -29,7 +29,8 @@ #include <vnet/devices/af_packet/af_packet.h> -#define foreach_af_packet_input_error +#define foreach_af_packet_input_error \ + _(PARTIAL_PKT, "partial packet") typedef enum { @@ -292,6 +293,21 @@ af_packet_device_input_fn (vlib_main_t * vm, vlib_node_runtime_t * node, to_next += 1; n_left_to_next--; + /* drop partial packets */ + if (PREDICT_FALSE (tph->tp_len != tph->tp_snaplen)) + { + next0 = VNET_DEVICE_INPUT_NEXT_DROP; + first_b0->error = + node->errors[AF_PACKET_INPUT_ERROR_PARTIAL_PKT]; + } + else + { + next0 = VNET_DEVICE_INPUT_NEXT_ETHERNET_INPUT; + /* redirect if feature path enabled */ + vnet_feature_start_device_input_x1 (apif->sw_if_index, &next0, + first_b0); + } + /* trace */ VLIB_BUFFER_TRACE_TRAJECTORY_INIT (first_b0); if (PREDICT_FALSE (n_trace > 0)) @@ -306,9 +322,6 @@ af_packet_device_input_fn (vlib_main_t * vm, vlib_node_runtime_t * node, clib_memcpy (&tr->tph, tph, sizeof (struct tpacket2_hdr)); } - /* redirect if feature path enabled */ - vnet_feature_start_device_input_x1 (apif->sw_if_index, &next0, b0); - /* enque and take next packet */ vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next, n_left_to_next, first_bi0, next0); |