From: Jason Wang <jasowang@redhat.com>
To: wexu@redhat.com, qemu-devel@nongnu.org
Cc: Wei Xu <wei@redhat.com>,
victork@redhat.com, mst@redhat.com, yvugenfi@redhat.com,
marcel@redhat.com, dfleytma@redhat.com
Subject: Re: [Qemu-devel] [RFC Patch v2 08/10] virtio-net rsc: Sanity check & More bypass cases check
Date: Mon, 1 Feb 2016 14:58:55 +0800 [thread overview]
Message-ID: <56AF022F.5040206@redhat.com> (raw)
In-Reply-To: <1454264009-24094-9-git-send-email-wexu@redhat.com>
On 02/01/2016 02:13 AM, wexu@redhat.com wrote:
> From: Wei Xu <wei@wei-thinkpad.nay.redhat.com>
>
> More general exception cases check
> 1. Incorrect version in IP header
> 2. IP options & IP fragment
> 3. Not a TCP packets
> 4. Sanity size check to prevent buffer overflow attack.
>
> Signed-off-by: Wei Xu <wexu@redhat.com>
Let's squash this into previous patches too for a better bisection
ability and complete implementation.
> ---
> hw/net/virtio-net.c | 44 ++++++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 44 insertions(+)
>
> diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
> index b0987d0..9b44762 100644
> --- a/hw/net/virtio-net.c
> +++ b/hw/net/virtio-net.c
> @@ -1948,6 +1948,46 @@ static size_t virtio_net_rsc_drain_one(NetRscChain *chain, NetClientState *nc,
>
> return virtio_net_do_receive(nc, buf, size);
> }
> +
> +static int32_t virtio_net_rsc_filter4(NetRscChain *chain, struct ip_header *ip,
> + const uint8_t *buf, size_t size)
This function checks for ip header, so need rename it to something like
"virtio_net_rsc_ipv4_filter()"
> +{
> + uint16_t ip_len;
> +
> + if (size < (TCP4_OFFSET + sizeof(tcp_header))) {
> + return RSC_BYPASS;
> + }
> +
> + /* Not an ipv4 one */
> + if (0x4 != ((0xF0 & ip->ip_ver_len) >> 4)) {
Let's don't use magic value like 0x4 here.
> + return RSC_BYPASS;
> + }
> +
> + /* Don't handle packets with ip option */
> + if (5 != (0xF & ip->ip_ver_len)) {
> + return RSC_BYPASS;
> + }
> +
> + /* Don't handle packets with ip fragment */
> + if (!(htons(ip->ip_off) & IP_DF)) {
> + return RSC_BYPASS;
> + }
> +
> + if (ip->ip_p != IPPROTO_TCP) {
> + return RSC_BYPASS;
> + }
> +
> + /* Sanity check */
> + ip_len = htons(ip->ip_len);
> + if (ip_len < (sizeof(struct ip_header) + sizeof(struct tcp_header))
> + || ip_len > (size - IP_OFFSET)) {
> + return RSC_BYPASS;
> + }
> +
> + return RSC_WANT;
> +}
> +
> +
> static size_t virtio_net_rsc_receive4(void *opq, NetClientState* nc,
> const uint8_t *buf, size_t size)
> {
> @@ -1958,6 +1998,10 @@ static size_t virtio_net_rsc_receive4(void *opq, NetClientState* nc,
> chain = (NetRscChain *)opq;
> ip = (struct ip_header *)(buf + IP_OFFSET);
>
> + if (RSC_WANT != virtio_net_rsc_filter4(chain, ip, buf, size)) {
> + return virtio_net_do_receive(nc, buf, size);
> + }
> +
> ret = virtio_net_rsc_parse_tcp_ctrl((uint8_t *)ip,
> (0xF & ip->ip_ver_len) << 2);
> if (RSC_BYPASS == ret) {
next prev parent reply other threads:[~2016-02-01 6:59 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-01-31 18:13 [Qemu-devel] [RFC v2 0/10] Support Receive-Segment-Offload(RSC) for WHQL test of Window guest wexu
2016-01-31 18:13 ` [Qemu-devel] [RFC Patch v2 01/10] virtio-net rsc: Data structure, 'Segment', 'Chain' and 'Status' wexu
2016-01-31 18:13 ` [Qemu-devel] [RFC Patch v2 02/10] virtio-net rsc: Initilize & Cleanup wexu
2016-01-31 18:47 ` Michael S. Tsirkin
2016-02-01 3:56 ` Wei Xu
2016-02-01 3:32 ` Jason Wang
2016-02-01 7:46 ` Wei Xu
2016-01-31 18:13 ` [Qemu-devel] [RFC Patch v2 03/10] virtio-net rsc: Chain Lookup, Packet Caching and Framework of IPv4 wexu
2016-01-31 18:50 ` Michael S. Tsirkin
2016-02-01 3:40 ` Wei Xu
2016-02-01 5:55 ` Jason Wang
2016-02-01 8:02 ` Wei Xu
2016-02-01 9:22 ` Jason Wang
2016-01-31 18:13 ` [Qemu-devel] [RFC Patch v2 04/10] virtio-net rsc: Detailed IPv4 and General TCP data coalescing wexu
2016-02-01 6:21 ` Jason Wang
2016-02-01 8:29 ` Wei Xu
2016-02-01 9:29 ` Jason Wang
2016-01-31 18:13 ` [Qemu-devel] [RFC Patch v2 05/10] virtio-net rsc: Create timer to drain the packets from the cache pool wexu
2016-02-01 6:28 ` Jason Wang
2016-02-01 8:39 ` Wei Xu
2016-02-01 9:31 ` Jason Wang
2016-02-01 13:31 ` Wei Xu
2016-01-31 18:13 ` [Qemu-devel] [RFC Patch v2 06/10] virtio-net rsc: IPv4 checksum wexu
2016-02-01 6:31 ` Jason Wang
2016-02-01 8:40 ` Wei Xu
2016-01-31 18:13 ` [Qemu-devel] [RFC Patch v2 07/10] virtio-net rsc: Checking TCP flag and drain specific connection packets wexu
2016-02-01 6:44 ` Jason Wang
2016-02-01 8:44 ` Wei Xu
2016-01-31 18:13 ` [Qemu-devel] [RFC Patch v2 08/10] virtio-net rsc: Sanity check & More bypass cases check wexu
2016-02-01 6:58 ` Jason Wang [this message]
2016-02-01 8:46 ` Wei Xu
2016-01-31 18:13 ` [Qemu-devel] [RFC Patch v2 09/10] virtio-net rsc: Add IPv6 support wexu
2016-02-01 7:14 ` Jason Wang
2016-02-01 8:49 ` Wei Xu
2016-01-31 18:13 ` [Qemu-devel] [RFC Patch v2 10/10] virtio-net rsc: Add Receive Segment Coalesce statistics wexu
2016-02-01 7:16 ` Jason Wang
2016-02-01 8:50 ` Wei Xu
2016-01-31 19:03 ` [Qemu-devel] [RFC v2 0/10] Support Receive-Segment-Offload(RSC) for WHQL test of Window guest Michael S. Tsirkin
2016-02-01 3:23 ` Jason Wang
2016-02-01 3:42 ` Wei Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=56AF022F.5040206@redhat.com \
--to=jasowang@redhat.com \
--cc=dfleytma@redhat.com \
--cc=marcel@redhat.com \
--cc=mst@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=victork@redhat.com \
--cc=wei@redhat.com \
--cc=wexu@redhat.com \
--cc=yvugenfi@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.