datapath-windows: Add validations in fragmentation module

- Minimum valid fragment size is 400 bytes, any fragment smaller is likely to be intentionally crafted (CVE-2000-0305). - Validate maximum length of an Ip datagram - Added counters to keep track of number of fragments for a given Ip datagram. Signed-off-by: Anand Kumar <kumaranand@vmware.com> Signed-off-by: Ben Pfaff <blp@ovn.org> Acked-by: Alin Gabriel Serdean <aserdean@cloudbasesolutions.com> Acked-by: Sairam Venugopal <vsairam@vmware.com>
author: Anand Kumar <kumaranand@vmware.com> 2017-06-09 19:54:45 -0700
committer: Ben Pfaff <blp@ovn.org> 2017-07-10 11:14:55 -0700
commit: b34cd6119aa1ce50d910252202e5eaa13b5fce5e (patch)
tree: ed06dafb654091201a809284b306f3dfa31f23f1 /datapath-windows/ovsext/IpFragment.h
parent: ef666482cb8ab034a2aec3cec6ae07bd7b62136b (diff)
download: openvswitch-b34cd6119aa1ce50d910252202e5eaa13b5fce5e.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/datapath-windows/ovsext/IpFragment.h b/datapath-windows/ovsext/IpFragment.h
index e650399e6..cd5b96033 100644
--- a/datapath-windows/ovsext/IpFragment.h
+++ b/datapath-windows/ovsext/IpFragment.h
@@ -37,6 +37,8 @@ typedef struct _OVS_IPFRAG_KEY {
 
 typedef struct _OVS_IPFRAG_ENTRY {
     NDIS_SPIN_LOCK lockObj;       /* To access the entry. */
+    BOOLEAN markedForDelete;
+    UINT8 numFragments;
     UINT16 totalLen;
     UINT16 recvdLen;
     UINT16 mru;
author	Anand Kumar <kumaranand@vmware.com>	2017-06-09 19:54:45 -0700
committer	Ben Pfaff <blp@ovn.org>	2017-07-10 11:14:55 -0700
commit	b34cd6119aa1ce50d910252202e5eaa13b5fce5e (patch)
tree	ed06dafb654091201a809284b306f3dfa31f23f1 /datapath-windows/ovsext/IpFragment.h
parent	ef666482cb8ab034a2aec3cec6ae07bd7b62136b (diff)
download	openvswitch-b34cd6119aa1ce50d910252202e5eaa13b5fce5e.tar.gz