diff options
author | Florin Coras <fcoras@cisco.com> | 2019-11-07 08:26:06 -0800 |
---|---|---|
committer | Andrew Yourtchenko <ayourtch@gmail.com> | 2019-12-03 21:43:25 +0000 |
commit | 9fcfcb0a9e9f4ec73ccfb3ed81b73f1a5517e41b (patch) | |
tree | 4af8729d8fbb61ce2a1d67ec18852985c9f014ea | |
parent | d6d0edbf055ecabdec289727cef08becd9aca9b8 (diff) |
tcp: fix ip check in lookup validation
Type: fix
Change-Id: Ia18632c8fe22bdcfdf3cb48a4234f8703a7ac1d7
Signed-off-by: Florin Coras <fcoras@cisco.com>
(cherry picked from commit 07df79150f15291af9793397d6182a4168c6bfc5)
-rwxr-xr-x | src/vnet/tcp/tcp_input.c | 28 |
1 files changed, 17 insertions, 11 deletions
diff --git a/src/vnet/tcp/tcp_input.c b/src/vnet/tcp/tcp_input.c index 08cea1e75d0..bc78b39cb52 100755 --- a/src/vnet/tcp/tcp_input.c +++ b/src/vnet/tcp/tcp_input.c @@ -2277,25 +2277,31 @@ tcp_lookup_is_valid (tcp_connection_t * tc, vlib_buffer_t * b, if (tc->c_lcl_port == 0 && tc->state == TCP_STATE_LISTEN) return 1; + u8 is_ip_valid = 0, val_l, val_r; - u8 is_ip_valid = 0; if (tc->connection.is_ip4) { ip4_header_t *ip4_hdr = (ip4_header_t *) vlib_buffer_get_current (b); - is_ip_valid = - (!(ip4_address_compare - (&ip4_hdr->src_address, &tc->connection.rmt_ip.ip4) - && ip4_address_compare (&ip4_hdr->dst_address, - &tc->connection.lcl_ip.ip4))); + + val_l = !ip4_address_compare (&ip4_hdr->dst_address, + &tc->connection.lcl_ip.ip4); + val_l = val_l || ip_is_zero (&tc->connection.lcl_ip, 1); + val_r = !ip4_address_compare (&ip4_hdr->src_address, + &tc->connection.rmt_ip.ip4); + val_r = val_r || tc->state == TCP_STATE_LISTEN; + is_ip_valid = val_l && val_r; } else { ip6_header_t *ip6_hdr = (ip6_header_t *) vlib_buffer_get_current (b); - is_ip_valid = - (!(ip6_address_compare - (&ip6_hdr->src_address, &tc->connection.rmt_ip.ip6) - && ip6_address_compare (&ip6_hdr->dst_address, - &tc->connection.lcl_ip.ip6))); + + val_l = !ip6_address_compare (&ip6_hdr->dst_address, + &tc->connection.lcl_ip.ip6); + val_l = val_l || ip_is_zero (&tc->connection.lcl_ip, 0); + val_r = !ip6_address_compare (&ip6_hdr->src_address, + &tc->connection.rmt_ip.ip6); + val_r = val_r || tc->state == TCP_STATE_LISTEN; + is_ip_valid = val_l && val_r; } u8 is_valid = (tc->c_lcl_port == hdr->dst_port |