By aligning vnet_buffer_opaque.ip.save_rewrite_length and
vnet_buffer_opaque.ip.reass.save_rewrite_length we prevent shallow
virtual reassembly code from overwrite save_rewrite_length, allowing
other features down the pipe to rely on this value.
A static assert is added to guard this alignment.
Type: fix
Fixes:
f126e746fc01c75bc99329d10ce9127b26b23814
Change-Id: Ie7c7f3abc2a221bbcf2830c0f006a4368088b342
Signed-off-by: Klement Sekera <ksekera@cisco.com>
/* shallow virtual reassembly output variables */
struct
{
- u8 ip_proto; /* protocol in ip header */
- u8 icmp_type_or_tcp_flags;
- u8 is_non_first_fragment;
- u8 save_rewrite_length;
u16 l4_src_port; /* tcp/udp/icmp src port */
u16 l4_dst_port; /* tcp/udp/icmp dst port */
u32 tcp_ack_number;
+ u8 save_rewrite_length;
+ u8 ip_proto; /* protocol in ip header */
+ u8 icmp_type_or_tcp_flags;
+ u8 is_non_first_fragment;
u32 tcp_seq_number;
};
/* full reassembly output variables */
&& VNET_REWRITE_TOTAL_BYTES < UINT8_MAX,
"save_rewrite_length member must be able to hold the max value of rewrite length");
+STATIC_ASSERT (STRUCT_OFFSET_OF (vnet_buffer_opaque_t, ip.save_rewrite_length)
+ == STRUCT_OFFSET_OF (vnet_buffer_opaque_t,
+ ip.reass.save_rewrite_length)
+ && STRUCT_OFFSET_OF (vnet_buffer_opaque_t,
+ mpls.save_rewrite_length) ==
+ STRUCT_OFFSET_OF (vnet_buffer_opaque_t,
+ ip.reass.save_rewrite_length),
+ "save_rewrite_length must be aligned so that reass doesn't overwrite it");
+
/*
* The opaque field of the vlib_buffer_t is interpreted as a
* vnet_buffer_opaque_t. Hence it should be big enough to accommodate one.
{
next0 = IP4_SV_REASSEMBLY_NEXT_INPUT;
}
- vnet_buffer (b0)->ip.reass.save_rewrite_length =
- vnet_buffer (b0)->ip.save_rewrite_length;
vnet_buffer (b0)->ip.reass.is_non_first_fragment = 0;
vnet_buffer (b0)->ip.reass.ip_proto = ip0->protocol;
if (IP_PROTOCOL_TCP == ip0->protocol)
{
next0 = IP4_SV_REASSEMBLY_NEXT_INPUT;
}
- vnet_buffer (b0)->ip.reass.save_rewrite_length =
- vnet_buffer (b0)->ip.save_rewrite_length;
vnet_buffer (b0)->ip.reass.is_non_first_fragment =
! !fragment_first;
vnet_buffer (b0)->ip.reass.ip_proto = reass->ip_proto;
to_next[0] = bi0;
to_next += 1;
n_left_to_next -= 1;
- ASSERT (vnet_buffer (b0)->ip.save_rewrite_length < (2 << 14));
- vnet_buffer (b0)->ip.reass.save_rewrite_length =
- vnet_buffer (b0)->ip.save_rewrite_length;
vnet_buffer (b0)->ip.reass.is_non_first_fragment =
! !ip4_get_fragment_offset (vlib_buffer_get_current (b0));
vnet_buffer (b0)->ip.reass.ip_proto = reass->ip_proto;
next0 = IP6_SV_REASSEMBLY_NEXT_DROP;
goto packet_enqueue;
}
- ASSERT (vnet_buffer (b0)->ip.save_rewrite_length < (2 << 14));
- vnet_buffer (b0)->ip.reass.save_rewrite_length =
- vnet_buffer (b0)->ip.save_rewrite_length;
vnet_buffer (b0)->ip.reass.is_non_first_fragment = 0;
next0 = IP6_SV_REASSEMBLY_NEXT_INPUT;
if (PREDICT_FALSE (b0->flags & VLIB_BUFFER_IS_TRACED))
if (reass->is_complete)
{
- ASSERT (vnet_buffer (b0)->ip.save_rewrite_length < (2 << 14));
- vnet_buffer (b0)->ip.reass.save_rewrite_length =
- vnet_buffer (b0)->ip.save_rewrite_length;
vnet_buffer (b0)->ip.reass.is_non_first_fragment =
! !ip6_frag_hdr_offset (frag_hdr);
vnet_buffer (b0)->ip.reass.ip_proto = reass->ip_proto;
frag_hdr =
vlib_buffer_get_current (b0) +
vnet_buffer (b0)->ip.reass.ip6_frag_hdr_offset;
- ASSERT (vnet_buffer (b0)->ip.save_rewrite_length < (2 << 14));
- vnet_buffer (b0)->ip.reass.save_rewrite_length =
- vnet_buffer (b0)->ip.save_rewrite_length;
vnet_buffer (b0)->ip.reass.is_non_first_fragment =
! !ip6_frag_hdr_offset (frag_hdr);
vnet_buffer (b0)->ip.reass.ip_proto = reass->ip_proto;