|
|
@@ -54,6 +54,7 @@
|
|
|
#include <net/pkt_cls.h>
|
|
|
#include <net/tc_act/tc_gact.h>
|
|
|
#include <net/tc_act/tc_mirred.h>
|
|
|
+#include <net/vxlan.h>
|
|
|
|
|
|
#include "ixgbe.h"
|
|
|
#include "ixgbe_common.h"
|
|
|
@@ -7660,11 +7661,17 @@ static void ixgbe_atr(struct ixgbe_ring *ring,
|
|
|
/* snag network header to get L4 type and address */
|
|
|
skb = first->skb;
|
|
|
hdr.network = skb_network_header(skb);
|
|
|
+ if (unlikely(hdr.network <= skb->data))
|
|
|
+ return;
|
|
|
if (skb->encapsulation &&
|
|
|
first->protocol == htons(ETH_P_IP) &&
|
|
|
hdr.ipv4->protocol == IPPROTO_UDP) {
|
|
|
struct ixgbe_adapter *adapter = q_vector->adapter;
|
|
|
|
|
|
+ if (unlikely(skb_tail_pointer(skb) < hdr.network +
|
|
|
+ VXLAN_HEADROOM))
|
|
|
+ return;
|
|
|
+
|
|
|
/* verify the port is recognized as VXLAN */
|
|
|
if (adapter->vxlan_port &&
|
|
|
udp_hdr(skb)->dest == adapter->vxlan_port)
|
|
|
@@ -7675,6 +7682,12 @@ static void ixgbe_atr(struct ixgbe_ring *ring,
|
|
|
hdr.network = skb_inner_network_header(skb);
|
|
|
}
|
|
|
|
|
|
+ /* Make sure we have at least [minimum IPv4 header + TCP]
|
|
|
+ * or [IPv6 header] bytes
|
|
|
+ */
|
|
|
+ if (unlikely(skb_tail_pointer(skb) < hdr.network + 40))
|
|
|
+ return;
|
|
|
+
|
|
|
/* Currently only IPv4/IPv6 with TCP is supported */
|
|
|
switch (hdr.ipv4->version) {
|
|
|
case IPVERSION:
|
|
|
@@ -7694,6 +7707,10 @@ static void ixgbe_atr(struct ixgbe_ring *ring,
|
|
|
if (l4_proto != IPPROTO_TCP)
|
|
|
return;
|
|
|
|
|
|
+ if (unlikely(skb_tail_pointer(skb) < hdr.network +
|
|
|
+ hlen + sizeof(struct tcphdr)))
|
|
|
+ return;
|
|
|
+
|
|
|
th = (struct tcphdr *)(hdr.network + hlen);
|
|
|
|
|
|
/* skip this packet since the socket is closing */
|
Sowmini Varadhan