> -----Original Message-----
> From: Kumara Parameshwaran <kumaraparames...@gmail.com>
> Sent: Sunday, October 16, 2022 10:43 PM
> To: Hu, Jiayu <jiayu...@intel.com>
> Cc: dev@dpdk.org; Kumara Parameshwaran
> <kumaraparames...@gmail.com>; sta...@dpdk.org
> Subject: [PATCH v2] gro : check for payload length after the trim
>
> From: Kumara Parameshwaran <kumaraparames...@gmail.com>
>
> When packet is padded with extra bytes the the validation of the payload
> length should be done after the trim operation
>
> Fixes: b8a55871d5af ("gro: trim tail padding bytes")
> Cc: sta...@dpdk.org
>
> Signed-off-by: Kumara Parameshwaran <kumaraparames...@gmail.com>
> ---
> v1:
> If there is padding to the ethernet frame cases where timestamp is
> disabled
> the packet length should be validated with the total ip length as
> packet length
> is used in the GRO merging logic
>
> v2:
> Trim the packet length and then check for the protocol payload
> validation lib/gro/gro_tcp4.c | 11 ++++++----- lib/gro/gro_udp4.c | 10
> +++++-----
> 2 files changed, 11 insertions(+), 10 deletions(-)
>
> diff --git a/lib/gro/gro_tcp4.c b/lib/gro/gro_tcp4.c index
> 8f5e800250..0014096e63 100644
> --- a/lib/gro/gro_tcp4.c
> +++ b/lib/gro/gro_tcp4.c
> @@ -225,6 +225,12 @@ gro_tcp4_reassemble(struct rte_mbuf *pkt,
> */
> if (tcp_hdr->tcp_flags != RTE_TCP_ACK_FLAG)
> return -1;
> +
> + /* trim the tail padding bytes */
> + ip_tlen = rte_be_to_cpu_16(ipv4_hdr->total_length);
> + if (pkt->pkt_len > (uint32_t)(ip_tlen + pkt->l2_len))
> + rte_pktmbuf_trim(pkt, pkt->pkt_len - ip_tlen - pkt->l2_len);
> +
> /*
> * Don't process the packet whose payload length is less than or
> * equal to 0.
> @@ -233,11 +239,6 @@ gro_tcp4_reassemble(struct rte_mbuf *pkt,
> if (tcp_dl <= 0)
> return -1;
>
> - /* trim the tail padding bytes */
> - ip_tlen = rte_be_to_cpu_16(ipv4_hdr->total_length);
> - if (pkt->pkt_len > (uint32_t)(ip_tlen + pkt->l2_len))
> - rte_pktmbuf_trim(pkt, pkt->pkt_len - ip_tlen - pkt->l2_len);
> -
> /*
> * Save IPv4 ID for the packet whose DF bit is 0. For the packet
> * whose DF bit is 1, IPv4 ID is ignored.
> diff --git a/lib/gro/gro_udp4.c b/lib/gro/gro_udp4.c index
> 839f9748b7..42596d33b6 100644
> --- a/lib/gro/gro_udp4.c
> +++ b/lib/gro/gro_udp4.c
> @@ -220,6 +220,11 @@ gro_udp4_reassemble(struct rte_mbuf *pkt,
> if (!is_ipv4_fragment(ipv4_hdr))
> return -1;
>
> + ip_dl = rte_be_to_cpu_16(ipv4_hdr->total_length);
> + /* trim the tail padding bytes */
> + if (pkt->pkt_len > (uint32_t)(ip_dl + pkt->l2_len))
> + rte_pktmbuf_trim(pkt, pkt->pkt_len - ip_dl - pkt->l2_len);
> +
> /*
> * Don't process the packet whose payload length is less than or
> * equal to 0.
> @@ -227,14 +232,9 @@ gro_udp4_reassemble(struct rte_mbuf *pkt,
> if (pkt->pkt_len <= hdr_len)
> return -1;
>
> - ip_dl = rte_be_to_cpu_16(ipv4_hdr->total_length);
> if (ip_dl <= pkt->l3_len)
> return -1;
>
> - /* trim the tail padding bytes */
> - if (pkt->pkt_len > (uint32_t)(ip_dl + pkt->l2_len))
> - rte_pktmbuf_trim(pkt, pkt->pkt_len - ip_dl - pkt->l2_len);
> -
> ip_dl -= pkt->l3_len;
> ip_id = rte_be_to_cpu_16(ipv4_hdr->packet_id);
> frag_offset = rte_be_to_cpu_16(ipv4_hdr->fragment_offset);
> --
> 2.25.1
Acked-by: Jiayu Hu <jiayu...@intel.com>
Thanks,
Jiayu
