diff mbox

[ovs-dev] the host will be soft lookup when some illeagal packets attack host

Message ID 0FCB215400789046A95ECE23C3E46C518FDA6572@szxema505-mbx.china.huawei.com
State RFC
Headers show

Commit Message

zhangkun Aug. 9, 2016, 3:32 a.m. UTC 
if IHL in IP head is very small or zero , some illegal packets using IPPROTO_IPIP in the L4 layer protocol will lead to the death cycle.

For example of the packet header:

a0 5b f7 a8 44 4d 10 12 4e a8 bf 86 08 00 40 00
00 34 bb 84 40 00 40 04 fd e9 c0 a8 00 03 c0 a8
00 02 b6 9a 00 16 7a c0 a6 14 d0 e0 84 70 80 10
00 73 81 7c 00 00 01 01 08 0a 00 00 1d 90 00 05
d7 4f

Comments

Pravin Shelar Aug. 9, 2016, 3:48 p.m. UTC | #1 
On Mon, Aug 8, 2016 at 8:32 PM, Zhangkun (K) <zhang.zhangkun@huawei.com> wrote:
> diff --git a/datapath/linux/compat/flow_dissector.c b/datapath/linux/compat/flow_dissector.c
> index 3f42dba..4c5d023 100644
> --- a/datapath/linux/compat/flow_dissector.c
> +++ b/datapath/linux/compat/flow_dissector.c
> @@ -77,7 +77,7 @@ again:
>                 struct iphdr _iph;
> ip:
>                 iph = skb_header_pointer(skb, nhoff, sizeof(_iph), &_iph);
> -               if (!iph)
> +               if (!iph || iph->ihl < 5)
>                         return false;
>                 if (ip_is_fragment(iph))
>
>
Good catch. Can you send formal patch?

Thanks.
diff mbox

Patch

diff --git a/datapath/linux/compat/flow_dissector.c b/datapath/linux/compat/flow_dissector.c
index 3f42dba..4c5d023 100644
--- a/datapath/linux/compat/flow_dissector.c
+++ b/datapath/linux/compat/flow_dissector.c
@@ -77,7 +77,7 @@  again:
                struct iphdr _iph;
ip:
                iph = skb_header_pointer(skb, nhoff, sizeof(_iph), &_iph);
-               if (!iph)
+               if (!iph || iph->ihl < 5)
                        return false;
                if (ip_is_fragment(iph))