From 156084b3255cea8fdf0386b7dff11051efb61531 Mon Sep 17 00:00:00 2001 From: Chaoyu Jin Date: Wed, 28 Feb 2018 10:15:53 -0800 Subject: at af_packet input, drop partial packets to prevent l4 checksum deadloop at ouptut Change-Id: I6f75b7328fd0aa71d00a701e36c8b4ad06bff3c4 Signed-off-by: Chaoyu Jin --- src/vnet/devices/af_packet/node.c | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) diff --git a/src/vnet/devices/af_packet/node.c b/src/vnet/devices/af_packet/node.c index b627cfcb036..d74e56fd0e9 100644 --- a/src/vnet/devices/af_packet/node.c +++ b/src/vnet/devices/af_packet/node.c @@ -29,7 +29,8 @@ #include -#define foreach_af_packet_input_error +#define foreach_af_packet_input_error \ + _(PARTIAL_PKT, "partial packet") typedef enum { @@ -292,6 +293,21 @@ af_packet_device_input_fn (vlib_main_t * vm, vlib_node_runtime_t * node, to_next += 1; n_left_to_next--; + /* drop partial packets */ + if (PREDICT_FALSE (tph->tp_len != tph->tp_snaplen)) + { + next0 = VNET_DEVICE_INPUT_NEXT_DROP; + first_b0->error = + node->errors[AF_PACKET_INPUT_ERROR_PARTIAL_PKT]; + } + else + { + next0 = VNET_DEVICE_INPUT_NEXT_ETHERNET_INPUT; + /* redirect if feature path enabled */ + vnet_feature_start_device_input_x1 (apif->sw_if_index, &next0, + first_b0); + } + /* trace */ VLIB_BUFFER_TRACE_TRAJECTORY_INIT (first_b0); if (PREDICT_FALSE (n_trace > 0)) @@ -306,9 +322,6 @@ af_packet_device_input_fn (vlib_main_t * vm, vlib_node_runtime_t * node, clib_memcpy (&tr->tph, tph, sizeof (struct tpacket2_hdr)); } - /* redirect if feature path enabled */ - vnet_feature_start_device_input_x1 (apif->sw_if_index, &next0, b0); - /* enque and take next packet */ vlib_validate_buffer_enqueue_x1 (vm, node, next_index, to_next, n_left_to_next, first_bi0, next0); -- cgit 1.2.3-korg