On (10/17/16 12:49), Alexander Duyck wrote:
> >> > /* Currently only IPv4/IPv6 with TCP is supported */
> >> > switch (hdr.ipv4->version) {
> >> > case IPVERSION:
> >> > /* access ihl as u8 to avoid unaligned access on ia64 */
> >> > hlen = (hdr.network[0] & 0x0F) << 2;
> >> > + if (skb_tail_pointer(skb) < hdr.network + hlen +
> >> > + sizeof(struct tcphdr))
> >> > + return;
> >> > l4_proto = hdr.ipv4->protocol;
> >> > break;
> >> > case 6:
> >> > hlen = hdr.network - skb->data;
> >> > + if (skb_tail_pointer(skb) < hdr.network + hlen +
> >> > + sizeof(struct tcphdr))
> >> > + return;
> >> > l4_proto = ipv6_find_hdr(skb, &hlen, IPPROTO_TCP, NULL,
> >> > NULL);
> >> > hlen -= hdr.network - skb->data;
> >> > break;
:
> >> So you probably need to add a check for "skb_tail_pointer(skb) <
> >> (hdr.network + hlen + 20)".
> >
> > But isnt that the same thing as the checks before l4_proto computation
> > above?
>
> Sort of. The problem is IPv6 can include extension headers and that
> can totally mess with us. So we need to do one more check to verify
> that we have enough space for IPv6 w/ TCP which would be hdr.raw + 20
> + hlenl.
Yes, you are right. So given that I already check that I have
at least 40 bytes past the network header, and ipv6_find_hdr
will pull up exthdrs as needed, my checks are not needed, and the
real ones should happen after we come out of that switch().
--Sowmini
