Re: [vpp-dev] Query regarding packet validation checks in ip6_local

Wed, 03 Nov 2021 05:21:31 -0700 

Pankaj,

>     In file vnet/ip/ip6_forward.c(VPP 21.01), function ip6_local_inline(), 
> the node's packet processing has the following check:
> 
>           if (PREDICT_FALSE (need_csum))
>             {
>               flags = ip6_tcp_udp_icmp_validate_checksum (vm, b[0]);
>               good_l4_csum = flags & VNET_BUFFER_F_L4_CHECKSUM_CORRECT;
>               error = IP6_ERROR_UNKNOWN_PROTOCOL;
>             }
>           else
>             {
>               if (ip6_tcp_udp_icmp_bad_length (vm, b[0]))
>                 error = IP6_ERROR_BAD_LENGTH;
>             }
> 
> Kindly explain the reason behind the checksum and the length validation being 
> under the if-else check, making the length validation not applicable for the 
> case when checksum validation is applicable.
> 
> Also, in the function ip6_tcp_udp_icmp_bad_length (refer the below snippet), 
> the function seems to assume that the hop-by-hop extension header shall 
> always be present. Is it that, IPv6 hop-by-hop extension header has to be 
> mandatorily present?

Indeed. That code looks quite questionable.
A good start would perhaps be to write tests showing where it fails? Then that 
will make refactoring and fixing afterwards.

Best regards,
Ole

> 
> static_always_inline u8
> ip6_tcp_udp_icmp_bad_length (vlib_main_t * vm, vlib_buffer_t * p0)
> {
> 
>   u16 payload_length_host_byte_order;
>   u32 n_this_buffer, n_bytes_left;
>   ip6_header_t *ip0 = vlib_buffer_get_current (p0);
>   u32 headers_size = sizeof (ip0[0]);
>   u8 *data_this_buffer;
> 
>   data_this_buffer = (u8 *) (ip0 + 1);
> 
>   ip6_hop_by_hop_ext_t *ext_hdr = (ip6_hop_by_hop_ext_t *) data_this_buffer;
> 
>   /* validate really icmp6 next */
> 
>   if (!(ext_hdr->next_hdr == IP_PROTOCOL_ICMP6)
>       || (ext_hdr->next_hdr == IP_PROTOCOL_UDP))
>     return 0;
>   ::
>   ::
> 
> 
> Thanks,
> Pankaj Malhotra
> 
> 
>

Attachment: signature.asc
Description: Message signed with OpenPGP

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#20413): https://lists.fd.io/g/vpp-dev/message/20413
Mute This Topic: https://lists.fd.io/mt/86774091/21656
Group Owner: vpp-dev+ow...@lists.fd.io
Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to