From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from gandalf.ozlabs.org (gandalf.ozlabs.org [150.107.74.76]) by passt.top (Postfix) with ESMTPS id 1CC435A026F for ; Tue, 4 Jul 2023 06:36:31 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gibson.dropbear.id.au; s=201602; t=1688445387; bh=d5ZJdfHpae6jO/lmFhX6INIC5odq+V9js2f4RGy0iuM=; h=From:To:Cc:Subject:Date:From; b=Pd7ia3buOU4GnQjG6TirnAzgDlXl8sq9ygzZ9EV1+hA1zGBOEMnlajd4ZNbTGXtG5 cG7SPFR1oOdPONWFZ+G2YqhKO+5V1P6wJf/JHvB8tsjN6mmVyT5UrmEDJy9pKI1/J6 lOQYMSJGaGs2Vd/0AdvmC80dloEFZgBGvC70ckr8= Received: by gandalf.ozlabs.org (Postfix, from userid 1007) id 4Qw93b1V6cz4wqZ; Tue, 4 Jul 2023 14:36:27 +1000 (AEST) From: David Gibson To: Stefano Brivio , passt-dev@passt.top Subject: [PATCH] tap: Explicitly drop IPv4 fragments, and give a warning Date: Tue, 4 Jul 2023 14:36:23 +1000 Message-ID: <20230704043623.1143288-1-david@gibson.dropbear.id.au> X-Mailer: git-send-email 2.41.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-ID-Hash: HVY3TPB6O72KH6TOHOWODOOV5EMNL4XS X-Message-ID-Hash: HVY3TPB6O72KH6TOHOWODOOV5EMNL4XS X-MailFrom: dgibson@gandalf.ozlabs.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: David Gibson X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: We don't handle defragmentation of IP packets coming from the tap side, and we're unlikely to any time soon (with our large MTU, it's not useful for practical use cases). Currently, however, we simply ignore the fragmentation flags and treat fragments as though they were whole IP packets. This isn't ideal and can lead to rather cryptic behaviour if we do receive IP fragments. Change the code to explicitly drop fragmented packets, and print a rate limited warning if we do encounter them. Bugzilla: https://bugs.passt.top/show_bug.cgi?id=62 Signed-off-by: David Gibson --- tap.c | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/tap.c b/tap.c index e3235299..2e6939fa 100644 --- a/tap.c +++ b/tap.c @@ -62,6 +62,7 @@ static PACKET_POOL_NOINIT(pool_tap4, TAP_MSGS, pkt_buf); static PACKET_POOL_NOINIT(pool_tap6, TAP_MSGS, pkt_buf); #define TAP_SEQS 128 /* Different L4 tuples in one batch */ +#define FRAGMENT_MSG_RATE 10 /* # seconds between fragment warnings */ /** * tap_send() - Send frame, with qemu socket header if needed @@ -543,6 +544,32 @@ static void tap_packet_debug(const struct iphdr *iph, } } +/** + * tap4_is_fragment() - Determine if a packet is an IP fragment + * @iph: IPv4 header (length already validated) + * @now: Current timestamp + * + * Return: true if iph is an IP fragment, false otherwise + */ +static bool tap4_is_fragment(const struct iphdr *iph, + const struct timespec *now) +{ + if (iph->frag_off & ~IP_DF) { + /* Ratelimit messages */ + static time_t last_message; + static unsigned num_dropped; + + num_dropped++; + if (now->tv_sec - last_message > FRAGMENT_MSG_RATE) { + warn("Can't process IPv4 fragments (%lu dropped)", num_dropped); + last_message = now->tv_sec; + num_dropped = 0; + } + return true; + } + return false; +} + /** * tap4_handler() - IPv4 and ARP packet handler for tap file descriptor * @c: Execution context @@ -591,6 +618,10 @@ resume: hlen > l3_len) continue; + /* We don't handle IP fragments, drop them */ + if (tap4_is_fragment(iph, now)) + continue; + l4_len = l3_len - hlen; if (iph->saddr && c->ip4.addr_seen.s_addr != iph->saddr) { -- 2.41.0