LRO: improve IPv4/IPv6 packet header checks
AbandonedPublic
Actions

Authored by glebius on Mar 23 2023, 9:54 PM.

Details

Reviewers

rrs
gallatin
markj

Group Reviewers

network
transport

Summary

LRO bypasses normal ip_input()/tcp_input() and lacks several checks
that are performed there. With b0ccf53f2455 such packets started
to trigger assertions.

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Skipped

Unit

Tests Skipped

Build Status

Buildable 50550
Build 47441: arc lint + arc unit

Event Timeline

glebius created this revision.Mar 23 2023, 9:54 PM

Herald added a reviewer: transport. · View Herald TranscriptMar 23 2023, 9:54 PM

Herald added subscribers: melifaro, imp. · View Herald Transcript

glebius requested review of this revision.Mar 23 2023, 9:54 PM

glebius added a parent revision: D39234: tcp: update error counter when dropping a packet due to bad source.

Harbormaster completed remote builds in B50550: Diff 119359.Mar 23 2023, 9:54 PM

rrs accepted this revision.Mar 24 2023, 10:44 AM

This revision is now accepted and ready to land.Mar 24 2023, 10:44 AM

I really think this belongs in tcp_lro_low_level_parser(). The function you've hooked exists simply to deal with IPv4 IP checksums, that's why there was no analog for V6. If you do push this, you need to remove the stat increments.

If you put this into tcp_lro_low_level_parser(), it will be together with other sanity checks on the IP header so it will be easier for future readers to comprehend, and it will be smaller. I'll send an alternate patch.

sys/netinet/tcp_lro.c
675	I believe this will result in double-counting ips_baddr, as when LRO fails, the packets will be submitted normally up the stack. Eg, LRO does not consume packets that fail to be aggregated.

This revision now requires changes to proceed.Mar 24 2023, 1:05 PM

Drew has better version.

Revision Contents
Changeset List

Path

Size

sys/

netinet/

tcp_lro.c

32 lines

Diff 119359

View Options

LRO: improve IPv4/IPv6 packet header checksAbandonedPublicActions