summaryrefslogtreecommitdiffstats
path: root/src/vnet
diff options
context:
space:
mode:
authorDave Barach <dave@barachs.net>2019-09-04 12:09:32 -0400
committerJohn Lo <loj@cisco.com>2019-09-07 03:49:39 +0000
commit157f1cd34952759fd8c35976e68c9885537168ad (patch)
treed62ccb0e2b59df907cc557fd25c53d33aafbd224 /src/vnet
parent623a1b7053424b539a51faf866ab839d3da3f45b (diff)
ip: fix udp/tcp checksum corner cases
When checksumming chained buffers with odd lengths: insert a NULL byte, or the calculation fails. Type: fix Signed-off-by: Dave Barach <dave@barachs.net> Signed-off-by: John Lo <loj@cisco.com> Change-Id: I380f7c42897bdb28c8c29aa1c4cdaaa849cc9ecc (cherry picked from commit c4abafd83df38051765352785b146277734701f4)
Diffstat (limited to 'src/vnet')
-rw-r--r--src/vnet/ip/ip4_forward.c18
-rw-r--r--src/vnet/ip/ip6_forward.c18
2 files changed, 31 insertions, 5 deletions
diff --git a/src/vnet/ip/ip4_forward.c b/src/vnet/ip/ip4_forward.c
index 754bb21fe67..9ceb2063e11 100644
--- a/src/vnet/ip/ip4_forward.c
+++ b/src/vnet/ip/ip4_forward.c
@@ -1148,7 +1148,8 @@ ip4_tcp_udp_compute_checksum (vlib_main_t * vm, vlib_buffer_t * p0,
u32 ip_header_length, payload_length_host_byte_order;
u32 n_this_buffer, n_bytes_left, n_ip_bytes_this_buffer;
u16 sum16;
- void *data_this_buffer;
+ u8 *data_this_buffer;
+ u8 length_odd;
/* Initialize checksum with ip header. */
ip_header_length = ip4_header_bytes (ip0);
@@ -1172,7 +1173,7 @@ ip4_tcp_udp_compute_checksum (vlib_main_t * vm, vlib_buffer_t * p0,
ip_csum_with_carry (sum0, clib_mem_unaligned (&ip0->src_address, u64));
n_bytes_left = n_this_buffer = payload_length_host_byte_order;
- data_this_buffer = (void *) ip0 + ip_header_length;
+ data_this_buffer = (u8 *) ip0 + ip_header_length;
n_ip_bytes_this_buffer =
p0->current_length - (((u8 *) ip0 - p0->data) - p0->current_data);
if (n_this_buffer + ip_header_length > n_ip_bytes_this_buffer)
@@ -1180,6 +1181,7 @@ ip4_tcp_udp_compute_checksum (vlib_main_t * vm, vlib_buffer_t * p0,
n_this_buffer = n_ip_bytes_this_buffer > ip_header_length ?
n_ip_bytes_this_buffer - ip_header_length : 0;
}
+
while (1)
{
sum0 = ip_incremental_checksum (sum0, data_this_buffer, n_this_buffer);
@@ -1191,13 +1193,23 @@ ip4_tcp_udp_compute_checksum (vlib_main_t * vm, vlib_buffer_t * p0,
if (!(p0->flags & VLIB_BUFFER_NEXT_PRESENT))
return 0xfefe;
+ length_odd = (n_this_buffer & 1);
+
p0 = vlib_get_buffer (vm, p0->next_buffer);
data_this_buffer = vlib_buffer_get_current (p0);
n_this_buffer = clib_min (p0->current_length, n_bytes_left);
+
+ if (PREDICT_FALSE (length_odd))
+ {
+ /* Prepend a 0 or the resulting checksum will be incorrect. */
+ data_this_buffer--;
+ n_this_buffer++;
+ n_bytes_left++;
+ data_this_buffer[0] = 0;
+ }
}
sum16 = ~ip_csum_fold (sum0);
-
return sum16;
}
diff --git a/src/vnet/ip/ip6_forward.c b/src/vnet/ip/ip6_forward.c
index b990d7c45d2..f9e3e0a0ab3 100644
--- a/src/vnet/ip/ip6_forward.c
+++ b/src/vnet/ip/ip6_forward.c
@@ -910,7 +910,8 @@ ip6_tcp_udp_icmp_compute_checksum (vlib_main_t * vm, vlib_buffer_t * p0,
u16 sum16, payload_length_host_byte_order;
u32 i, n_this_buffer, n_bytes_left;
u32 headers_size = sizeof (ip0[0]);
- void *data_this_buffer;
+ u8 *data_this_buffer;
+ u8 length_odd;
ASSERT (bogus_lengthp);
*bogus_lengthp = 0;
@@ -918,7 +919,7 @@ ip6_tcp_udp_icmp_compute_checksum (vlib_main_t * vm, vlib_buffer_t * p0,
/* Initialize checksum with ip header. */
sum0 = ip0->payload_length + clib_host_to_net_u16 (ip0->protocol);
payload_length_host_byte_order = clib_net_to_host_u16 (ip0->payload_length);
- data_this_buffer = (void *) (ip0 + 1);
+ data_this_buffer = (u8 *) (ip0 + 1);
for (i = 0; i < ARRAY_LEN (ip0->src_address.as_uword); i++)
{
@@ -971,14 +972,27 @@ ip6_tcp_udp_icmp_compute_checksum (vlib_main_t * vm, vlib_buffer_t * p0,
if (n_bytes_left == 0)
break;
+ ASSERT (p0->flags & VLIB_BUFFER_NEXT_PRESENT);
if (!(p0->flags & VLIB_BUFFER_NEXT_PRESENT))
{
*bogus_lengthp = 1;
return 0xfefe;
}
+
+ length_odd = (n_this_buffer & 1);
+
p0 = vlib_get_buffer (vm, p0->next_buffer);
data_this_buffer = vlib_buffer_get_current (p0);
n_this_buffer = clib_min (p0->current_length, n_bytes_left);
+
+ if (PREDICT_FALSE (length_odd))
+ {
+ /* Prepend a 0 or the resulting checksum will be incorrect. */
+ data_this_buffer--;
+ n_this_buffer++;
+ n_bytes_left++;
+ data_this_buffer[0] = 0;
+ }
}
sum16 = ~ip_csum_fold (sum0);