summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFlorin Coras <fcoras@cisco.com>2019-11-07 08:26:06 -0800
committerAndrew Yourtchenko <ayourtch@gmail.com>2019-12-03 21:43:25 +0000
commit9fcfcb0a9e9f4ec73ccfb3ed81b73f1a5517e41b (patch)
tree4af8729d8fbb61ce2a1d67ec18852985c9f014ea
parentd6d0edbf055ecabdec289727cef08becd9aca9b8 (diff)
tcp: fix ip check in lookup validation
Type: fix Change-Id: Ia18632c8fe22bdcfdf3cb48a4234f8703a7ac1d7 Signed-off-by: Florin Coras <fcoras@cisco.com> (cherry picked from commit 07df79150f15291af9793397d6182a4168c6bfc5)
-rwxr-xr-xsrc/vnet/tcp/tcp_input.c28
1 files changed, 17 insertions, 11 deletions
diff --git a/src/vnet/tcp/tcp_input.c b/src/vnet/tcp/tcp_input.c
index 08cea1e75d0..bc78b39cb52 100755
--- a/src/vnet/tcp/tcp_input.c
+++ b/src/vnet/tcp/tcp_input.c
@@ -2277,25 +2277,31 @@ tcp_lookup_is_valid (tcp_connection_t * tc, vlib_buffer_t * b,
if (tc->c_lcl_port == 0 && tc->state == TCP_STATE_LISTEN)
return 1;
+ u8 is_ip_valid = 0, val_l, val_r;
- u8 is_ip_valid = 0;
if (tc->connection.is_ip4)
{
ip4_header_t *ip4_hdr = (ip4_header_t *) vlib_buffer_get_current (b);
- is_ip_valid =
- (!(ip4_address_compare
- (&ip4_hdr->src_address, &tc->connection.rmt_ip.ip4)
- && ip4_address_compare (&ip4_hdr->dst_address,
- &tc->connection.lcl_ip.ip4)));
+
+ val_l = !ip4_address_compare (&ip4_hdr->dst_address,
+ &tc->connection.lcl_ip.ip4);
+ val_l = val_l || ip_is_zero (&tc->connection.lcl_ip, 1);
+ val_r = !ip4_address_compare (&ip4_hdr->src_address,
+ &tc->connection.rmt_ip.ip4);
+ val_r = val_r || tc->state == TCP_STATE_LISTEN;
+ is_ip_valid = val_l && val_r;
}
else
{
ip6_header_t *ip6_hdr = (ip6_header_t *) vlib_buffer_get_current (b);
- is_ip_valid =
- (!(ip6_address_compare
- (&ip6_hdr->src_address, &tc->connection.rmt_ip.ip6)
- && ip6_address_compare (&ip6_hdr->dst_address,
- &tc->connection.lcl_ip.ip6)));
+
+ val_l = !ip6_address_compare (&ip6_hdr->dst_address,
+ &tc->connection.lcl_ip.ip6);
+ val_l = val_l || ip_is_zero (&tc->connection.lcl_ip, 0);
+ val_r = !ip6_address_compare (&ip6_hdr->src_address,
+ &tc->connection.rmt_ip.ip6);
+ val_r = val_r || tc->state == TCP_STATE_LISTEN;
+ is_ip_valid = val_l && val_r;
}
u8 is_valid = (tc->c_lcl_port == hdr->dst_port