From de6387aa0bed9e01c99e58a0f3e01f617bc7fe33 Mon Sep 17 00:00:00 2001 From: Laurent Vivier Date: Wed, 13 May 2026 13:52:17 +0200 Subject: tcp: Pass explicit data length to tcp_fill_headers() tcp_fill_headers() computed the TCP payload length from iov_tail_size(), but with vhost-user multibuffer frames, the iov_tail will be larger than the actual data. Pass the data length explicitly so that IP total length, pseudo-header, and checksum computations use the correct value. Signed-off-by: Laurent Vivier Reviewed-by: David Gibson Reviewed-by: Jon Maloy Signed-off-by: Stefano Brivio --- tcp.c | 4 ++-- tcp_buf.c | 3 ++- tcp_internal.h | 2 +- tcp_vu.c | 9 +++++---- 4 files changed, 10 insertions(+), 8 deletions(-) diff --git a/tcp.c b/tcp.c index 9ab67e5..34fdd83 100644 --- a/tcp.c +++ b/tcp.c @@ -939,6 +939,7 @@ static void tcp_fill_header(struct tcphdr *th, * @ip6h: Pointer to IPv6 header, or NULL * @th: Pointer to TCP header * @payload: TCP payload + * @dlen: TCP payload length * @ip4_check: IPv4 checksum, if already known * @seq: Sequence number for this segment * @no_tcp_csum: Do not set TCP checksum @@ -949,11 +950,10 @@ size_t tcp_fill_headers(const struct ctx *c, struct tcp_tap_conn *conn, struct ethhdr *eh, struct iphdr *ip4h, struct ipv6hdr *ip6h, struct tcphdr *th, struct iov_tail *payload, - const uint16_t *ip4_check, uint32_t seq, + size_t dlen, const uint16_t *ip4_check, uint32_t seq, bool no_tcp_csum) { const struct flowside *tapside = TAPFLOW(conn); - size_t dlen = iov_tail_size(payload); size_t l4len = dlen + sizeof(*th); uint8_t *omac = conn->f.tap_omac; size_t l3len = l4len; diff --git a/tcp_buf.c b/tcp_buf.c index a092cb3..efdd425 100644 --- a/tcp_buf.c +++ b/tcp_buf.c @@ -190,7 +190,8 @@ static void tcp_l2_buf_fill_headers(const struct ctx *c, else ip6h = iov[TCP_IOV_IP].iov_base; - l2len = tcp_fill_headers(c, conn, eh, ip4h, ip6h, th, &tail, check, seq, + l2len = tcp_fill_headers(c, conn, eh, ip4h, ip6h, th, &tail, + iov_tail_size(&tail), check, seq, no_tcp_csum); tap_hdr_update(taph, l2len); } diff --git a/tcp_internal.h b/tcp_internal.h index d940885..a0fa19f 100644 --- a/tcp_internal.h +++ b/tcp_internal.h @@ -187,7 +187,7 @@ size_t tcp_fill_headers(const struct ctx *c, struct tcp_tap_conn *conn, struct ethhdr *eh, struct iphdr *ip4h, struct ipv6hdr *ip6h, struct tcphdr *th, struct iov_tail *payload, - const uint16_t *ip4_check, uint32_t seq, + size_t dlen, const uint16_t *ip4_check, uint32_t seq, bool no_tcp_csum); int tcp_update_seqack_wnd(const struct ctx *c, struct tcp_tap_conn *conn, diff --git a/tcp_vu.c b/tcp_vu.c index d744ec7..b879435 100644 --- a/tcp_vu.c +++ b/tcp_vu.c @@ -138,7 +138,7 @@ int tcp_vu_send_flag(const struct ctx *c, struct tcp_tap_conn *conn, int flags) seq--; tcp_fill_headers(c, conn, eh, ip4h, ip6h, th, &payload, - NULL, seq, !*c->pcap); + optlen, NULL, seq, !*c->pcap); vu_pad(&flags_elem[0].in_sg[0], l2len); @@ -282,12 +282,13 @@ static ssize_t tcp_vu_sock_recv(const struct ctx *c, struct vu_virtq *vq, * @conn: Connection pointer * @iov: Pointer to the array of IO vectors * @iov_cnt: Number of entries in @iov + * @dlen: Data length * @check: Checksum, if already known * @no_tcp_csum: Do not set TCP checksum * @push: Set PSH flag, last segment in a batch */ static void tcp_vu_prepare(const struct ctx *c, struct tcp_tap_conn *conn, - struct iovec *iov, size_t iov_cnt, + struct iovec *iov, size_t iov_cnt, size_t dlen, const uint16_t **check, bool no_tcp_csum, bool push) { const struct flowside *toside = TAPFLOW(conn); @@ -331,7 +332,7 @@ static void tcp_vu_prepare(const struct ctx *c, struct tcp_tap_conn *conn, th->ack = 1; th->psh = push; - tcp_fill_headers(c, conn, eh, ip4h, ip6h, th, &payload, + tcp_fill_headers(c, conn, eh, ip4h, ip6h, th, &payload, dlen, *check, conn->seq_to_tap, no_tcp_csum); if (ip4h) *check = &ip4h->check; @@ -459,7 +460,7 @@ int tcp_vu_data_from_sock(const struct ctx *c, struct tcp_tap_conn *conn) check = NULL; previous_dlen = dlen; - tcp_vu_prepare(c, conn, iov, buf_cnt, &check, !*c->pcap, push); + tcp_vu_prepare(c, conn, iov, buf_cnt, dlen, &check, !*c->pcap, push); /* Pad first/single buffer only, it's at least ETH_ZLEN long */ l2len = dlen + hdrlen - VNET_HLEN; -- cgit v1.2.3