Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixing L4 offset for IP packets with Options field #54

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Fixing L4 offset for IP packets with Options field #54

wants to merge 1 commit into from

Conversation

evershalik
Copy link

This PR fixed #30

Problem Statement:
The current implementation of the codebase does not handle IP and TCP packets with a header length greater than 20 bytes correctly. This issue is particularly problematic for packets containing options, which increase the header length beyond 20 bytes.

Approach:
To address this issue, we have taken the following approaches:

Firstly, I have modified the code to use the l4_offset variable(IP Header Length) instead of sizeof(iphdr struct) when adding to the iph pointer. This ensures that the code correctly traverses to the end of the IP header( or the start of the transport layer header), even in cases where the header length is greater than 20 bytes.

Secondly, I have modified the code to use the data_offset variable(TCP Header Length) instead of sizeof(tcphdr struct) when adding to the tcph pointer. This ensures that the code correctly traverses to the end of the TCP header (or start of the payload), even in cases where the header length is greater than 20 bytes.

By implementing these changes, I can ensure that IP and TCP packets with options are handled correctly, which improves the reliability and stability of the system.

Signed-off-by: SHANKAR [email protected]

@evershalik
l4-offset fixing
02451e5 
Signed-off-by: evershalik <[email protected]>
@dthaler dthaler mentioned this pull request Jun 27, 2023
Closed
aka320
aka320 reviewed Jul 29, 2023
View reviewed changes
connection-limit/connection_limit_kern.c
__u8 l4_offset = iph->ihl * 4; // ipv4 header length

/* Check if it is a valid IPV4 packet */
if (iph->ihl < 5 || ((unsigned char *)iph + l4_offset) > data_end)
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Range of IHL is 5 to 15, with boundary values included. Please add check explicitly for this.

aka320
aka320 reviewed Jul 29, 2023
View reviewed changes
connection-limit/connection_limit_kern.c
__u16 data_offset = tcph->doff * 4; // tcp header length

/* Check if it is a valid TCP packet */
if (tcph->doff < 5 || ((unsigned char *)tcph + data_offset) > data_end)
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same as the range comment for IHL.

aka320
aka320 requested changes Jul 29, 2023
View reviewed changes
Copy link

@aka320 aka320 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please fix this issue in Traffic Mirroring as well.

@sanfern
Copy link
Contributor

sanfern commented Nov 3, 2023

@evershalik Can you address this above comments.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aka320 aka320 aka320 requested changes

@jniesz jniesz Awaiting requested review from jniesz jniesz is a code owner

@sanfern sanfern Awaiting requested review from sanfern sanfern is a code owner

@jaysheth2 jaysheth2 Awaiting requested review from jaysheth2 jaysheth2 is a code owner

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Incorrect L4 offset for IP packets with Options field
3 participants
@evershalik @sanfern @aka320