> > The IPv4 specification says that each fragment must at least the size of > an IP header plus 8 octets. When attempting to run ipfrag using a > smaller size, the fragment library will return successful completion, > even though it is a violation of RFC791 (and updates). > > Signed-off-by: Aaron Conole <acon...@redhat.com> > --- > lib/librte_ip_frag/rte_ipv4_fragmentation.c | 6 ++++++ > 1 file changed, 6 insertions(+) > > diff --git a/lib/librte_ip_frag/rte_ipv4_fragmentation.c > b/lib/librte_ip_frag/rte_ipv4_fragmentation.c > index 9e9f986cc5..4baaf6355c 100644 > --- a/lib/librte_ip_frag/rte_ipv4_fragmentation.c > +++ b/lib/librte_ip_frag/rte_ipv4_fragmentation.c > @@ -76,6 +76,12 @@ rte_ipv4_fragment_packet(struct rte_mbuf *pkt_in, > uint16_t fragment_offset, flag_offset, frag_size; > uint16_t frag_bytes_remaining; > > + /* > + * Ensure the IP fragmentation size is at least iphdr length + 8 octets > + */ > + if (unlikely(mtu_size < (sizeof(struct rte_ipv4_hdr) + 8*sizeof(char)))) > + return -EINVAL; > +
Same comment as for ipv6: ipv4 min MTU is 68B. Why do we need extra checking here? > /* > * Ensure the IP payload length of all fragments is aligned to a > * multiple of 8 bytes as per RFC791 section 2.3. > -- > 2.25.1
