diff options
Diffstat (limited to 'src/vnet/ip')
-rw-r--r-- | src/vnet/ip/ip.api | 6 | ||||
-rw-r--r-- | src/vnet/ip/ip4_input.h | 8 |
2 files changed, 11 insertions, 3 deletions
diff --git a/src/vnet/ip/ip.api b/src/vnet/ip/ip.api index 23e094b48a0..8a6ecc8da2f 100644 --- a/src/vnet/ip/ip.api +++ b/src/vnet/ip/ip.api @@ -1020,6 +1020,12 @@ counters ip4 { units "packets"; description "ip4 ttl <= 1"; }; + hdr_too_short { + severity error; + type counter64; + units "packets"; + description "ip4 IHL < 5"; + }; /* Errors signalled by ip4-rewrite. */ mtu_exceeded { diff --git a/src/vnet/ip/ip4_input.h b/src/vnet/ip/ip4_input.h index 57aef0bf77a..d2ed13fa35f 100644 --- a/src/vnet/ip/ip4_input.h +++ b/src/vnet/ip/ip4_input.h @@ -60,15 +60,17 @@ check_ver_opt_csum (ip4_header_t * ip, u8 * error, int verify_checksum) { if (PREDICT_FALSE (ip->ip_version_and_header_length != 0x45)) { - if ((ip->ip_version_and_header_length & 0xf) != 5) + if ((ip->ip_version_and_header_length & 0xf0) != 0x40) + *error = IP4_ERROR_VERSION; + else if ((ip->ip_version_and_header_length & 0x0f) < 5) + *error = IP4_ERROR_HDR_TOO_SHORT; + else { *error = IP4_ERROR_OPTIONS; if (verify_checksum && clib_ip_csum ((u8 *) ip, ip4_header_bytes (ip)) != 0) *error = IP4_ERROR_BAD_CHECKSUM; } - else - *error = IP4_ERROR_VERSION; } else if (PREDICT_FALSE (verify_checksum && clib_ip_csum ((u8 *) ip, sizeof (ip4_header_t)) != |