af-packet: warn if v3 block size is not large enough for defrag

If using tpacket-v3 and defrag, warn if the block size is not large
enough for a fully defragmented packet.

Ticket: #7458
(cherry picked from commit 9f96975d556bbff999482d83c331b96566461cd1)

diff --git a/src/runmode-af-packet.c b/src/runmode-af-packet.c
index 063a7ec8084f8ab31f17ff16a93a835943208513..bee1ad5eb43d72b3f619280461f58baaf151a855 100644 (file)
--- a/src/runmode-af-packet.c
+++ b/src/runmode-af-packet.c
@@ -790,6 +790,15 @@ finalize:
                 iface, MAX_PACKET_SIZE);
     }
 
+    /* For tpacket-v3, warn if defrag is enabled and block-block-size
+     * is less than max defragmented packet size. */
+    if ((aconf->flags & AFP_TPACKET_V3) && (aconf->cluster_type & PACKET_FANOUT_FLAG_DEFRAG) &&
+            (aconf->block_size < MAX_PACKET_SIZE)) {
+        SCLogWarning("%s: AF_PACKET block-size is not large enough for max fragmented IP packet "
+                     "size (%u)",
+                iface, MAX_PACKET_SIZE);
+    }
+
     return aconf;
 }