thank you! I will try that On Wed, Jan 15, 2020 at 4:40 PM David Ahern <dsahern@xxxxxxxxx> wrote: > > On 1/15/20 3:31 PM, Vincent Li wrote: > > On Wed, Jan 15, 2020 at 2:21 PM Toke Høiland-Jørgensen <toke@xxxxxxxxxx> wrote: > > > >> You have to check that you're not reading out of bounds before > >> dereferencing the bytes in the TCP header... > >> > > > > I have below before the optlen > > > > 47 /* sanity check needed by the eBPF verifier */ > > > > 48 if ((void *)(tcphdr + 1) > data_end) > > > > 49 return 0; > > > > this is not enough, how do I check the out of bounds properly? > > > > options are optional and after 'struct tcphdr' you need to do something > like: > > if ((void *)(tcphdr + 1) + tcphdr->doff > data_end) > return XDP_....
|