Bruce Richardson 8743d499a5 net: fix underflow for checksum of invalid IPv4 packets
If we receive a packet with an invalid IP header, where the total packet
length is reported as less than the IP header length, we would end up
getting an underflow in the length subtraction.

This could cause us to checksum e.g. 4GB of data in the case where the
result of the subtraction was -1.

We fix this by having the function return 0 - an invalid sum - when
the length is less than the header length.

Fixes: af75078fece3 ("first public release")
Fixes: 6006818cfb26 ("net: new checksum functions")
Cc: stable@dpdk.org

Signed-off-by: Bruce Richardson <bruce.richardson@intel.com>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
2018-12-21 16:22:41 +01:00

433 lines
11 KiB
C

/* SPDX-License-Identifier: BSD-3-Clause
* Copyright(c) 1982, 1986, 1990, 1993
* The Regents of the University of California.
* Copyright(c) 2010-2014 Intel Corporation.
* Copyright(c) 2014 6WIND S.A.
* All rights reserved.
*/
#ifndef _RTE_IP_H_
#define _RTE_IP_H_
/**
* @file
*
* IP-related defines
*/
#include <stdint.h>
#include <netinet/in.h>
#include <rte_byteorder.h>
#include <rte_mbuf.h>
#ifdef __cplusplus
extern "C" {
#endif
/**
* IPv4 Header
*/
struct ipv4_hdr {
uint8_t version_ihl; /**< version and header length */
uint8_t type_of_service; /**< type of service */
uint16_t total_length; /**< length of packet */
uint16_t packet_id; /**< packet ID */
uint16_t fragment_offset; /**< fragmentation offset */
uint8_t time_to_live; /**< time to live */
uint8_t next_proto_id; /**< protocol ID */
uint16_t hdr_checksum; /**< header checksum */
uint32_t src_addr; /**< source address */
uint32_t dst_addr; /**< destination address */
} __attribute__((__packed__));
/** Create IPv4 address */
#define IPv4(a,b,c,d) ((uint32_t)(((a) & 0xff) << 24) | \
(((b) & 0xff) << 16) | \
(((c) & 0xff) << 8) | \
((d) & 0xff))
/** Maximal IPv4 packet length (including a header) */
#define IPV4_MAX_PKT_LEN 65535
/** Internet header length mask for version_ihl field */
#define IPV4_HDR_IHL_MASK (0x0f)
/**
* Internet header length field multiplier (IHL field specifies overall header
* length in number of 4-byte words)
*/
#define IPV4_IHL_MULTIPLIER (4)
/* Fragment Offset * Flags. */
#define IPV4_HDR_DF_SHIFT 14
#define IPV4_HDR_MF_SHIFT 13
#define IPV4_HDR_FO_SHIFT 3
#define IPV4_HDR_DF_FLAG (1 << IPV4_HDR_DF_SHIFT)
#define IPV4_HDR_MF_FLAG (1 << IPV4_HDR_MF_SHIFT)
#define IPV4_HDR_OFFSET_MASK ((1 << IPV4_HDR_MF_SHIFT) - 1)
#define IPV4_HDR_OFFSET_UNITS 8
/*
* IPv4 address types
*/
#define IPV4_ANY ((uint32_t)0x00000000) /**< 0.0.0.0 */
#define IPV4_LOOPBACK ((uint32_t)0x7f000001) /**< 127.0.0.1 */
#define IPV4_BROADCAST ((uint32_t)0xe0000000) /**< 224.0.0.0 */
#define IPV4_ALLHOSTS_GROUP ((uint32_t)0xe0000001) /**< 224.0.0.1 */
#define IPV4_ALLRTRS_GROUP ((uint32_t)0xe0000002) /**< 224.0.0.2 */
#define IPV4_MAX_LOCAL_GROUP ((uint32_t)0xe00000ff) /**< 224.0.0.255 */
/*
* IPv4 Multicast-related macros
*/
#define IPV4_MIN_MCAST IPv4(224, 0, 0, 0) /**< Minimal IPv4-multicast address */
#define IPV4_MAX_MCAST IPv4(239, 255, 255, 255) /**< Maximum IPv4 multicast address */
#define IS_IPV4_MCAST(x) \
((x) >= IPV4_MIN_MCAST && (x) <= IPV4_MAX_MCAST) /**< check if IPv4 address is multicast */
/**
* @internal Calculate a sum of all words in the buffer.
* Helper routine for the rte_raw_cksum().
*
* @param buf
* Pointer to the buffer.
* @param len
* Length of the buffer.
* @param sum
* Initial value of the sum.
* @return
* sum += Sum of all words in the buffer.
*/
static inline uint32_t
__rte_raw_cksum(const void *buf, size_t len, uint32_t sum)
{
/* workaround gcc strict-aliasing warning */
uintptr_t ptr = (uintptr_t)buf;
typedef uint16_t __attribute__((__may_alias__)) u16_p;
const u16_p *u16_buf = (const u16_p *)ptr;
while (len >= (sizeof(*u16_buf) * 4)) {
sum += u16_buf[0];
sum += u16_buf[1];
sum += u16_buf[2];
sum += u16_buf[3];
len -= sizeof(*u16_buf) * 4;
u16_buf += 4;
}
while (len >= sizeof(*u16_buf)) {
sum += *u16_buf;
len -= sizeof(*u16_buf);
u16_buf += 1;
}
/* if length is in odd bytes */
if (len == 1)
sum += *((const uint8_t *)u16_buf);
return sum;
}
/**
* @internal Reduce a sum to the non-complemented checksum.
* Helper routine for the rte_raw_cksum().
*
* @param sum
* Value of the sum.
* @return
* The non-complemented checksum.
*/
static inline uint16_t
__rte_raw_cksum_reduce(uint32_t sum)
{
sum = ((sum & 0xffff0000) >> 16) + (sum & 0xffff);
sum = ((sum & 0xffff0000) >> 16) + (sum & 0xffff);
return (uint16_t)sum;
}
/**
* Process the non-complemented checksum of a buffer.
*
* @param buf
* Pointer to the buffer.
* @param len
* Length of the buffer.
* @return
* The non-complemented checksum.
*/
static inline uint16_t
rte_raw_cksum(const void *buf, size_t len)
{
uint32_t sum;
sum = __rte_raw_cksum(buf, len, 0);
return __rte_raw_cksum_reduce(sum);
}
/**
* Compute the raw (non complemented) checksum of a packet.
*
* @param m
* The pointer to the mbuf.
* @param off
* The offset in bytes to start the checksum.
* @param len
* The length in bytes of the data to checksum.
* @param cksum
* A pointer to the checksum, filled on success.
* @return
* 0 on success, -1 on error (bad length or offset).
*/
static inline int
rte_raw_cksum_mbuf(const struct rte_mbuf *m, uint32_t off, uint32_t len,
uint16_t *cksum)
{
const struct rte_mbuf *seg;
const char *buf;
uint32_t sum, tmp;
uint32_t seglen, done;
/* easy case: all data in the first segment */
if (off + len <= rte_pktmbuf_data_len(m)) {
*cksum = rte_raw_cksum(rte_pktmbuf_mtod_offset(m,
const char *, off), len);
return 0;
}
if (unlikely(off + len > rte_pktmbuf_pkt_len(m)))
return -1; /* invalid params, return a dummy value */
/* else browse the segment to find offset */
seglen = 0;
for (seg = m; seg != NULL; seg = seg->next) {
seglen = rte_pktmbuf_data_len(seg);
if (off < seglen)
break;
off -= seglen;
}
seglen -= off;
buf = rte_pktmbuf_mtod_offset(seg, const char *, off);
if (seglen >= len) {
/* all in one segment */
*cksum = rte_raw_cksum(buf, len);
return 0;
}
/* hard case: process checksum of several segments */
sum = 0;
done = 0;
for (;;) {
tmp = __rte_raw_cksum(buf, seglen, 0);
if (done & 1)
tmp = rte_bswap16((uint16_t)tmp);
sum += tmp;
done += seglen;
if (done == len)
break;
seg = seg->next;
buf = rte_pktmbuf_mtod(seg, const char *);
seglen = rte_pktmbuf_data_len(seg);
if (seglen > len - done)
seglen = len - done;
}
*cksum = __rte_raw_cksum_reduce(sum);
return 0;
}
/**
* Process the IPv4 checksum of an IPv4 header.
*
* The checksum field must be set to 0 by the caller.
*
* @param ipv4_hdr
* The pointer to the contiguous IPv4 header.
* @return
* The complemented checksum to set in the IP packet.
*/
static inline uint16_t
rte_ipv4_cksum(const struct ipv4_hdr *ipv4_hdr)
{
uint16_t cksum;
cksum = rte_raw_cksum(ipv4_hdr, sizeof(struct ipv4_hdr));
return (cksum == 0xffff) ? cksum : (uint16_t)~cksum;
}
/**
* Process the pseudo-header checksum of an IPv4 header.
*
* The checksum field must be set to 0 by the caller.
*
* Depending on the ol_flags, the pseudo-header checksum expected by the
* drivers is not the same. For instance, when TSO is enabled, the IP
* payload length must not be included in the packet.
*
* When ol_flags is 0, it computes the standard pseudo-header checksum.
*
* @param ipv4_hdr
* The pointer to the contiguous IPv4 header.
* @param ol_flags
* The ol_flags of the associated mbuf.
* @return
* The non-complemented checksum to set in the L4 header.
*/
static inline uint16_t
rte_ipv4_phdr_cksum(const struct ipv4_hdr *ipv4_hdr, uint64_t ol_flags)
{
struct ipv4_psd_header {
uint32_t src_addr; /* IP address of source host. */
uint32_t dst_addr; /* IP address of destination host. */
uint8_t zero; /* zero. */
uint8_t proto; /* L4 protocol type. */
uint16_t len; /* L4 length. */
} psd_hdr;
psd_hdr.src_addr = ipv4_hdr->src_addr;
psd_hdr.dst_addr = ipv4_hdr->dst_addr;
psd_hdr.zero = 0;
psd_hdr.proto = ipv4_hdr->next_proto_id;
if (ol_flags & PKT_TX_TCP_SEG) {
psd_hdr.len = 0;
} else {
psd_hdr.len = rte_cpu_to_be_16(
(uint16_t)(rte_be_to_cpu_16(ipv4_hdr->total_length)
- sizeof(struct ipv4_hdr)));
}
return rte_raw_cksum(&psd_hdr, sizeof(psd_hdr));
}
/**
* Process the IPv4 UDP or TCP checksum.
*
* The IPv4 header should not contains options. The IP and layer 4
* checksum must be set to 0 in the packet by the caller.
*
* @param ipv4_hdr
* The pointer to the contiguous IPv4 header.
* @param l4_hdr
* The pointer to the beginning of the L4 header.
* @return
* The complemented checksum to set in the IP packet
* or 0 on error
*/
static inline uint16_t
rte_ipv4_udptcp_cksum(const struct ipv4_hdr *ipv4_hdr, const void *l4_hdr)
{
uint32_t cksum;
uint32_t l3_len, l4_len;
l3_len = rte_be_to_cpu_16(ipv4_hdr->total_length);
if (l3_len < sizeof(struct ipv4_hdr))
return 0;
l4_len = l3_len - sizeof(struct ipv4_hdr);
cksum = rte_raw_cksum(l4_hdr, l4_len);
cksum += rte_ipv4_phdr_cksum(ipv4_hdr, 0);
cksum = ((cksum & 0xffff0000) >> 16) + (cksum & 0xffff);
cksum = (~cksum) & 0xffff;
if (cksum == 0)
cksum = 0xffff;
return (uint16_t)cksum;
}
/**
* IPv6 Header
*/
struct ipv6_hdr {
uint32_t vtc_flow; /**< IP version, traffic class & flow label. */
uint16_t payload_len; /**< IP packet length - includes sizeof(ip_header). */
uint8_t proto; /**< Protocol, next header. */
uint8_t hop_limits; /**< Hop limits. */
uint8_t src_addr[16]; /**< IP address of source host. */
uint8_t dst_addr[16]; /**< IP address of destination host(s). */
} __attribute__((__packed__));
/* IPv6 vtc_flow: IPv / TC / flow_label */
#define IPV6_HDR_FL_SHIFT 0
#define IPV6_HDR_TC_SHIFT 20
#define IPV6_HDR_FL_MASK ((1u << IPV6_HDR_TC_SHIFT) - 1)
#define IPV6_HDR_TC_MASK (0xf << IPV6_HDR_TC_SHIFT)
/**
* Process the pseudo-header checksum of an IPv6 header.
*
* Depending on the ol_flags, the pseudo-header checksum expected by the
* drivers is not the same. For instance, when TSO is enabled, the IPv6
* payload length must not be included in the packet.
*
* When ol_flags is 0, it computes the standard pseudo-header checksum.
*
* @param ipv6_hdr
* The pointer to the contiguous IPv6 header.
* @param ol_flags
* The ol_flags of the associated mbuf.
* @return
* The non-complemented checksum to set in the L4 header.
*/
static inline uint16_t
rte_ipv6_phdr_cksum(const struct ipv6_hdr *ipv6_hdr, uint64_t ol_flags)
{
uint32_t sum;
struct {
uint32_t len; /* L4 length. */
uint32_t proto; /* L4 protocol - top 3 bytes must be zero */
} psd_hdr;
psd_hdr.proto = (uint32_t)(ipv6_hdr->proto << 24);
if (ol_flags & PKT_TX_TCP_SEG) {
psd_hdr.len = 0;
} else {
psd_hdr.len = ipv6_hdr->payload_len;
}
sum = __rte_raw_cksum(ipv6_hdr->src_addr,
sizeof(ipv6_hdr->src_addr) + sizeof(ipv6_hdr->dst_addr),
0);
sum = __rte_raw_cksum(&psd_hdr, sizeof(psd_hdr), sum);
return __rte_raw_cksum_reduce(sum);
}
/**
* Process the IPv6 UDP or TCP checksum.
*
* The IPv4 header should not contains options. The layer 4 checksum
* must be set to 0 in the packet by the caller.
*
* @param ipv6_hdr
* The pointer to the contiguous IPv6 header.
* @param l4_hdr
* The pointer to the beginning of the L4 header.
* @return
* The complemented checksum to set in the IP packet.
*/
static inline uint16_t
rte_ipv6_udptcp_cksum(const struct ipv6_hdr *ipv6_hdr, const void *l4_hdr)
{
uint32_t cksum;
uint32_t l4_len;
l4_len = rte_be_to_cpu_16(ipv6_hdr->payload_len);
cksum = rte_raw_cksum(l4_hdr, l4_len);
cksum += rte_ipv6_phdr_cksum(ipv6_hdr, 0);
cksum = ((cksum & 0xffff0000) >> 16) + (cksum & 0xffff);
cksum = (~cksum) & 0xffff;
if (cksum == 0)
cksum = 0xffff;
return (uint16_t)cksum;
}
#ifdef __cplusplus
}
#endif
#endif /* _RTE_IP_H_ */