Hello,

We recently saw a machine with Intel E810 cards stop transmitting and start printing "Malicious Driver Detection Tx Descriptor check event 'Packet too small or too big'" to the console. Some investigation showed a user application was incorrectly building packets over 9724 bytes and passing them via netmap to the ice driver.

We quickly avoided the MDD event by fixing the user application. However, I was surprised there appears to be no length checking when using netmap with iflib drivers.

Looking at iflib_netmap_txsync(), it assembles the set of fragments composing a packet and passes them to ctx->isc_txd_encap() aka ice_ift_txd_encap(). That function has an int return value and seems like an excellent place to compare the total packet length (in pi->ipi_len) against ICE_MAX_FRAME_SIZE. (In fact the ixl driver does this with MPASS().)

The issue is iflib_netmap_txsync() ignores the return code and always increments the nic_i pointer. I have made several attempts to modify this function to handle failures from isc_txd_encap but none have passed all my tests.

I wonder if there is a reasonable way to modify iflib_netmap_txsync() to drop fragments if isc_txd_encap returns an error code? I realize this code is in the fast path and should be kept to a minimum. However, this change would let the ice driver (and other iflib users) inspect packet sizes, avoid this class of MDD events, and keep the interface up and running.