From: Jason Ish <jason.ish@oisf.net>
Date: Wed, 12 Mar 2025 22:20:38 +0000 (-0600)
Subject: af-packet: warn if v3 block size is not large enough for defrag
X-Git-Tag: suricata-7.0.9~9
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=916ed7712182f111bf8b01a03b6fd1de94218fbe;p=thirdparty%2Fsuricata.git

af-packet: warn if v3 block size is not large enough for defrag

If using tpacket-v3 and defrag, warn if the block size is not large
enough for a fully defragmented packet.

Ticket: #7458
(cherry picked from commit 9f96975d556bbff999482d83c331b96566461cd1)
---

diff --git a/src/runmode-af-packet.c b/src/runmode-af-packet.c
index 063a7ec808..bee1ad5eb4 100644
--- a/src/runmode-af-packet.c
+++ b/src/runmode-af-packet.c
@@ -790,6 +790,15 @@ finalize:
                 iface, MAX_PACKET_SIZE);
     }
 
+    /* For tpacket-v3, warn if defrag is enabled and block-block-size
+     * is less than max defragmented packet size. */
+    if ((aconf->flags & AFP_TPACKET_V3) && (aconf->cluster_type & PACKET_FANOUT_FLAG_DEFRAG) &&
+            (aconf->block_size < MAX_PACKET_SIZE)) {
+        SCLogWarning("%s: AF_PACKET block-size is not large enough for max fragmented IP packet "
+                     "size (%u)",
+                iface, MAX_PACKET_SIZE);
+    }
+
     return aconf;
 }