On Thu, 10 Jan 2019 23:06:08 +0800 Jiayu Hu <jiayu...@intel.com> wrote:
> + > +#define ILLEGAL_ETHER_HDRLEN(len) ((len) != ETHER_HDR_LEN) > +#define ILLEGAL_ETHER_VXLAN_HDRLEN(len) \ > + ((len) != (ETHER_VXLAN_HLEN + ETHER_HDR_LEN)) > +#define ILLEGAL_IPV4_HDRLEN(len) ((len) != sizeof(struct ipv4_hdr)) > +#define ILLEGAL_TCP_HDRLEN(len) \ > + (((len) < sizeof(struct tcp_hdr)) || ((len) > TCP_MAX_HLEN)) > + Why not inline (which keeps type checking) instead of macro. Results in same code. Also, prefer "invalid" instead "ILLEGAL" . There is no government inforcing a rule on packet headers. Also, what about ipv4 options, or TCP options? And even VXLAN header check should be more rigorous. What about not allowing fragments in IP header for example. If you are going to do enforcement, be as strict as you can.
