gvisor.dev/gvisor@v0.0.0-20240520182842-f9d4d51c7e0f/pkg/tcpip/network/internal/fragmentation/reassembler.go (about) 1 // Copyright 2018 The gVisor Authors. 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 package fragmentation 16 17 import ( 18 "math" 19 "sort" 20 21 "gvisor.dev/gvisor/pkg/sync" 22 "gvisor.dev/gvisor/pkg/tcpip" 23 "gvisor.dev/gvisor/pkg/tcpip/stack" 24 ) 25 26 type hole struct { 27 first uint16 28 last uint16 29 filled bool 30 final bool 31 // pkt is the fragment packet if hole is filled. We keep the whole pkt rather 32 // than the fragmented payload to prevent binding to specific buffer types. 33 pkt *stack.PacketBuffer 34 } 35 36 type reassembler struct { 37 reassemblerEntry 38 id FragmentID 39 memSize int 40 proto uint8 41 mu sync.Mutex 42 holes []hole 43 filled int 44 done bool 45 createdAt tcpip.MonotonicTime 46 pkt *stack.PacketBuffer 47 } 48 49 func newReassembler(id FragmentID, clock tcpip.Clock) *reassembler { 50 r := &reassembler{ 51 id: id, 52 createdAt: clock.NowMonotonic(), 53 } 54 r.holes = append(r.holes, hole{ 55 first: 0, 56 last: math.MaxUint16, 57 filled: false, 58 final: true, 59 }) 60 return r 61 } 62 63 func (r *reassembler) process(first, last uint16, more bool, proto uint8, pkt *stack.PacketBuffer) (*stack.PacketBuffer, uint8, bool, int, error) { 64 r.mu.Lock() 65 defer r.mu.Unlock() 66 if r.done { 67 // A concurrent goroutine might have already reassembled 68 // the packet and emptied the heap while this goroutine 69 // was waiting on the mutex. We don't have to do anything in this case. 70 return nil, 0, false, 0, nil 71 } 72 73 var holeFound bool 74 var memConsumed int 75 for i := range r.holes { 76 currentHole := &r.holes[i] 77 78 if last < currentHole.first || currentHole.last < first { 79 continue 80 } 81 // For IPv6, overlaps with an existing fragment are explicitly forbidden by 82 // RFC 8200 section 4.5: 83 // If any of the fragments being reassembled overlap with any other 84 // fragments being reassembled for the same packet, reassembly of that 85 // packet must be abandoned and all the fragments that have been received 86 // for that packet must be discarded, and no ICMP error messages should be 87 // sent. 88 // 89 // It is not explicitly forbidden for IPv4, but to keep parity with Linux we 90 // disallow it as well: 91 // https://github.com/torvalds/linux/blob/38525c6/net/ipv4/inet_fragment.c#L349 92 if first < currentHole.first || currentHole.last < last { 93 // Incoming fragment only partially fits in the free hole. 94 return nil, 0, false, 0, ErrFragmentOverlap 95 } 96 if !more { 97 if !currentHole.final || currentHole.filled && currentHole.last != last { 98 // We have another final fragment, which does not perfectly overlap. 99 return nil, 0, false, 0, ErrFragmentConflict 100 } 101 } 102 103 holeFound = true 104 if currentHole.filled { 105 // Incoming fragment is a duplicate. 106 continue 107 } 108 109 // We are populating the current hole with the payload and creating a new 110 // hole for any unfilled ranges on either end. 111 if first > currentHole.first { 112 r.holes = append(r.holes, hole{ 113 first: currentHole.first, 114 last: first - 1, 115 filled: false, 116 final: false, 117 }) 118 } 119 if last < currentHole.last && more { 120 r.holes = append(r.holes, hole{ 121 first: last + 1, 122 last: currentHole.last, 123 filled: false, 124 final: currentHole.final, 125 }) 126 currentHole.final = false 127 } 128 memConsumed = pkt.MemSize() 129 r.memSize += memConsumed 130 // Update the current hole to precisely match the incoming fragment. 131 r.holes[i] = hole{ 132 first: first, 133 last: last, 134 filled: true, 135 final: currentHole.final, 136 pkt: pkt.IncRef(), 137 } 138 r.filled++ 139 // For IPv6, it is possible to have different Protocol values between 140 // fragments of a packet (because, unlike IPv4, the Protocol is not used to 141 // identify a fragment). In this case, only the Protocol of the first 142 // fragment must be used as per RFC 8200 Section 4.5. 143 // 144 // TODO(gvisor.dev/issue/3648): During reassembly of an IPv6 packet, IP 145 // options received in the first fragment should be used - and they should 146 // override options from following fragments. 147 if first == 0 { 148 if r.pkt != nil { 149 r.pkt.DecRef() 150 } 151 r.pkt = pkt.IncRef() 152 r.proto = proto 153 } 154 break 155 } 156 if !holeFound { 157 // Incoming fragment is beyond end. 158 return nil, 0, false, 0, ErrFragmentConflict 159 } 160 161 // Check if all the holes have been filled and we are ready to reassemble. 162 if r.filled < len(r.holes) { 163 return nil, 0, false, memConsumed, nil 164 } 165 166 sort.Slice(r.holes, func(i, j int) bool { 167 return r.holes[i].first < r.holes[j].first 168 }) 169 170 resPkt := r.holes[0].pkt.Clone() 171 for i := 1; i < len(r.holes); i++ { 172 stack.MergeFragment(resPkt, r.holes[i].pkt) 173 } 174 return resPkt, r.proto, true /* done */, memConsumed, nil 175 } 176 177 func (r *reassembler) checkDoneOrMark() bool { 178 r.mu.Lock() 179 prev := r.done 180 r.done = true 181 r.mu.Unlock() 182 return prev 183 }