From 2b1b51f1d7dd96f14b0af3b2663c33bc7ab67f63 Mon Sep 17 00:00:00 2001 From: Kevin Krakauer Date: Mon, 25 Nov 2019 08:35:09 -0800 Subject: Fix panic in sniffer. Packets written via SOCK_RAW are guaranteed to have network headers, but not transport headers. Check first whether there are enough bytes left in the packet to contain a transport header before attempting to parse it. PiperOrigin-RevId: 282363895 --- pkg/tcpip/link/sniffer/sniffer.go | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'pkg/tcpip/link/sniffer/sniffer.go') diff --git a/pkg/tcpip/link/sniffer/sniffer.go b/pkg/tcpip/link/sniffer/sniffer.go index 767f14303..3392b7edd 100644 --- a/pkg/tcpip/link/sniffer/sniffer.go +++ b/pkg/tcpip/link/sniffer/sniffer.go @@ -49,6 +49,13 @@ var LogPackets uint32 = 1 // LogPacketsToFile must be accessed atomically. var LogPacketsToFile uint32 = 1 +var transportProtocolMinSizes map[tcpip.TransportProtocolNumber]int = map[tcpip.TransportProtocolNumber]int{ + header.ICMPv4ProtocolNumber: header.IPv4MinimumSize, + header.ICMPv6ProtocolNumber: header.IPv6MinimumSize, + header.UDPProtocolNumber: header.UDPMinimumSize, + header.TCPProtocolNumber: header.TCPMinimumSize, +} + type endpoint struct { dispatcher stack.NetworkDispatcher lower stack.LinkEndpoint @@ -333,6 +340,13 @@ func logPacket(prefix string, protocol tcpip.NetworkProtocolNumber, b buffer.Vie return } + // We aren't guaranteed to have a transport header - it's possible for + // writes via raw endpoints to contain only network headers. + if minSize, ok := transportProtocolMinSizes[tcpip.TransportProtocolNumber(transProto)]; ok && len(b) < minSize { + log.Infof("%s %v -> %v transport protocol: %d, but no transport header found (possible raw packet)", prefix, src, dst, transProto) + return + } + // Figure out the transport layer info. transName := "unknown" srcPort := uint16(0) -- cgit v1.2.3