}
else
{
- ip4_header_t *fip = vlib_buffer_get_current (b0);
- const u32 fragment_first = ip4_get_fragment_offset_bytes (fip);
+ const u32 fragment_first = ip4_get_fragment_offset_bytes (ip0);
const u32 fragment_length =
- clib_net_to_host_u16 (fip->length) - ip4_header_bytes (fip);
+ clib_net_to_host_u16 (ip0->length) - ip4_header_bytes (ip0);
const u32 fragment_last = fragment_first + fragment_length - 1;
- if (fragment_first > fragment_last
- || fragment_first + fragment_length > UINT16_MAX - 20)
+ if (fragment_first > fragment_last || fragment_first + fragment_length > UINT16_MAX - 20 || (fragment_length < 8 && ip4_get_fragment_more (ip0))) // 8 is minimum frag length per RFC 791
{
next0 = IP4_REASSEMBLY_NEXT_DROP;
error0 = IP4_ERROR_REASS_MALFORMED_PACKET;
def test_5737(self):
""" fragment length + ip header size > 65535 """
+ self.vapi.cli("clear errors")
raw = ('E\x00\x00\x88,\xf8\x1f\xfe@\x01\x98\x00\xc0\xa8\n-\xc0\xa8\n'
'\x01\x08\x00\xf0J\xed\xcb\xf1\xf5Test-group: IPv4.IPv4.ipv4-'
'message.Ethernet-Payload.IPv4-Packet.IPv4-Header.Fragment-Of'
self.pg_start()
self.dst_if.get_capture(1)
- self.assert_packet_counter_equal(
- "/err/ip4-reassembly-feature/malformed packets", 1)
+ self.assert_packet_counter_equal("ip4-reassembly-feature", 1)
+ # TODO remove above, uncomment below once clearing of counters
+ # is supported
+ # self.assert_packet_counter_equal(
+ # "/err/ip4-reassembly-feature/malformed packets", 1)
def test_44924(self):
""" compress tiny fragments """
self.dst_if.get_capture(1)
+ def test_frag_1(self):
+ """ fragment of size 1 """
+ self.vapi.cli("clear errors")
+ malformed_packets = [(Ether(dst=self.src_if.local_mac,
+ src=self.src_if.remote_mac) /
+ IP(id=7, len=21, flags="MF", frag=0, ttl=64,
+ src=self.src_if.remote_ip4,
+ dst=self.dst_if.remote_ip4) /
+ ICMP(type="echo-request")),
+ (Ether(dst=self.src_if.local_mac,
+ src=self.src_if.remote_mac) /
+ IP(id=7, len=21, frag=1, ttl=64,
+ src=self.src_if.remote_ip4,
+ dst=self.dst_if.remote_ip4) /
+ Raw(load='\x08')),
+ ]
+
+ p = (Ether(dst=self.src_if.local_mac, src=self.src_if.remote_mac) /
+ IP(id=1000, src=self.src_if.remote_ip4,
+ dst=self.dst_if.remote_ip4) /
+ UDP(sport=1234, dport=5678) /
+ Raw("X" * 1000))
+ valid_fragments = fragment_rfc791(p, 400)
+
+ self.pg_enable_capture()
+ self.src_if.add_stream(malformed_packets + valid_fragments)
+ self.pg_start()
+
+ self.dst_if.get_capture(1)
+
+ self.assert_packet_counter_equal("ip4-reassembly-feature", 1)
+ # TODO remove above, uncomment below once clearing of counters
+ # is supported
+ # self.assert_packet_counter_equal(
+ # "/err/ip4-reassembly-feature/malformed packets", 1)
+
@unittest.skipIf(is_skip_aarch64_set() and is_platform_aarch64(),
"test doesn't work on aarch64")
def test_random(self):
Code Review / vpp.git / commitdiff