From 9782c7689f4071b29303c7869f96b4de2dea67fc Mon Sep 17 00:00:00 2001
From: Thomas Eizinger <thomas@eizinger.io>
Date: Tue, 5 Nov 2024 15:18:14 +1100
Subject: [PATCH] chore(connlib): discard packets from smoltcp if > MTU (#7262)

This should really never happen but is a defense in depth measure to
ensure we never attempt to send packets through the tunnel that are
larger than our interface MTU.

Raising a warning will alert us through Sentry in case this does happen.

---------

Signed-off-by: Thomas Eizinger <thomas@eizinger.io>
---
 rust/dns-over-tcp/src/stub_device.rs | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/rust/dns-over-tcp/src/stub_device.rs b/rust/dns-over-tcp/src/stub_device.rs
index ac3cc765b..7084fadd2 100644
--- a/rust/dns-over-tcp/src/stub_device.rs
+++ b/rust/dns-over-tcp/src/stub_device.rs
@@ -61,6 +61,15 @@ impl<'a> smoltcp::phy::TxToken for SmolTxToken<'a> {
     where
         F: FnOnce(&mut [u8]) -> R,
     {
+        let max_len = ip_packet::PACKET_SIZE;
+
+        if len > max_len {
+            tracing::warn!("Packets larger than {max_len} are not supported; len={len}");
+
+            let mut buf = Vec::with_capacity(len);
+            return f(&mut buf);
+        }
+
         let mut ip_packet_buf = IpPacketBuf::new();
         let result = f(ip_packet_buf.buf());