MEDIUM: netscaler: do not analyze original IP packet size Original informations about the client are stored in the CIP encapsulated IP header, hence there is no need to consider original IP packet length to determine if data are missing. Instead this change detect missing data if the remaining buffer is large enough to contain a minimal IP and TCP header and if the buffer has as much data as CIP is telling.

commit: a341a2f479745adb486b153af61958f35f5612b0 [log] [tgz]
author: Bertrand Jacquin <jacquinb@amazon.com> Wed Dec 13 01:29:56 2017 +0000
committer: Willy Tarreau <w@1wt.eu> Wed Dec 20 07:04:07 2017 +0100
tree: ea6c85914b8eabe76f8556ed5ddaa16b22737fae
parent: 67de5a295c9f4693f0c65d69fed67a3618bee6dd [diff]
diff --git a/src/connection.c b/src/connection.c
index 8d2fb77..58bf4a5 100644
--- a/src/connection.c
+++ b/src/connection.c

@@ -763,7 +763,7 @@
 
 		hdr_ip4 = (struct ip *)line;
 
-		if (trash.len < (ntohs(hdr_ip4->ip_len) + 20)) {
+		if (trash.len < 40 || trash.len < hdr_len) {
 			/* Fail if buffer length is not large enough to contain
 			 * IPv4 header, TCP header */
 			goto missing;
@@ -793,7 +793,7 @@
 
 		hdr_ip6 = (struct ip6_hdr *)line;
 
-		if (trash.len < 60) {
+		if (trash.len < 60 || trash.len < hdr_len) {
 			/* Fail if buffer length is not large enough to contain
 			 * IPv6 header, TCP header */
 			goto missing;
commit	a341a2f479745adb486b153af61958f35f5612b0	[log] [tgz]
author	Bertrand Jacquin <jacquinb@amazon.com>	Wed Dec 13 01:29:56 2017 +0000
committer	Willy Tarreau <w@1wt.eu>	Wed Dec 20 07:04:07 2017 +0100
tree	ea6c85914b8eabe76f8556ed5ddaa16b22737fae
parent	67de5a295c9f4693f0c65d69fed67a3618bee6dd [diff]