[ovs-dev] the host will be soft lookup when some illeagal packets attack host
Zhangkun (K)
zhang.zhangkun at huawei.com
Tue Aug 9 03:32:46 UTC 2016
diff --git a/datapath/linux/compat/flow_dissector.c b/datapath/linux/compat/flow_dissector.c
index 3f42dba..4c5d023 100644
--- a/datapath/linux/compat/flow_dissector.c
+++ b/datapath/linux/compat/flow_dissector.c
@@ -77,7 +77,7 @@ again:
struct iphdr _iph;
ip:
iph = skb_header_pointer(skb, nhoff, sizeof(_iph), &_iph);
- if (!iph)
+ if (!iph || iph->ihl < 5)
return false;
if (ip_is_fragment(iph))
if IHL in IP head is very small or zero , some illegal packets using IPPROTO_IPIP in the L4 layer protocol will lead to the death cycle.
For example of the packet header:
a0 5b f7 a8 44 4d 10 12 4e a8 bf 86 08 00 40 00
00 34 bb 84 40 00 40 04 fd e9 c0 a8 00 03 c0 a8
00 02 b6 9a 00 16 7a c0 a6 14 d0 e0 84 70 80 10
00 73 81 7c 00 00 01 01 08 0a 00 00 1d 90 00 05
d7 4f
More information about the dev
mailing list