ipf: Check minimum fragment against L3 size.

Fixes: 4ea9669 ("Userspace datapath: Add fragmentation handling.") Signed-off-by: Darrell Ball <[email protected]> Signed-off-by: Ben Pfaff <[email protected]>
keyman9848 · Feb 22, 2019 · 9b5136c · 9b5136c
1 parent e532133
commit 9b5136c
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 3 deletions.
diff --git a/lib/dpctl.man b/lib/dpctl.man
@@ -230,7 +230,7 @@ supported for the userspace datapath.
 .
 .TP
 \*(DX\fBipf\-set\-min\-frag\fR [\fIdp\fR] \fBv4\fR|\fBv6\fR \fIminfrag\fR
-Sets the minimum fragment size for non-final fragments to
+Sets the minimum fragment size (L3 header and data) for non-final fragments to
 \fIminfrag\fR.  Either \fBv4\fR or \fBv6\fR must be specified.  For
 enhanced DOS security, higher minimum fragment sizes can usually be used.
 The default IPv4 value is 1200 and the clamped minimum is 400.  The default

diff --git a/lib/ipf.c b/lib/ipf.c
@@ -613,7 +613,7 @@ ipf_is_valid_v4_frag(struct ipf *ipf, struct dp_packet *pkt)
     uint32_t min_v4_frag_size_;
     atomic_read_relaxed(&ipf->min_v4_frag_size, &min_v4_frag_size_);
     bool lf = ipf_is_last_v4_frag(pkt);
-    if (OVS_UNLIKELY(!lf && dp_packet_size(pkt) < min_v4_frag_size_)) {
+    if (OVS_UNLIKELY(!lf && dp_packet_l3_size(pkt) < min_v4_frag_size_)) {
         ipf_count(ipf, false, IPF_NFRAGS_TOO_SMALL);
         goto invalid_pkt;
     }
@@ -693,7 +693,7 @@ ipf_is_valid_v6_frag(struct ipf *ipf, struct dp_packet *pkt)
     atomic_read_relaxed(&ipf->min_v6_frag_size, &min_v6_frag_size_);
     bool lf = ipf_is_last_v6_frag(ip6f_offlg);
 
-    if (OVS_UNLIKELY(!lf && dp_packet_size(pkt) < min_v6_frag_size_)) {
+    if (OVS_UNLIKELY(!lf && dp_packet_l3_size(pkt) < min_v6_frag_size_)) {
         ipf_count(ipf, true, IPF_NFRAGS_TOO_SMALL);
         goto invalid_pkt;
     }