On Mon, Jun 2, 2025 at 10:28 PM Suchit Karunakaran
<suchitkarunaka...@gmail.com> wrote:
>
> From: Suchit <suchitkarunaka...@gmail.com>
>
> Add validation step to ensure that the UDP payload is
> long enough to contain the expected GUE and UNIGUE encapsulation
> headers
>
> Signed-off-by: Suchit <suchitkarunaka...@gmail.com>
> ---
>
> Changes since v2:
> - Rebase
>
> tools/testing/selftests/bpf/progs/test_cls_redirect.c | 8 +++++++-
> 1 file changed, 7 insertions(+), 1 deletion(-)
>
> diff --git a/tools/testing/selftests/bpf/progs/test_cls_redirect.c
> b/tools/testing/selftests/bpf/progs/test_cls_redirect.c
> index f344c6835e84..c1d2eaee2e77 100644
> --- a/tools/testing/selftests/bpf/progs/test_cls_redirect.c
> +++ b/tools/testing/selftests/bpf/progs/test_cls_redirect.c
> @@ -978,7 +978,14 @@ int cls_redirect(struct __sk_buff *skb)
> return TC_ACT_OK;
> }
>
> - /* TODO Check UDP length? */
> + uint16_t udp_len = bpf_ntohs(encap->udp.len);
> + uint16_t min_encap_len = sizeof(encap->udp) + sizeof(encap->gue) +
> sizeof(encap->unigue);
> +
> + if (udp_len < min_encap_len) {
> + metrics->errors_total_malformed_encapsulation++;
> + return TC_ACT_SHOT;
> + }
I don't quite see the point.
This is a test prog. It's not supposed to be used as production code.
