On Sun, 23 Mar 2025 14:28:22 +0200
Raslan Darawsheh <rasl...@nvidia.com> wrote:
> Signed-off-by: Raslan Darawsheh <rasl...@nvidia.com>
> ---
> app/test-pmd/csumonly.c | 8 +++++---
> 1 file changed, 5 insertions(+), 3 deletions(-)
>
> diff --git a/app/test-pmd/csumonly.c b/app/test-pmd/csumonly.c
> index 5b906eaa53..302cc4cc66 100644
> --- a/app/test-pmd/csumonly.c
> +++ b/app/test-pmd/csumonly.c
> @@ -468,6 +468,7 @@ get_ethertype_by_ptype(struct rte_ether_hdr *eth_hdr,
> uint32_t ptype)
> {
> struct rte_vlan_hdr *vlan_hdr;
> uint16_t ethertype;
> + uint32_t i = 0;
>
> switch (ptype) {
> case RTE_PTYPE_L3_IPV4:
> @@ -486,10 +487,11 @@ get_ethertype_by_ptype(struct rte_ether_hdr *eth_hdr,
> uint32_t ptype)
> return _htons(RTE_ETHER_TYPE_IPV6);
> default:
> ethertype = eth_hdr->ether_type;
> - while (eth_hdr->ether_type == _htons(RTE_ETHER_TYPE_VLAN) ||
> - eth_hdr->ether_type == _htons(RTE_ETHER_TYPE_QINQ)) {
> + while (ethertype == _htons(RTE_ETHER_TYPE_VLAN) ||
> + ethertype == _htons(RTE_ETHER_TYPE_QINQ)) {
> vlan_hdr = (struct rte_vlan_hdr *)
> - ((char *)eth_hdr + sizeof(*eth_hdr));
> + ((char *)eth_hdr + sizeof(*eth_hdr) +
> + (i * sizeof(struct rte_vlan_hdr)));
> ethertype = vlan_hdr->eth_proto;
> }
> return ethertype;
A loop like this is prone to getting attacked with a malicious packet.
You should cut it off after a few vlan headers.
Also. what if packet is truncated, shouldn't be reading past end of data.
And what if packet is fragmented, you need to use rte_pktmbuf_read()
