Fix bugs in fragment handling.

Strengthen the header.IPv4.IsValid check to correctly check for IHL/TotalLength fields. Also add a check to make sure fragmentOffsets + size of the fragment do not cause a wrap around for the end of the fragment. PiperOrigin-RevId: 274049313
author: Bhasker Hariharan <bhaskerh@google.com> 2019-10-10 15:13:39 -0700
committer: gVisor bot <gvisor-bot@google.com> 2019-10-10 15:14:55 -0700
commit: c7e901f47a09eaac56bd4813227edff016fa6bff (patch)
tree: 2f249032583fb43b92e24e89774ece0e542ec3e5 /pkg/tcpip/tcpip.go
parent: 065339193e4309a8c771ba88058c3b2d96c07e78 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/pkg/tcpip/tcpip.go b/pkg/tcpip/tcpip.go
index 60ba98a4c..444ac1a5b 100644
--- a/pkg/tcpip/tcpip.go
+++ b/pkg/tcpip/tcpip.go
@@ -853,6 +853,14 @@ type IPStats struct {
 	// OutgoingPacketErrors is the total number of IP packets which failed
 	// to write to a link-layer endpoint.
 	OutgoingPacketErrors *StatCounter
+
+	// MalformedPacketsReceived is the total number of IP Packets that were
+	// dropped due to the IP packet header failing validation checks.
+	MalformedPacketsReceived *StatCounter
+
+	// MalformedFragmentsReceived is the total number of IP Fragments that were
+	// dropped due to the fragment failing validation checks.
+	MalformedFragmentsReceived *StatCounter
 }
 
 // TCPStats collects TCP-specific stats.
author	Bhasker Hariharan <bhaskerh@google.com>	2019-10-10 15:13:39 -0700
committer	gVisor bot <gvisor-bot@google.com>	2019-10-10 15:14:55 -0700
commit	c7e901f47a09eaac56bd4813227edff016fa6bff (patch)
tree	2f249032583fb43b92e24e89774ece0e542ec3e5 /pkg/tcpip/tcpip.go
parent	065339193e4309a8c771ba88058c3b2d96c07e78 (diff)