aboutsummaryrefslogtreecommitdiffstats
path: root/src/vnet
diff options
context:
space:
mode:
authorChaoyu Jin <chjin@cisco.com>2018-02-28 10:15:53 -0800
committerChaoyu Jin <chjin@cisco.com>2018-02-28 10:15:53 -0800
commita608b60641a5a2d482de5c2fbf2cb89e8c96d6d0 (patch)
treee9b30b8a26a741bfcf9a5ce53416618975090251 /src/vnet
parent3f8562eaab8a6a495debd8480f6ea31c6173d5d9 (diff)
at af_packet input, drop partial packets to prevent l4 checksum deadloop at ouptut
Change-Id: I6f75b7328fd0aa71d00a701e36c8b4ad06bff3c4 Signed-off-by: Chaoyu Jin <chjin@cisco.com>
Diffstat (limited to 'src/vnet')
-rw-r--r--src/vnet/devices/af_packet/node.c21
1 files changed, 17 insertions, 4 deletions
diff --git a/src/vnet/devices/af_packet/node.c b/src/vnet/devices/af_packet/node.c
index b627cfcb036..d74e56fd0e9 100644
--- a/src/vnet/devices/af_packet/node.c
+++ b/src/vnet/devices/af_packet/node.c
@@ -29,7 +29,8 @@
#include <vnet/devices/af_packet/af_packet.h>
-#define foreach_af_packet_input_error
+#define foreach_af_packet_input_error \
+ _(PARTIAL_PKT, "partial packet")
typedef enum
{
@@ -292,6 +293,21 @@ af_packet_device_input_fn (vlib_main_t * vm, vlib_node_runtime_t * node,
to_next += 1;
n_left_to_next--;
+ /* drop partial packets */
+ if (PREDICT_FALSE (tph->tp_len != tph->tp_snaplen))
+ {
+ next0 = VNET_DEVICE_INPUT_NEXT_DROP;
+ first_b0->error =
+ node->errors[AF_PACKET_INPUT_ERROR_PARTIAL_PKT];
+ }
+ else
+ {
+ next0 = VNET_DEVICE_INPUT_NEXT_ETHERNET_INPUT;
+ /* redirect if feature path enabled */
+ vnet_feature_start_device_input_x1 (apif->sw_if_index, &next0,
+ first_b0);
+ }
+
/* trace */
VLIB_BUFFER_TRACE_TRAJECTORY_INIT (first_b0);
if (PREDICT_FALSE (n_trace > 0))
@@ -306,9 +322,6 @@ af_packet_device_input_fn (vlib_main_t * vm, vlib_node_runtime_t * node,
clib_memcpy (&tr->tph, tph, sizeof (struct tpacket2_hdr));
}
- /* redirect if feature path enabled */
- vnet_feature_start_device_input_x1 (apif->sw_if_index, &next0, b0);
-
/* enque and take next packet */
vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next,
n_left_to_next, first_bi0, next0);