aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFlorin Coras <fcoras@cisco.com>2019-11-07 08:26:06 -0800
committerDave Barach <openvpp@barachs.net>2019-11-08 16:12:42 +0000
commit07df79150f15291af9793397d6182a4168c6bfc5 (patch)
treeb17677aa83dc51ae2eeb6f19d63b76702ea856d7
parent4f599850295162db48b81bcbf47983d46697d15f (diff)
tcp: fix ip check in lookup validation
Type: fix Change-Id: Ia18632c8fe22bdcfdf3cb48a4234f8703a7ac1d7 Signed-off-by: Florin Coras <fcoras@cisco.com>
-rwxr-xr-xsrc/vnet/tcp/tcp_input.c28
1 files changed, 17 insertions, 11 deletions
diff --git a/src/vnet/tcp/tcp_input.c b/src/vnet/tcp/tcp_input.c
index 08cea1e75d0..bc78b39cb52 100755
--- a/src/vnet/tcp/tcp_input.c
+++ b/src/vnet/tcp/tcp_input.c
@@ -2277,25 +2277,31 @@ tcp_lookup_is_valid (tcp_connection_t * tc, vlib_buffer_t * b,
if (tc->c_lcl_port == 0 && tc->state == TCP_STATE_LISTEN)
return 1;
+ u8 is_ip_valid = 0, val_l, val_r;
- u8 is_ip_valid = 0;
if (tc->connection.is_ip4)
{
ip4_header_t *ip4_hdr = (ip4_header_t *) vlib_buffer_get_current (b);
- is_ip_valid =
- (!(ip4_address_compare
- (&ip4_hdr->src_address, &tc->connection.rmt_ip.ip4)
- && ip4_address_compare (&ip4_hdr->dst_address,
- &tc->connection.lcl_ip.ip4)));
+
+ val_l = !ip4_address_compare (&ip4_hdr->dst_address,
+ &tc->connection.lcl_ip.ip4);
+ val_l = val_l || ip_is_zero (&tc->connection.lcl_ip, 1);
+ val_r = !ip4_address_compare (&ip4_hdr->src_address,
+ &tc->connection.rmt_ip.ip4);
+ val_r = val_r || tc->state == TCP_STATE_LISTEN;
+ is_ip_valid = val_l && val_r;
}
else
{
ip6_header_t *ip6_hdr = (ip6_header_t *) vlib_buffer_get_current (b);
- is_ip_valid =
- (!(ip6_address_compare
- (&ip6_hdr->src_address, &tc->connection.rmt_ip.ip6)
- && ip6_address_compare (&ip6_hdr->dst_address,
- &tc->connection.lcl_ip.ip6)));
+
+ val_l = !ip6_address_compare (&ip6_hdr->dst_address,
+ &tc->connection.lcl_ip.ip6);
+ val_l = val_l || ip_is_zero (&tc->connection.lcl_ip, 0);
+ val_r = !ip6_address_compare (&ip6_hdr->src_address,
+ &tc->connection.rmt_ip.ip6);
+ val_r = val_r || tc->state == TCP_STATE_LISTEN;
+ is_ip_valid = val_l && val_r;
}
u8 is_valid = (tc->c_lcl_port == hdr->dst_port