From: Jason Ish <jason.ish@oisf.net>
Date: Wed, 12 Mar 2025 22:20:38 +0000 (-0600)
Subject: af-packet: warn if v3 block size is not large enough for defrag
X-Git-Tag: suricata-8.0.0-beta1~268
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9f96975d556bbff999482d83c331b96566461cd1;p=thirdparty%2Fsuricata.git

af-packet: warn if v3 block size is not large enough for defrag

If using tpacket-v3 and defrag, warn if the block size is not large
enough for a fully defragmented packet.

Ticket: #7458
---

diff --git a/src/runmode-af-packet.c b/src/runmode-af-packet.c
index 2f93a9b901..6537435f65 100644
--- a/src/runmode-af-packet.c
+++ b/src/runmode-af-packet.c
@@ -764,6 +764,15 @@ finalize:
                 iface, MAX_PACKET_SIZE);
     }
 
+    /* For tpacket-v3, warn if defrag is enabled and block-block-size
+     * is less than max defragmented packet size. */
+    if ((aconf->flags & AFP_TPACKET_V3) && (aconf->cluster_type & PACKET_FANOUT_FLAG_DEFRAG) &&
+            (aconf->block_size < MAX_PACKET_SIZE)) {
+        SCLogWarning("%s: AF_PACKET block-size is not large enough for max fragmented IP packet "
+                     "size (%u)",
+                iface, MAX_PACKET_SIZE);
+    }
+
     return aconf;
 }